Skip to main content This browser is no longer supported. Show
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support. Choose between virtual network peering and VPN gatewaysThis article compares two ways to connect virtual networks in Azure: virtual network peering and VPN gateways. A virtual network is a virtual, isolated portion of the Azure public network. By default, traffic cannot be routed between two virtual networks. However, it's possible to connect virtual networks, either within a single region or across two regions, so that traffic can be routed between them. Virtual network connection typesVirtual network peering. Virtual network peering connects two Azure virtual networks. Once peered, the virtual networks appear as one for connectivity purposes. Traffic between virtual machines in the peered virtual networks is routed through the Microsoft backbone infrastructure, through private IP addresses only. No public internet is involved. You can also peer virtual networks across Azure regions (global peering). VPN gateways. A VPN gateway is a specific type of virtual network gateway that is used to send traffic between an Azure virtual network and an on-premises location over the public internet. You can also use a VPN gateway to send traffic between Azure virtual networks. Each virtual network can have at most one VPN gateway. Virtual network peering provides a low-latency, high-bandwidth connection. There is no gateway in the path, so there are no extra hops, ensuring low latency connections. It's useful in scenarios such as cross-region data replication and database failover. Because traffic is private and remains on the Microsoft backbone, also consider virtual network peering if you have strict data policies and want to avoid sending any traffic over the internet. VPN gateways provide a limited bandwidth connection and are useful in scenarios where you need encryption but can tolerate bandwidth restrictions. In these scenarios, customers are also not as latency-sensitive. Gateway transitVirtual network peering and VPN Gateways can also coexist via gateway transit Gateway transit enables you to use a peered virtual network's gateway for connecting to on-premises, instead of creating a new gateway for connectivity. As you increase your workloads in Azure, you need to scale your networks across regions and virtual networks to keep up with the growth. Gateway transit allows you to share an ExpressRoute or VPN gateway with all peered virtual networks and lets you manage the connectivity in one place. Sharing enables cost-savings and reduction in management overhead. With gateway transit enabled on virtual network peering, you can create a transit virtual network that contains your VPN gateway, Network Virtual Appliance, and other shared services. As your organization grows with new applications or business units and as you spin up new virtual networks, you can connect to your transit virtual network using peering. This prevents adding complexity to your network and reduces management overhead of managing multiple gateways and other appliances. Configuring connectionsVirtual network peering and VPN gateways both support the following connection types:
For more information, see the following articles:
Comparison of virtual network peering and VPN Gateway
ContributorsThis article is maintained by Microsoft. It was originally written by the following contributors. Principal author:
Next steps
FeedbackSubmit and view feedback for Additional resourcesIn this articleWhich of the following is an advantage of a VPN?Which of the following is an advantage of a virtual private network (VPN)? It helps to securely access information over the public Internet.
Which of the following is an advantage of a virtual private network VPN )?Provide Safety Through Anonymity
This disguise for network data helps keep VPN users safe, because anyone looking to steal information would be getting the VPN server's data instead. Using a VPN keeps the user's location and other valuable information secure and inaccessible by unwanted parties.
Which of the following statements is true about a VPN quizlet?Which of the following is true of a virtual private network (VPN)? It provides a secure connection for information transmitted over the public Internet.
What is the purpose of virtual private network in quizlet?A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network.
|