Skip to main content

Hi,

For connecting the Aviatrix spoke gateways (in VNET1) to the Aviatrix Transit gateways,(in VNET2), my understanding is, it utilizes the public IP address associated with each of these gateways to create the IPSec tunnels. Say this is an Azure setup.

  1. In this scenario, even if both the above VNETs are in the same region, there is a charge associated with egress traffic over the public IPs.  Is there a private peering option to avoid this charge?
  2. Normally, are these IPSec tunnels established over the public (Microsoft) network only (via the public IPs), also is there a requirement for setting up VNET peering between these two VNETs?

Hi JamieR, thank you for your insightful question. You’re correct that the Aviatrix gateways utilize public IP addresses to establish connections (in standard mode, though, when HPE is not enabled!). However, it's important to note that even though these gateways rely on public IPs, the traffic remains within the Cloud Service Provider's (CSP) backbone network, provided that both gateways are deployed within the same CSP environment. In scenarios where High Performance Encryption (HPE) is enabled, VPC/VNet peering becomes particularly beneficial. This configuration allows the use of private IP addresses.

Thank you the reply, Joe.

For  HPE to be enabled, is the Azure underlay connectivity (VNET peering in this example) mandatory? 

Since HPE utilizes private IP addresses, then that also means utilizing HPE will be cheaper option from an Azure data transfer cost perspective when we are talking about two VNETs in the same region. Is that right?  Otherwise if public IP addresses are used, there will be a charge (minimal) for the public IP egress.

Also, traffic between two public IPs within same Azure region is $0 so cheaper than using vnet peering if you don't require more than 6 Gbps (as HPE requires vnet peering) 

Thank you for the reply. The Azure documentation on the pricing is a bit confusing. As per this below link, Azure no longer charges for data transfers (same region) whether using private or public IPs. 

https://azure.microsoft.com/en-us/updates?id=update-on-interavailability-zone-data-transfer-pricing

However, I believe public IPs do incur a usage charge. And VNET peering certainly does involve ingress/egress charges even within same region. So purely from a data transfer pricing perspective, it does look like VNET peering is the expensive option here if HPE is not a concern. 

 

 

Hi Jamie,

I checked a while ago and the doc explaining it is this one BUT you need to look at the forth Q&Q line

https://azure.microsoft.com/en-us/pricing/details/bandwidth/

  • Is data transfer between Azure services located within the same region charged?

    No. For example, an Azure SQL database in the same region will not have any additional data transfer costs.

Also, vnet peering comes with 1 cts in + 1 cts out. It is explained in that link and it is actually more expensive than public IP to Public IP. Also Aviatrix doesn’t bill per GB. It is same price regardless of amount of data you are sending through the platform.

https://azure.microsoft.com/en-us/pricing/details/virtual-network/?msockid=11da24e4a1df6e063ce331bea0346faf#:~:text=VNET%20Peering%20within%20the%20same%20region

 

hi Alex,

Ok yes, I believe we are both agreeing on the same thing. I basically was trying to understand what the underlying Azure costs would be for either option, not the Aviatrix costs. 

Thanks.

Reply


Terms & Conditions