Migrate to an availability zone-enabled ExpressRoute virtual network gateway (Preview)
A virtual network gateway requires a gateway SKU that determines its performance and capacity. Higher gateway SKUs provide more CPUs and network bandwidth for the gateway, enabling faster and more reliable network connections to the virtual network.
The following SKUs are available for ExpressRoute virtual network gateways:
- Standard
- HighPerformance
- UltraPerformance
- ErGw1Az
- ErGw2Az
- ErGw3Az
Supported migration scenarios
To increase the performance and capacity of your gateway, you have two options: use the Resize-AzVirtualNetworkGateway PowerShell cmdlet or upgrade the gateway SKU in the Azure portal. The following upgrades are supported:
- Standard to HighPerformance
- Standard to UltraPerformance
- ErGw1Az to ErGw2Az
- ErGw1Az to ErGw3Az
- ErGw2Az to ErGw3Az
- Default to Standard
You can also reduce the capacity and performance of your gateway by choosing a lower gateway SKU. The supported downgrades are:
- HighPerformance to Standard
- ErGw2Az to ErGw1Az
Availability zones
The ErGw1Az, ErGw2Az, ErGw3Az and ErGwScale (Preview) SKUs, also known as Az-Enabled SKUs, support Availability Zone deployments. The Standard, HighPerformance and UltraPerformance SKUs, also known as Non-Az-Enabled SKUs, don't support this feature.
Note
For optimal reliability, Azure suggests using an Az-Enabled virtual network gateway SKU with a zone-redundant configuration, which distributes the gateway across multiple availability zones.
Gateway migration experience
The new guided gateway migration experience enables you to migrate from a Non-Az-Enabled SKU to an Az-Enabled SKU. With this feature, you can deploy a second virtual network gateway in the same GatewaySubnet and Azure automatically transfers the control plane and data path configuration from the old gateway to the new one.
Limitations
The guided gateway migration experience doesn't support these scenarios:
- ExpressRoute/VPN coexistence
- Azure Route Server
Private endpoints (PEs) in the virtual network, connected over ExpressRoute private peering, might have connectivity problems during the migration. To understand and reduce this issue, see Private endpoint connectivity.
Enroll subscription to access the feature
To access this feature, you need to enroll your subscription by filling out the ExpressRoute gateway migration form.
After your subscription is enrolled, you'll get a confirmation e-mail with a PowerShell script for the gateway migration.
Migrate to a new gateway
First, update the
Az.Networkmodule to the latest version by running this PowerShell command:Update-Module -Name Az.Network -ForceThen, add a second prefix to the GatewaySubnet by running these PowerShell commands:
$vnet = Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $resourceGroup $subnet = Get-AzVirtualNetworkSubnetConfig -Name GatewaySubnet -VirtualNetwork $vnet $prefix = "Enter new prefix" $subnet.AddressPrefix.Add($prefix) Set-AzVirtualNetworkSubnetConfig -Name GatewaySubnet -VirtualNetwork $vnet -AddressPrefix $subnet.AddressPrefix Set-AzVirtualNetwork -VirtualNetwork $vnetNext, run the PrepareMigration.ps1 script to prepare the migration. This script creates a new ExpressRoute virtual network gateway on the same GatewaySubnet and connects it to your existing ExpressRoute circuits.
After that, run the Migration.ps1 script to perform the migration. This script transfers the configuration from the old gateway to the new one.
Finally, run the CommitMigration.ps1 script to complete the migration. This script deletes the old gateway and its connections.
Important
Before running this step, verify that the new virtual network gateway has a working ExpressRoute connection.
Next steps
- Learn more about Designing for high availability.
- Plan for Disaster recovery and using VPN as a backup.