About virtual hub settings

This article helps you understand the various settings available for virtual hubs. A virtual hub is a Microsoft-managed virtual network that contains various service endpoints to enable connectivity. The virtual hub is the core of your network in a region. Multiple virtual hubs can be created in the same region.

A virtual hub can contain gateways for site-to-site VPN, ExpressRoute, or point-to-site User VPN. For example, when using Virtual WAN, you don't create a site-to-site connection from your on-premises site directly to your VNet. Instead, you create a site-to-site connection to the virtual hub. The traffic always goes through the virtual hub gateway. This means that your VNets don't need their own virtual network gateway. Virtual WAN lets your VNets take advantage of scaling easily through the virtual hub and the virtual hub gateway. For more information about gateways, see Gateway settings. Note that a virtual hub gateway isn't the same as a virtual network gateway that you use for ExpressRoute and VPN Gateway.

When you create a virtual hub, a virtual hub router is deployed. The virtual hub router, within the Virtual WAN hub, is the central component that manages all routing between gateways and virtual networks (VNets). Routing infrastructure units determine the minimum throughput of the virtual hub router, and the number of virtual machines that can be deployed in VNets that are connected to the Virtual WAN virtual hub.

You can create an empty virtual hub (a virtual hub that doesn't contain any gateways) and then add gateways (S2S, P2S, ExpressRoute, etc.) later, or create the virtual hub and gateways at the same time. Once a virtual hub is created, virtual hub pricing applies, even if you don't create any gateways within the virtual hub. For more information, see Azure Virtual WAN pricing.

Virtual hub capacity

By default, the virtual hub router is automatically configured to deploy with a virtual hub capacity of 2 routing infrastructure units. This supports a minimum of 3 Gbps aggregate throughput, and 2000 connected VMs deployed in all virtual networks connected to that virtual hub.

When you deploy a new virtual hub, you can specify additional routing infrastructure units to increase the default virtual hub capacity in increments of 1 Gbps and 1000 VMs. This feature gives you the ability to secure upfront capacity without having to wait for the virtual hub to scale out when more throughput is needed. The scale unit on which the virtual hub is created becomes the minimum capacity. Creating a virtual hub without a gateway takes about 5 - 7 minutes while creating a virtual hub and a gateway can take about 30 minutes to complete. You can view routing infrastructure units, router Gbps, and number of VMs supported, in the Azure portal Virtual hub pages for Create virtual hub and Edit virtual hub.

When increasing the virtual hub capacity, the virtual hub router will continue to support traffic at its current capacity until the scale out is complete. It may take up to 25 minutes for the virtual hub router to scale out to additional routing infrastructure units. It's also important to note the following: currently, regardless of the number of routing infrastructure units deployed, traffic may experience performance degradation if more than 1.5 Gbps is sent in a single TCP flow.

Note

Regardless of the virtual hub's capacity, the hub can only accept a maximum of 10,000 routes from its connected resources (virtual networks, branches, other virtual hubs, etc).

Capacity is configured on the Basics tab Virtual hub capacity setting when you create your virtual hub.

Screenshot shows capacity.

Edit virtual hub capacity

Adjust the virtual hub capacity when you need to support additional virtual machines and the aggregate throughput of the virtual hub router.

To add additional virtual hub capacity, go to the virtual hub in the Azure portal. On the Overview page, click Edit virtual hub. Adjust the Virtual hub capacity using the dropdown, then Confirm.

Routing infrastructure unit table

For pricing information, see Azure Virtual WAN pricing.

Routing infrastructure unit Aggregate throughput
Gbps
Number of VMs
2 3 2000
3 3 3000
4 4 4000
5 5 5000
6 6 6000
7 7 7000
8 8 8000
9 9 9000
10 10 10000
11 11 11000
12 12 12000
13 13 13000
14 14 14000
15 15 15000
16 16 16000
17 17 17000
18 18 18000
19 19 19000
20 20 20000
21 21 21000
22 22 22000
23 23 23000
24 24 24000
25 25 25000
26 26 26000
27 27 27000
28 28 28000
29 29 29000
30 30 30000
31 31 31000
32 32 32000
33 33 33000
34 34 34000
35 35 35000
36 36 36000
37 37 37000
38 38 38000
39 39 39000
40 40 40000
41 41 41000
42 42 42000
43 43 43000
44 44 44000
45 45 45000
46 46 46000
47 47 47000
48 48 48000
49 49 49000
50 50 50000

Virtual hub routing preference

A Virtual WAN virtual hub connects to virtual networks (VNets) and on-premises sites using connectivity gateways, such as site-to-site (S2S) VPN gateway, ExpressRoute (ER) gateway, point-to-site (P2S) gateway, and SD-WAN Network Virtual Appliance (NVA). The virtual hub router provides central route management and enables advanced routing scenarios using route propagation, route association, and custom route tables. When a virtual hub router makes routing decisions, it considers the configuration of such capabilities.

Previously, there wasn't a configuration option for you to use to influence routing decisions within virtual hub router for prefixes in on-premises sites. These decisions relied on the virtual hub router's built-in route selection algorithm and the options available within gateways to manage routes before they reach the virtual hub router. To influence routing decisions in virtual hub router for prefixes in on-premises sites, you can now adjust the Hub routing preference.

For more information, see About virtual hub routing preference.

Gateway settings

Each virtual hub can contain multiple gateways (site-to-site, point-to-site User VPN, and ExpressRoute). When you create your virtual hub, you can configure gateways at the same time, or create an empty virtual hub and add the gateway settings later. When you edit a virtual hub, you'll see settings that pertain to gateways. For example, gateway scale units.

Gateway scale units are different than routing infrastructure units. You adjust gateway scale units when you need more aggregated throughput for the gateway itself. You adjust virtual hub infrastructure units when you want the virtual hub router to support more VMs.

For more information about gateway settings, see Gateway settings.

Basic and Standard

The virtual WAN type (Basic or Standard) determines the types of resources that can be created within a virtual hub, including the type of gateways that can be created (site-to-site VPN, point-to site User VPN, and ExpressRoute). This setting is configured on the virtual WAN object. For more information, see Upgrade from Basic to Standard.

The following table shows the configurations available for each virtual WAN type:

Virtual WAN type Hub type Available configurations
Basic Basic Site-to-site VPN only
Standard Standard ExpressRoute
User VPN (P2S)
VPN (site-to-site)
Inter-hub and VNet-to-VNet transiting through the virtual hub
Azure Firewall
NVA in a virtual WAN

Note

You can upgrade from Basic to Standard, but can't revert from Standard back to Basic.

Virtual hub router status

A hub router can have four routing statuses: Provisioned, Provisioning, Failed, or None. The Routing status is located in the Azure portal by navigating to the Virtual Hub page.

  • A None status indicates that the virtual hub didn't provision the router. This can happen if the Virtual WAN is of type Basic, or if the virtual hub was deployed prior to the service being made available.
  • A Failed status indicates failure during instantiation. In order to instantiate or reset the router, you can locate the Reset Router option by navigating to the virtual hub Overview page in the Azure portal.

Next steps

For virtual hub routing, see About virtual hub routing.