Originally posted @ Lucian.Blog. Follow Lucian on twitter @Lucianfrango.
I’ve been working a lot with Azure virtual network (VNET) virtual private network (VPN) gateways of late. The project I’m working on at the moment requires two sites to connect to a multi-site dynamic routing VPN gateway in Azure. This is for redundancy when connecting to the Azure cloud as there is a dedicated link between the two branch sites.
Setting up a multi-site VPN is a relatively streamlined process and Matt Davies has written a great article on how to run through that process via the Azure portal on the Kloud blog.
The Azure portal and some of the Azure documentation is a little confusing in the wording related to gateway sizes and SKU’s. There is a basic, standard and high performance gateway. However, in the preview portal you find:
What are all these gateways and what SKU will I be billed?
Static routing gateway
A static routing gateway connects a VNET to a single site or on-premises network. This type of gateway is also known as policy based VPN gateway. Previously the distinction between a static routing gateway and a dynamic routing gateway was confusing. I wrote a blog about how I helped improve the documentation around Azure VPN gateways.
Dynamic routing basic gateway
A basic gateway is actually harder to figure out than what you would think. Detailed via Microsoft articles don’t mention a basic gateway other than the pricing for one being $0.0365 per hour or ~$28.00 per month. I asked the program managers at Microsoft the question and feedback received was that a static routing gateway provision on a VNET is considered a basic gateway. After discussions with the Microsoft Azure networking program managers, the team have updated the official documentation to clear things up. A basic gateway now is still a dynamic routing gateway (route based gateway) which does not have Express Route support.
Dynamic routing standard gateway
A standard gateway or a small gateway as shown in the preview portal is the most common gateway provisioned. A standard gateway allows for 100Mbps VPN throughput, 1000Mbps Expressroute throughput, up to 10 concurrent VPN tunnels, $0.1918 per hour or ~$143.00 per month subscription + data transfer fees and a SLA of 99.9% update. A standard gateway also is known as a dynamic routing gateway. Express route is available as a standard feature.
Dynamic routing high performance gateway
A high performance gateway or a small gateway as shown in the preview portal offers created capacity and performance over a standard gateway. A ‘highperformance’ gateway SKU allows for 200Mbps VPN throughput, 2000Mbps Expressroute throughput, up to 30 concurrent VPN tunnels, $0.4945 per hour or ~$369.00 per month subscription + data transfer fees and a SLA of 99.9% update. Furthermore, a high performance gateway is also a dynamic routing gateway only with more throughput and you guessed it captain obvious- higher performance.
I’ve asked, through the Azure Advisors: Portal Advisors Yammer community, the Azure portal team why the gateway size is always SMALL. For now I’ve not heard any feedback but as soon as I do, i’ll post here!
Azure portal
To find the gateway SKU in the Azure portal, go to… NOPE! You can’t do that here.
Azure preview portal
In the Azure preview portal you see the SKU, though it does call the gateway either small or well, small. To find out, navigate to:
- Browse all
- Virtual networks (classic)
- Select the VNET
- Select the gateway
- Look at the gateway properties
- The third line down is SIZE
- You will either have a size SMALL
- I haven’t been able to provision anything other than a SMALL gateway in the preview portal
Powershell
Managing a gateway is a more streamlined process via Powershell. You can not only create and remove a gateway, but you can also upgrade a gateway from default or standard to high performance, as well as change the gateway type from “staticrouting” to “dynamicrouting”.
To create a gateway:
To upgrade a gateway from a standard SKU to a highperformance SKU:
In summary
VNET gateway SKUs and information could be a little more clearer. I found it confusing when staring down the rabbit hole. I hope this information makes it a little more easy to understand. Thanks for reading,
-Lucian
Originally posted @ Lucian.Blog. Follow Lucian on twitter @Lucianfrango.
Hi Lucian
Thank you very much for this article!
I think one point is wrong. We have a few subscriptions with gateways setup as dynamic gateways. An they cost around 28$ a month. So from my point of view itis not ture that a basic gateway must be static.
Hi Heto14,
Ive had the information clarified by the engineer team that work on and build Azure networking components via the Azure Network Advisors Yammer group.
The wording in the Microsoft KB articles, here http://azure.microsoft.com/en-us/pricing/details/vpn-gateway/ and here https://azure.microsoft.com/en-us/documentation/articles/vpn-gateway-about-vpngateways/, is rather confusing, hence why i sourced the info and wrote the blog post.
Hi Lucian,
Can you get this checked again. The current info on the About VPN Gateways page appears to be in conflict with what the engineers told you. The Basic gateway is clearly shown as supporting up to 10 IPSEC VPN tunnels which is only possible with dynamic routing.
Also when creating a gateway in the preview portal it now allows you to select Default, Standard or High Performance. There is a separate toggle to switch between static or dynamic routing.
Hi Chris,
When i initially published this over a month ago, after speaking with the engineer team, the documentation was confusing and rather incomplete.
I relayed the information as it was made available to me.
A couple of weeks ago Cheryl’s updated the official doco’s: https://azure.microsoft.com/en-us/documentation/articles/vpn-gateway-about-vpngateways/
I appreciate the heads up and I’ll update the blog post.
Cheryl’s added specific reference to policy based gateways and their district separation from route based gateway tiers: basic, standard and performance.
Cheers,
Lucian
Hi Chris,
Post updated!
Thanks again for the heads up,
Cheers,
Lucian
Hi,
You may want to correct MBps to Mbps.