Information About Azure Transit VNET DMVPN Solution
Overview of Transit VNet
A transit VNet is a common strategy to connect multiple, geographically disperse VNet and remote networks. Enabling transit VNet simplifies network management and minimizes the number of connections required to connect multiple VNets and remote networks.
Microsoft Azure VNets leverage Virtual Network (VNet) peering to establish communication between VNETs. Microsoft Azure Transit VNet, also known as Gateway Transit, is a centralized vNET connecting multiple spoke VNets.
The Cisco Transit VNet solution on Azure uses two CSR 1000v routers that act as the DMVPN Hubs in the active/active mode. The spoke VNets also have a Cisco CSR 1000v acting as the DMVPN Spoke that connects to both the CSR 1000v devices in the transit VNet through EIGRP or BGP as the overlay routing. This solution does not require manual configuration and is completely automated. Once you deploy this solution and configure the essential parameters, the solution automatically creates dynamic spoke-to-spoke IPsec tunnels in an on-demand fashion.
Once the CSR 1000v devices are created, the guestshell scripts are triggered, which run the configuration setup. The scripts configure the CSR Hub and then the necessary information that is associated with the storage account is saved. You should then deploy the Spokes with the necessary configuration to connect the Spokes to the Hub.
The following preconfigured deployments are available as a part of this solution:
-
Transit VNet DMVPN all-CSR Hub Template
-
Transit VNet DMVPN all-CSR Spoke with 2,4 and 8 NICs
For more information, see the DMVPN Configuration Guide.
Benefits of using the transit VNet solution
- Higher IPsec throughput of transit-VNet (two Cisco CSR1000v devices in active/active state)
- Connects multiple VNETs spanning globally, across regions, subscriptions, etc.
- Dynamic Spoke-to-Spoke IPsec tunnel reduces billing charges, as the traffic can now flow directly between one spoke VNet to another without having to traverse the Transit-Hub VNet.
- Seamlessly connects to MultiCloud and Hybrid Cloud topologies with DMVPN as the Overlay.
- Support for up to 1000 IPsec tunnels
- End-to-End encryption is possible from spoke-VNet to another spoke-VNet or to remote branch or on-premise locations
- Enhances the cloud with Cisco IOS XE feature set that includes, QoS, ZBFW, NAT, AVC
Prerequisites for Deploying the Transit VNet Solution
-
You must have an Azure account for your CSR 1000v devices.
-
Ensure that your licenses are registered and valid.
-
Ensure that the hub is up and running before you configure the spokes.