Lucian
Franghiu

Hi, i'm Lucian and on this blog I share my experiences, thoughts and opinions in long form on life in the blue cloud. I'm a Cloud Solution Architect, specialising in Azure infrastructure, at Microsoft, in Sydney, Australia.

Azure VNET gateway: basic, standard and high performance

/0028
4min read

I’ve been working allot with Azure virtual network (VNET) virtual private network (VPN) gateways of late. The project I’m working on at the moment requires two sites to connect to a multi-site dynamic routing VPN gateway in Azure. This is for redundancy when connecting to the Azure cloud as there is a dedicated link between the two branch sites.

Setting up a multi-site VPN is a relatively streamlined process and Matt Davies has written a great article on how to run through that process via the Azure portal on the Kloud blog.

The Azure portal and some of the Azure documentation is a little confusing in the wording related to gateway sizes and SKU’s. There is a basic, standard and high performance gateway. However, in the preview portal you find:

Azure gateway

What are all these gateways and what SKU will I be billed?

Static routing gateway

A static routing gateway connects a VNET to a single site or on-premises network. This type of gateway is also known as policy based VPN gateway. Previously the distinction between a static routing gateway and a dynamic routing gateway was confusing. I wrote a blog about how I helped improve the documentation around Azure VPN gateways.

Dynamic routing basic gateway

A basic gateway is actually harder to figure out than what you would think. Detailed via Microsoft articles don’t mention a basic gateway other than the pricing for one being $0.0365 per hour or ~$28.00 per month. I asked the program managers at Microsoft the question and feedback received was that a static routing gateway provision on a VNET is considered a basic gateway. After discussions with the Microsoft Azure networking program managers, the team have updated the official documentation to clear things up. A basic gateway now is still a dynamic routing gateway (route based gateway) which does not have Express Route support.

Dynamic routing standard gateway

A standard gateway or a small gateway as shown in the preview portal is the most common gateway provisioned. A standard gateway allows for 100MBps VPN throughput, 1000MBps Expressroute throughput, up to 10 concurrent VPN tunnels, $0.1918 per hour or ~$143.00 per month subscription + data transfer fees and a SLA of 99.9% update. A standard gateway also is known as a dynamic routing gateway. Express route is available as a standard feature.

Dynamic routing high performance gateway

A high performance gateway or a small gateway as shown in the preview portal offers created capacity and performance over a standard gateway. A ‘highperformance’ gateway SKU allows for 200MBps VPN throughput, 2000MBps Expressroute throughput, up to 30 concurrent VPN tunnels, $0.4945 per hour or ~$369.00 per month subscription + data transfer fees and a SLA of 99.9% update. Furthermore, a high performance gateway is also a dynamic routing gateway only with more throughput and you guessed it captain obvious- higher performance.

I’ve asked, through the Azure Advisors: Portal Advisors Yammer community, the Azure portal team why the gateway size is always SMALL. For now I’ve not heard any feedback but as soon as I do, i’ll post here!

Azure portal

To find the gateway SKU in the Azure portal, go to… NOPE! You can’t do that here.

Azure preview portal

In the Azure preview portal you see the SKU, though it does call the gateway either small or well, small. To find out, navigate to:

  • Browse all
  • Virtual networks (classic)
  • Select the VNET
  • Select the gateway
  • Look at the gateway properties
    • The third line down is SIZE
    • You will either have a size SMALL
      • I haven’t been able to provision anything other than a SMALL gateway in the preview portal

Powershell

Managing a gateway is a more streamlined process via Powershell. You can not only create and remove a gateway, but you can also upgrade a gateway from default or standard to high performance, as well as change the gateway type from “staticrouting” to “dynamicrouting”.

To create a gateway:

New-AzureVNetGateway –VNetName "MyAzureVNet" –GatewayType "DynamicRouting" –GatewaySKU "HighPerformance"

To upgrade a gateway from a standard SKU to a highperformance SKU:

Resize-AzureVNetGateway –VNetName "MyAzureVNet" –GatewaySKU "HighPerformance"
Resize-AzureVNetGateway –VNetName "MyAzureVNet" –GatewaySKU "Default"

In summary

VNET gateway SKUs and information could be a little more clearer. I found it confusing when staring down the rabbit hole. I hope this information makes it a little more easy to understand. Thanks for reading!

Read more on:
Microsoft Azure
,
VNET
,
Gateway
,
Azure Networking
,
Comments...

Give it a second to load ~

Disclaimer
The content, views, opinions or feedback that I put on this blog are my own. If anything isn't from me, I'll make sure to be 100% transparent about that.

If you've missed the header, spoiler alert, I also work for Microsoft, so keep that in mind if I am bias to all the good stuff that we do. I am proud of that. But, again, my opinions or feedback, no one at work is making me write this!

This blog does not use any cookies and no embeded analytics services (think Google Analytics). I just dont want to be creepy. Theres enough of that out there already.
Shout out đź‘Ť
This blog is made with Hugo and hosted as a static website on Azure Blob Storage. I've used the Hyde template by @MDO as inspiration and re-created and modified for use in Hugo instead of Jekyll using Vistual Studio Code. Very nice!