Use Active-Active VPN gateways#
Reliability · Virtual Network Gateway · 2020_06
Use VPN gateways configured to operate in an Active-Active configuration to reduce connectivity downtime.
Description#
VPN Gateways can be configured as either Active-Passive or Active-Active for Site-to-Site (S2S) connections. When deploying VPN gateways, Azure deploys two instances for high-availability (HA).
When using an Active-Passive configuration, one instance is designated a standby for failover.
Gateways configured to use an Active-Active configuration:
- Establish two IPSEC tunnels, one from each instance per connection.
- Each instance will load balance network traffic.
Recommendation#
Consider using Active-Active VPN gateways to reduce connectivity downtime during HA failover.
Notes#
Azure provisions a single instance for Basic (legacy) VPN gateways. As a result, Basic VPN gateways do not support Active-Active connections. To use Active-Active VPN connections, migrate to a gateway configured as VpnGw1 or higher SKU.
Links#
- Highly Available Cross-Premises and VNet-to-VNet Connectivity
- Update an existing VPN gateway
- Azure deployment reference