...
ExpressRoute | VPN |
|---|---|
Provides secure connectivity to VNet and Microsoft 365 | Provides secure connectivity to VNet only |
Does not traverse public internet | Traverses public internet (between point/site and Azure) |
Does not leverage encryption by default (IPsec & MACsec) | Traffic is encrypted by default as part of an end-to-end tunnel (IPsec) |
Supports up to 100 Gbps per second connectivity with ExpressRoute Direct | Supports up to 10 Gbps per second only |
Virtual WAN
It helps to automate and optimize connectivity using the Hub-and-Spoke network architecture and we can connect that with VNet Peering. Finally, we can combine that architecture with ExpressRoute into a larger hybrid integrated virtual network.
...
We don’t need to manage the architecture, Microsoft does it with Azure Virtual WAN because it’s becoming too complex. So, to simplify that, we can use Azure Virtual WAN.
...