Azure Digital WAN now helps complete mesh protected hub connectivity

In Might 2023, we introduced the overall availability of Routing intent and routing insurance policies for all Digital WAN consumers. This selection is powered via the Digital WAN routing infrastructure and allows Azure Firewall consumers to arrange insurance policies for personal and web site visitors. We also are extending the similar routing functions to all Firewall answers deployed inside of Azure Digital WAN together with Community Digital Home equipment and software-as-a-service (SaaS) answers that offer Firewall functions.

Routing Intent additionally completes two secured hub use instances during which customers can protected site visitors between Digital WAN hubs in addition to check up on site visitors between other on-premises (department/ExpressRoute/SD-WAN) that transits via Digital WAN hubs.

Azure Digital WAN (vWAN), networking-as-a-service, brings networking, safety, and routing functionalities in combination to simplify networking in Azure. Comfortably of use and straightforwardness inbuilt, vWAN is a one-stop store to glue, give protection to, path site visitors, and observe your broad house community.

On this weblog, we can first describe routing intent use instances, product reports, and summarize with some further issues and assets for the use of routing intent with Digital WAN.

Use instances for Digital WAN

You’ll be able to use Routing Intent to engineer site visitors inside of Digital WAN in a couple of tactics. Listed below are the principle use instances:

Follow routing insurance policies for Digital Networks and on-premises

Consumers enforcing hub-and-spoke community architectures with huge numbers of routes steadily to find their networks exhausting to know, take care of, and troubleshoot. In Digital WAN, those routes may also be simplified for site visitors between Azure Digital Networks and on-premises (ExpressRoute, VPN, and SD-WAN).

Digital WAN makes this more uncomplicated for purchasers via permitting consumers to configure easy and declarative non-public routing insurance policies. It’s assumed that personal routing insurance policies shall be implemented for all Azure Digital Networks and on-premises networks attached to Digital WAN. Additional customizations for Digital Community and on-premises prefixes are lately no longer supported. Personal routing insurance policies instruct Digital WAN to program the underlying Digital WAN routing infrastructure to allow transit between two other on-premises (1) by the use of a safety resolution deployed within the Digital Hub. It additionally allows site visitors transiting between two Azure Digital Networks (2) or between an Azure Digital Community and an on-premises endpoint (3) by the use of a safety resolution deployed within the Digital Hub. The similar site visitors use instances are supported for Azure Firewall, Community Digital Home equipment, and software-as-a-service answers deployed within the hub.

This image shows a diagram of a single Virtual WAN Hub secured with an integrated security solution. The diagram also shows traffic flows between Virtual Networks and on-premises. — Determine 1: Diagram of a Digital Hub appearing pattern non-public site visitors flows (between on-premises and Azure).

Follow routing insurance policies for web site visitors

Digital WAN means that you can arrange routing insurance policies for web site visitors so as to put it up for sale a default (0.0.0.0/0) path on your Azure Digital Networks and on-premises. Web site visitors routing configurations mean you can configure Azure Digital Networks and on-premises networks to ship web outbound site visitors (1) to safety home equipment within the hub. You’ll be able to additionally leverage Vacation spot-Community Cope with Translation (DNAT) options of your safety equipment if you wish to supply exterior customers get right of entry to to packages in an Azure Digital Community or on-premises (2).

This image shows a diagram of a single Virtual WAN hub with an integrated security solution. The diagram also shows traffic flows for Destination Network Address Translation and Internet-outbound use cases. — Determine 2: Diagram of a Digital Hub appearing web outbound and inbound DNAT site visitors flows.

Follow routing insurance policies for inter-hub cross-region site visitors

Digital WAN mechanically deploys all Digital Hubs throughout your Digital WAN in a complete mesh, offering zero-touch any-to-any connectivity region-to-region and hub-to-hub the use of the Microsoft international spine. Routing insurance policies program Digital WAN to check up on inter-hub and inter-region site visitors between two Azure Digital Networks (1), between two on-premises (2), and between Azure Digital Networks and on-premises (3) attached to other hubs. Each and every packet getting into or leaving the hub is routed to the safety resolution deployed within the Digital Hub prior to being routed to its ultimate vacation spot.

This image shows a diagram of two Virtual WAN hubs, each with an integrated security solution. The diagram also shows inter-region and inter-hub secure hub use cases. — Determine 3: Diagram of inter-region and inter-hub site visitors flows inspected via safety answers within the hub.

Consumer revel in for routing intent

To make use of routing intent, navigate on your Digital WAN hub. Underneath Routing, choose Routing Intent and routing insurance policies.

Configure an Web or Personal Routing Coverage to ship site visitors to a safety resolution deployed within the hub via deciding on the following hop sort (Azure Firewall, Community Digital Equipment, or SaaS resolution) and corresponding subsequent hop useful resource.

This image is a screenshot of the user experience of configuring routing intent and policies through Virtual WAN Portal. The hub is configured to send Internet and Private traffic via Azure Firewall. — Determine 4: Instance configuration of routing intent with each Personal and Web routing coverage in Digital WAN Portal.

Azure Firewall consumers too can configure routing intent the use of Azure Firewall Supervisor via enabling the âinter-hubâ surroundings.

This image is a screenshot of the user experience of configuring routing intent and policies through Azure Firewall Manager. The inter-hub setting is toggled to Enabled. — Determine 5: Enabling Routing Intent via Azure Firewall Supervisor.

After configuring routing intent, you’ll be able to view the efficient routes of the safety resolution via navigating on your Digital Hub, then choose Routing, and click on Efficient Routes. The efficient routes of the safety resolution supply further visibility to troubleshoot how Digital WAN routes site visitors that has been inspected via the Digital hubâs safety resolution.

The image is a screenshot of the output when you view the effective routes on Azure Firewall. The screenshot shows a list of routes that — Determine 6: View of having the efficient routes on a safety resolution deployed within the hub.

Earlier than you get began with this option, listed here are some key issues:

The function caters to customers that imagine Digital Community and on-premises site visitors as non-public site visitors. Digital WAN applies non-public routing insurance policies to all Digital Networks and on-premises site visitors.
Routing intent is mutually unique with customized routing and static routes within the âdefaultRouteTableâ pointing to Community Digital Equipment (NVA) deployed in a Digital Community spoke attached to Digital WAN. Consequently, use instances the place customers are the use of customized path tables or NVA-in-spoke use instances don’t seem to be appropriate.
Routing Intent advertises prefixes similar to all connections to Digital WAN against on-premises networks. Customers would possibly use Path Maps to summarize and combination routes and clear out according to outlined fit prerequisites.

Be told extra about Azure Digital WAN

We stay up for proceeding to construct out Azure Digital WAN and including extra functions someday. We inspire you to take a look at out the Routing Intent function in Azure Digital WAN and stay up for listening to extra about your reports to include your comments into the product.