![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 69%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EF%3C/text%3E%3C/svg%3E)
Azure Virtual WAN
An Azure virtual networking service that provides optimized and automated branch-to-branch connectivity.
186 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 36%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
A site-to-site IPsec connection coming into a Virtual WAN’s VPN terminates on the VPN gateway instances inside a virtual hub. A site-to-site connection represents the connectivity between the VPN site and the Azure VPN gateway. It consists of one or more link connections. Each link connection consists of two tunnels with each tunnel terminating on a unique instance of the Azure Virtual WAN VPN gateway. Up to four link connections can be set up in the site-to-site connection, which makes it possible to have up to eight tunnels within a site-to-site connection. Azure supports up to 2000 tunnels terminating inside a single Virtual WAN VPN gateway.
Virtual HUB VPN uses ECMP (equal cost multi-path routing) across all terminating tunnels. So it sees all the routes as equal cost paths by default and divides the traffic equally between them from Azure to on-premise. However, it can be weighted between them if you use BGP for routing and use BGP parameters.
Branch devices that provide path selection can enable appropriate policy in the branch management solution to steer traffic across multiple links to Azure. For example, the ISP 1 link can be used for higher priority traffic and the ISP 2 link can be used as backup. So BGP parameters on-premise can be used for setting preference between the VWAN links and using this once the active connection comes up, it can be preferred. Hope this answers your questions. Thank you!
Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.