Why and When to use VNet Peering vs VPN Gateway

Virtual Network is basic network service in Azure. Every virtual machine you create in azure is seats in one virtual network. In ASM old fashion it was possible to deploy virtual machine without virtual network but in latest ARM model you first need to create virtual network. Virtual Network is basic fundamental block of azure network. You can create multiple subnets in one virtual network to divide virtual network. By default two Virtual Machine can communicate internally in VNet using private IP. But when we talk about communication between 2 Virtual Network it always goes with different options. Today In this blog I will explain some basics of different options to connect 2 or more virtual networks.

Virtual Network is crucial part of your Azure Network. It’s all about Isolation, accessibility and security. There are two options to connect Virtual Network

  • Virtual Network Peering
  • VPN Gateway

VNet Peering

Using VNet Peering you can connect two Azure Virtual Networks. Once you are done with peering it will appear as one virtual Network. Over private IP you can communicate between peered virtual network. You don’t need public IP to communicate over peered Virtual network. Every communication between peered VNet will be routed through Microsoft Backbone. It’s not on public internet so it’s more secure.

While designing Vnet peering you need to consider cost for Egress (Outbound) and Ingress (Inbound).

Microsoft has newly provided features to connect Virtual Network across the region. It’s called Global Virtual Network peering.

  1. Vnet Peering (Connect Vnet in same Region )
  2. Global Vnet Peering (Connect Vnet across Azure Region)

Important points of Vnet Peering

  1. VNet Peering provides Low Latency as it use Microsoft backbone infrastructure.
  2. Its with High bandwidth connection.
  3. As its with private network then Its more secure.
  4. Global Vnet Peering is not Transitive ( If Vnet1 from Region1 is connected to Vnet2 in Region2 and Vnet2 is connected to Vnet3 in Region2 still Vnet1 and Vnet3 can’t communicate)

VPN Gateway

VPN Gateway is Vnet Gateway which allow to connect with On-Premises virtual Network on public internet. But you can create only one VPN Gateway on one Virtual Network. There are some advantages and limitation of VPN gateway we will look into it in below section.

Important points of VPN Gateway

  1. Limited bandwidth.
  2. Encryption
  3. Transitivity is possible if VNetA , VNetB and VNetC are connected via VPN gateway and BGP (Border Gateway Protocol) is enable.

When there is requirement of Data Replication , database failover and frequent backups in this case customer need to go with Vnet Peering and it will get low latency. In case of encryption requirement but also fine with Latency issue then customer can go with VPN Gateway.

Differences In simple forms

Is this Cross Region / Azure Tenant / Subscription support ?

Vnet Peering – > Yes via Global VNet Peering.

VPN Gateway -> Yes

Any Limitations ?

Vnet Peering – > Maximum 500 Vnet connection in one Vnet

VPN Gateway -> Each Vnet can have one VPN Gateway

Pricing ?

Vnet Peering – > Ingress and Egress both are charged.

VPN Gateway -> Gateway and Egress charged

Bandwidth Limitation ?

Vnet Peering – > No bandwidth limits as it use Microsoft backbone Infrastructure.

VPN Gateway -> Depends on Type of Gateway.

Transitive Relationship ?

Vnet Peering – > Not possible

VPN Gateway -> Possible if BGP is enabled.

This was all basic explanation about VNet Peering and VPN Gateway, I always love to hear from you. You can share your feedback on my email.