In an announcement today, Microsoft says many customers need reliability, but cannot trade-off performance. A new generation of VPN Gateway services have been created which accommodate customers with intensive VNets workloads. Microsoft says it re-engineered its existing VPN Gateways for a significant improvement. The good news for customers is that the new gateways are no extra cost. In its post, the company explains how it achieved improved performance for the Azure VPN Gateways: “The new generation of Azure VPN Gateways provide single tunnel performance of up to 1 Gbps and aggregate up to 1.25 Gbps with multiple tunnels improving your access to VNets either from your premises or for cross-region VNet-to-VNet connectivity. Enabling the active-active VPN gateway option provides even higher throughput with multiple flows to your Azure VPN gateways.” While performance is necessary, it is also important that customers meet compliance regulations. With this in mind, Microsoft now provides custom IPsec/IKE policy selection, which allows customers to choose an encryption policy. “We are also enhancing the new gateways to accommodate both route-based and policy-based VPNs. Although a route-based VPN using BGP to automatically learn routing is easier to manage, many customers have already deployed policy-based VPNs at their branch offices.”
Gateways
The new gateways are called VpnGw1, VpnGw2, and VpnGw3. With these releases, Microsoft is also updating its deployment guidance. Customers using the Basic VPN will find this gateway remains the same. This means it still has the same 80-100 Mbps performance and a 99.9% SLA. Microsoft points out this is the gateway for customers using non-production dev/test scenarios. This gateway should be avoided for production scenarios. See also: Fastest VPN Service Providers in 2018: Boost Your Internet Speed!