Integrating ExpressRoute and VPN in Azure vWAN

Introduction

Azure Virtual WAN is a networking service that provides optimized and automated branch connectivity to, and through, Azure. It enables you to connect your branches, remote users, and data centers to Azure and each other using a combination of site-to-site VPN, point-to-site VPN, and ExpressRoute connections. This blog post will guide you through the process of integrating ExpressRoute or Site-to-Site VPN with Azure Virtual WAN using Bicep, a domain-specific language (DSL) for deploying Azure resources.

Step-by-Step Implementation Guide

Prerequisites

Before you begin, ensure you have the following:

An Azure subscription
Bicep CLI installed
Visual Studio Code with Bicep extension
Basic understanding of Azure networking concepts

Using Bicep to Integrate ExpressRoute or Site-to-Site VPN

Step 1: Define the Bicep File

Create a new Bicep file (e.g., virtual-wan.bicep) and define the parameters and resources needed for the Virtual WAN, ExpressRoute, or Site-to-Site VPN.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63


param location string = resourceGroup().location
param virtualWanName string = 'MyVirtualWAN'
param virtualHubName string = 'MyVirtualHub'
param expressRouteGatewayName string = 'MyExpressRouteGateway'
param siteToSiteVpnGatewayName string = 'MySiteToSiteVpnGateway'
param addressSpace string = '10.0.0.0/16'

resource virtualWan 'Microsoft.Network/virtualWans@2023-02-01' = {
  name: virtualWanName
  location: location
  properties: {
    type: 'Standard'
  }
}

resource virtualHub 'Microsoft.Network/virtualHubs@2023-02-01' = {
  name: virtualHubName
  location: location
  properties: {
    addressPrefix: addressSpace
    virtualWan: {
      id: virtualWan.id
    }
  }
}

resource expressRouteGateway 'Microsoft.Network/expressRouteGateways@2023-02-01' = {
  name: expressRouteGatewayName
  location: location
  properties: {
    virtualHub: {
      id: virtualHub.id
    }
    autoScaleConfiguration: {
      bounds: {
        min: 2
        max: 10
      }
    }
  }
}

resource siteToSiteVpnGateway 'Microsoft.Network/vpnGateways@2023-02-01' = {
  name: siteToSiteVpnGatewayName
  location: location
  properties: {
    virtualHub: {
      id: virtualHub.id
    }
    connections: [
      {
        name: 'MySiteToSiteConnection'
        properties: {
          remoteVpnSite: {
            id: '/subscriptions/<subscription-id>/resourceGroups/<resource-group>/providers/Microsoft.Network/vpnSites/<vpn-site-name>'
          }
          connectionBandwidth: 200
          vpnConnectionProtocolType: 'IKEv2'
        }
      }
    ]
  }
}

Step 2: Deploy the Bicep File

Use the Azure CLI to deploy the Bicep file to your Azure subscription.

1

az deployment group create --resource-group <Your-Resource-Group> --template-file virtual-wan.bicep

Step 3: Verify the Resources

After deployment, verify that the Virtual WAN, ExpressRoute, or Site-to-Site VPN resources have been created and are configured as expected. You can do this by navigating to the Azure portal and checking the resources under the Virtual WAN and Virtual Hub sections.

Conclusion

Integrating ExpressRoute or Site-to-Site VPN with Azure Virtual WAN using Bicep provides a streamlined and efficient way to manage your network infrastructure. By defining resources as code, you can ensure consistency, simplify management, and leverage DevOps practices for continuous integration and deployment. Azure Virtual WAN enhances your ability to connect and manage your network resources seamlessly.

Learn More

For more detailed information and tutorials, visit the following Microsoft Learn resources: