= Azure/Savings = * Things to consider in reducing pricing in Azure. == VM's == * Shutdown when not used e.g. based on tags and action. * Permanent vm's reduce size - easy and quick to scale up again * Spot instances * Reservations 1y(+-40%) and 3y(+-50) == Inside AZ Bandwidth / Traffic cost == * 2024 - traffic flowing into Azure is free :) * 2024 - traffic in same Az (Availability Zone = DataCenter) is free * 2024 - traffic flowing to Frontdoor(CDN) from your Origin(Az VM) is free * 2024 - Between regions(Inter) within Oceania US$0.08/GB (NZ$0.131/GB) (Same [[https://azure.microsoft.com/en-us/pricing/details/bandwidth/|price]] to other continents) == Connecting On-premis to Azure == * SDWAN - Designes - https://github.com/adstuart/azure-sdwan * Express Route(ER) [[https://learn.microsoft.com/en-us/azure/expressroute/expressroute-locations-providers#global-commercial-azure|Zone's]] * private connections to Microsoft datacenters * [[https://learn.microsoft.com/en-us/azure/expressroute/expressroute-locations-providers#global-commercial-azure|NZ Meetme]] @ Auckland Location="Vocus Group NZ Albany" Zone=2 LocalRegion=n/a ERdirect=Supported * Service Providers NZ [Devoli, Kordia, Megaport, REANNZ, Spark NZ, Vocus Group NZ] * [[https://learn.microsoft.com/en-us/azure/expressroute/expressroute-faqs#is-it-possible-to-use-more-bandwidth-than-i-procured-for-my-expressroute-circuit|Tip1]]: Double Express Route purchages bandwidth by using primary and standby connection. * two Microsoft Enterprise Edge routers (MSEEs) * ER provides to peering paths VNET's over the private peering path, and to other services over the Microsoft peering path. * ER(ExpressRoute) gateway advertises the Address Space(s) of the Azure VNET's (Not individual Subnets) * Warn /!\ : maximum MTU of 1400 bytes * BW: Supported bandwidth offers: 50 Mbps, 100 Mbps, 200 Mbps, 500 Mbps, 1 Gbps, 2 Gbps, 5 Gbps, 10 Gbps * Redundancy / Ha: * Each ExpressRoute circuit has a redundant pair of cross connections * You can additionally create a circuit in a different peering location to achieve circuit-level resilience. * implement multiple circuits in different peering locations to avoid single points of failure * either advertise the same prefix on both circuits and use AS PATH prepending * Each VNET peering location allows up to 4 ExpressRoute circuits. * Outbound from Azure - Equal-Cost Multipath (ECMP) in ExpressRoute uses the Per-Flow (based on 5-tuple) load balancing * have ExpressRoute circuits with different service providers * Limits of ER * You can have up to 10 virtual networks connections on a standard ExpressRoute circuit, and up to 100 on a [[https://learn.microsoft.com/en-us/azure/expressroute/expressroute-faqs#expressroute-premium|premium ExpressRoute]] circuit. * From a routing perspective, all virtual networks linked to the same ExpressRoute circuit are part of the same routing domain and aren't isolated from each other. If you need route isolation, you need to create a separate ExpressRoute circuit. * ExpressRoute can coexist with site-to-site VPNs. (Must set ASN of VPN Gateway to 65515) (Can be backup for ER) * S2S (Site-to-site) - IpSec * P2S - * [[https://azure.microsoft.com/en-gb/pricing/details/vpn-gateway/|VPN Gateways]] * Basic = 100Mbps shared, Max 10=S2S 128=P2S tunnels US$0.04/h($30/m) (BGP not supported on Basic) * VpnGw1 = 650Mbps shared Max 30=S2S 250=P2S tunnels US$0.19/h($141/m) + $0.015/h/S2S>10 + $0.01/h/P2S>128 * VpnGw4 = 5Gbps shared Max 100=S2S 5k=P2s tunnels US$2.10/h($1563/m) + $0.015/h/S2S>10 + $0.01/h/P2S>128 * etc ... * For more than 100 S2S VPN tunnels use [[https://learn.microsoft.com/en-us/azure/virtual-wan/virtual-wan-about|Virtual Wan]] * Virtual Wan - [[https://learn.microsoft.com/en-us/azure/virtual-wan/virtual-wan-locations-partners| Patner Equipment]] * e.g. [[https://www.paloaltonetworks.com/resources/techbriefs/achieve-cloud-first-strategy-with-prisma-sd-wan-and-microsoft-azure|PaloAlto]] * vWAN config automation api's - https://learn.microsoft.com/en-us/azure/virtual-wan/virtual-wan-configure-automation-providers