VPN Gateway, Peering in Azure!!

When I was studying about AZ-303 exam. I found a lot of confusion about vnet peering, vnet gateway, subnet gateway, hence thought to pen down below.

What is VPN Gateway?

A VPN gateway is a specific type of virtual network gateway that is used to send encrypted traffic between an Azure virtual network and an on-premises location over the public Internet. 

You can also use a VPN gateway to send encrypted traffic between Azure virtual networks over the Microsoft network. 

Each virtual network can have only one VPN gateway. However, you can create multiple connections to the same VPN gateway. When you create multiple connections to the same VPN gateway, all VPN tunnels share the available gateway bandwidth.

What is a virtual network gateway?

A virtual network gateway is composed of two or more VMs that are deployed to a specific subnet you create called the gateway subnet. 

Virtual network gateway VMs contain routing tables and run specific gateway services. These VMs are created when you create the virtual network gateway. You can't directly configure the VMs that are part of the virtual network gateway.

When you configure a virtual network gateway, you configure a setting that specifies the gateway type. The gateway type determines how the virtual network gateway will be used and the actions that the gateway takes. The gateway type 'Vpn' specifies that the type of virtual network gateway created is a 'VPN gateway'. This distinguishes it from an ExpressRoute gateway, which uses a different gateway type. A virtual network can have two virtual network gateways; one VPN gateway and one ExpressRoute gateway. For more information, see Gateway types.

Creating a gateway can often take 45 minutes or more, depending on the selected gateway SKU. 

When you create a virtual network gateway, gateway VMs are deployed to the gateway subnet and configured with the settings that you specify. 

After you create a VPN gateway, you can create an IPsec/IKE VPN tunnel connection between that VPN gateway and another VPN gateway (VNet-to-VNet),

 or 

create a cross-premises IPsec/IKE VPN tunnel connection between the VPN gateway and an on-premises VPN device (Site-to-Site). 

You can also create a Point-to-Site VPN connection (VPN over OpenVPN, IKEv2, or SSTP), which lets you connect to your virtual network from a remote location, such as from a conference or from home.

VNet Peering vs VPN Gateway

You can also use VPN gateways to establish connectivity between VNets.

Components

• VPN gateway within a special subnet called GatewaySubnet.
• Public IP addressing for each VPN gateway to establish the connection.
• IPSec IKE site-to-site VPN tunnel that ensures all traffic is encrypted.

Which one to use?

• VNet peering: Designed for VNet-to-Vnet connectivity. Typically used for private low-latency interconnectivity.
• VPN gateway: Designed for hybrid connectivity. Generally used where encryption and/or transitive routing is needed.
• VNet Peering and VPN Gateways can also co-exist via gateway transit

Reference : Microsoft