Azure Virtual WAN MicroHack

As an employee of a Microsoft Partner, I get invited to join some brilliant training programmes set up and run by the OCP area of Microsoft.

I attended an Azure Virtual WAN Microhack today, looking at all things Azure Virtual WAN.

The details and instructions of this hack can be found in the following GitHub Repo:

As you can see, this hack is developed into a series of Scenarios each of which is aimed at delving into the configuration of vWAN, hubs, S2S VPN’s and multiple VNETs and the routing thereof.

The lab consists of a Virtual WAN with Hubs in West Europe and US East, 4 Spoke VNETs (2 in West Europe, 1 in US East and 1 US West), a Shared Services VNET in West-Europe and a simulated On-premise location in North Europe.

Each of the Spoke and On-prem VNETs contains a Virtual Machine running a basic web site. The Shared Services VNET contains an Active Directory Domain Controller. the NVA VNET contains a Linux VM with Iptables.

An additional VNET containing a Network Virtual Appliance Linux-based firewall is also deployed. This NVA VNET is used in the optional advanced scenario’s on network security.

During the course of the MicroHack you will connect the Spoke and Shared Services VNETs and the On-premise site to Virtual WAN, deploy an additional Virtual WAN Hub, and manipulate and observe routing.

At the end of the lab your deployment looks like this:


It was a thoroughly enjoyable hack and aids at cementing the understanding of how routes and route tables can be propagated and/or isolated to specific parts of your network topology.

All in all it took around 30 mins to prepare the prereqs and then around 3 hours to complete the first 4 scenarios which will give you a good core understanding of the Virtual WAN and its component parts as well as how to start utilising the GUI and AZ CLI to control and test access and routing of your topologies.

Table of Contennts:






Scenario 1: Single region Virtual WAN with Default Routing

Scenario 2: Add a branch connection

Scenario 3: Multi-regional Virtual WAN

Scenario 4: Isolated Spokes and Shared Services Spoke

Scenario 5 (Optional): Filter traffic through a Network Virtual Appliance

Scenario 6 (Optional): Secured Hubs

Close out

Happy Hacking!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s