Module 2bc - Exploring Azure Core Products - Networking, VPN Gateway Specs and Requirements

Question 1

Hint: workloads and migration limitations

What two (2) things are special about VPN Gateway Basic?

Answer 1

• It should only be used for Dev/Test workloads
• You CANNOT migrate from Basic to w1/w2/w3 SKUs without removing the Gateway and redeploying…)

Question 2

What are specs for VPN Gateway Basic?

• S2S/N2N Tunnels?
• Throughput Benchmark?
• BGP Support?

Answer 2

Site-to-site/Network-to-network tunnels: 10 Max

Aggregate throughput benchmark: 100 Mbps

NO Border Gateway Protocol (BGP) support.

Question 3

What are specs for VPN Gateway VpnGw1/Az?

• S2S/N2N Tunnels?
• Throughput Benchmark?
• BGP Support?

Answer 3

Site-to-site/Network-to-network tunnels: 30 Max

Aggregate throughput benchmark: 650 Mbps

Supports Border Gateway Protocol (BGP)

Question 4

What are specs for VPN Gateway VpnGw2/Az?

• S2S/N2N Tunnels?
• Throughput Benchmark?
• BGP Support?

Answer 4

Site-to-site/Network-to-network tunnels: 30 Max

Aggregate throughput benchmark: 1 Gbps

Supports Border Gateway Protocol (BGP)

Question 5

What are specs for VPN Gateway VpnGw3/Az?

• S2S/N2N Tunnels?
• Throughput Benchmark?
• BGP Support?

Answer 5

Site-to-site/Network-to-network tunnels: 30 Max

Aggregate throughput benchmark: 1.25 Gbps

Supports Border Gateway Protocol (BGP)

Question 6

There are SIX (6) required Resources for deploying a VPN Gateway…what are they?

Answer 6

1. Virtual Network
2. A SubNet named “GatewaySubNet”:
3. Public IP Address
4. Local Network Gateway
5. Virtual Network Gateway
6. Connection

Question 7

Hint: 2 things

How should a Virtual Network be set up to support a VPN Gateway?

Answer 7

The AVN should be set up as follows:

• Should have enough address space for the additional SubNet (requirement #2)
• Should not overlap in IP Address Space (since you can only deploy ONE Gateway within a VNet)

Question 8

How should a SubNet be set up to support a VPN Gateway?

Answer 8

Give it a SubNet named “GatewaySubNet”: you literally need a SubNet named this.

It also requires at least a /27 address mask (5 bits) which CANNOT be used by other services

Question 9

How should a Public IP Address be set up to support a VPN Gateway?

Answer 9

This is the public target for your On-Prem VPN devices. So it just needs to be public~

Question 10

How is a Local Network Gateway used to support a VPN Gateway?

Answer 10

Used by VPN Gateways to define the On-Prem network’s configs, like where and what it will connect to

Question 11

How does a Virtual Network Gateway support a VPN Gateway? What two options do you have as a base for the VNG?

Answer 11

This routes traffic between the VNet (requirement #1) and other On-Prem datacenters or other VNets

VNGs can be either a VPN or ExpressRoute Gateway.

Question 12

What does the Connection do to support a VPN Gateway? What IP Addresses does it connect between?

Answer 12

The Connection Resource is the logical connection between requirement #4 (the LNG) and requirement #5 (the VNG).

The connection is made:

• FROM the On-Prem Device’s IP
• TO the VNet Gateway and its Public IP Address (#3)