Internet consideration design options for AVS
There are many ways to create a default route in Azure and deliver it to your AVS environment. See the following choices:
- A third-party NVA in a native Azure virtual network coupled with an Azure Route Server
- A vWAN hub with an Azure firewall
- A default route from the customer on-premises environment transferred to AVS over Global Reach
- A third-party NVA in a vWAN hub-and-spoke Virtual Network configuration
Any of these patterns may be used to provide an outbound SNAT service, giving you the ability to choose which sources are permitted to leave the network, to see connection records, and, for certain services, to do further traffic inspection.
The same service can use an Azure Public IP and generate an incoming Destination Network Address Translation (DNAT) that points to targets in AVS.
It is also possible to create a system that uses many routes for internet traffic – one for incoming DNAT and another...
