It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda SecureEdge
Overview Documentation Training Certification Materials

How to Create a New Hub in an Existing Virtual WAN to Support the New Microsoft Virtual Router - Preferred Solution

  • Last updated on

This solution allows you to create a new hub in an existing virtual WAN, and then create a new Network Virtual Appliance (NVA) there and move all sites to the new hub. This is the preferred solution because it has limited downtime and offers you rollback capabilities if problems occur. For more information, see Virtual Router Upgrade for Virtual WAN with Barracuda NVAs.

Step 1. Retrieve the Name of the Existing Hub

  1. Go to https://se.barracudanetworks.com and log in with your existing Barracuda Cloud Control account.

  2. In the left menu, click the Tenants/Workspaces icon.
  3. From the drop-down menu, select the workspace containing your Edge Service.
    ws-production.png
  4. In the left menu, click the Infrastructure icon, and select Edge Services
    goto-EdgeService.png
  5. The Edge Services page opens. You will see the hub name. 
    ES_hub_name.png
  6. Write down the name.

Step 2. Create a New Hub in the Same Region 

Note that the creation of a new hub can take up to 30 minutes. 

  1. Log into the Azure portal: https://portal.azure.com
  2. In the left menu, click Virtual WANs.
  3. Select the virtual WAN containing the hub from Step 1. 
  4. In the left menu, click Hubs.
  5. Click + New Hub.
  6. The Create virtual hub blade opens. Specify values for the following:
    • Region – Select the same region as the original hub, e.g., West Europe.
    • Name – Enter a name for the hub, e.g., doc-vwan-hub.
    • Hub private address space – Enter the hub's address range in CIDR, e.g., 10.0.0.0/24 . Select a unique network that is dedicated for the hub only. Note that this address range must be different than the address range of the existing hub from Step 1.
    • Virtual hub capacity – Select the virtual hub capacity according to your requirements.
    • Hub routing preference – Select the hub routing preference, e.g., ExpressRoute. Note that ExpressRoute is the default setting but can be changed depending on your requirements.
      create_virtual_ hub.png
  7. Click Review + create.
  8. Review your settings and click Create to start the creation of the hub. 

Step 3. (Optional) Disable the Azure Firewall in the Old Hub

This step is necessary only if your hub has the Azure firewall enabled.

Note that your hub will have a short downtime for up to 10 minutes.

  1. Log into the Azure portal: https://portal.azure.com
  2. In the left menu, click Virtual WANs.
  3. Select the Virtual WAN containing the hub from Step 1. 
  4. In the left menu, click Hubs.
  5. Click on your hub.
  6. The hub Overview opens.
  7. Click Manage security provider and route setting for this Secured virtual Hub in Azure Firewall Manager -> .
    manage_sec.png
  8. The Azure Firewall Manager Security Partner Providers blade opens.
  9. Click on your hub.
    2_select_sechub.png
  10. In the left menu, click Security configuration.
  11. In the Security configuration menu, specify values for the following:
    • Internet traffic – Select None.
    • Private traffic – Select Bypass Azure Firewall.
      3_sec_config.png
  12. Click Save.

Step 4. Verify that the Hub Just Now Created Is Using the Newest Virtual Router Version

  1. Log into the Azure portal: https://portal.azure.com
  2. In the left menu, click Virtual WANs.
  3. Select the Virtual WAN containing the hub from Step 2.
  4. On the left side, click Hubs.
  5. Click on the hub you created in Step 2. 
  6. Wait until the routing status becomes green and Provisioned is displayed.
  7.  Verify that the Router version is Latest.
    4_router_version.png

Step 5. Deploy a New Edge Service Using the New Hub

Step 5a. Generate a Token in the Barracuda SecureEdge

  1. Go to https://se.barracudanetworks.com and log in with your existing Barracuda Cloud Control account.

  2. In the left menu, click the Tenants/Workspaces icon.
  3. From the drop-down menu, select the workspace containing your Edge Service for Virtual WAN.
    ws-production.png
  4. In the left menu, click the Infrastructure icon, and select Edge Services.
    goto-EdgeService.png 
  5. The Edge Services page opens. In the top-right corner of the window, click New Edge Service.
  6. From the drop-down menu, select Edge Service for Virtual WAN.
  7. The Generate Edge Service Token window opens.
    GenerateToken-vWAN.png
  8. Click on the clipboard icon to copy the token to your clipboard.
  9. Paste the token in a text file.
  10. Click OK.
Step 5b. Deploy an Edge Service in Microsoft Azure
  1. Log into the Azure portal: https://portal.azure.com.
  2. In the left menu, click +Create a resource and search for Barracuda SecureEdge
  3. Click Barracuda SecureEdge - Edge Service for Virtual WAN.
    EdgeService-virtual WAN.png
  4. Click Create.
    Create-EdgeService for Virtual WAN.png
  5. The Basics blade opens. Enter values for the following:
    • Subscription – Select subscription of the existing Edge Service from the drop-down menu. 
    • Resource group – Select the resource group containing your original Edge Service.
    • Region – Select the region of your existing Edge Service.
    • Application name – Enter a name for the managed application. 
    • Managed Resource Group – Enter a name for the managed resource group.
      Create-EdgeService-Basics.png
  6. Click Next.
  7. The Edge Service for Virtual WAN blade opens. Specify values for the following:
    • Virtual WAN hub – Select the hub created in Step 2.
    • NVA infrastructure scale unit – Select a scale unit from the drop-down menu. 

    • Token – Enter the Edge Service token here that you retrieved in Step 5a.
      reviewPlusCreate.png

  8. Click Review + create
  9. The Review + create blade opens. 
  10. Verify the values are correct, and select the check box next to I agree to the terms and conditions above.
  11. Click Create.

Step 6. (Optional) Advertise VNET Prefixes to the Default Route Table of the New Hub

This step is necessary only if you have virtual networks associated to the old hub.

  1. Log into the Azure portal: https://portal.azure.com.
  2. In the left menu, click Virtual WANs.
  3. Select the Virtual WAN containing the hub from Step 2.
  4. On the left side, click Virtual network connections.
  5. Click ... next to the hub with the old virtual router version to edit the virtual network connections. 
    vnet_propagation1.png
  6. The Edit VNet Connection window opens. 
  7. From the Propagate Route Tables drop-down menu, select Default of the hub with the new virtual router version, created in Step 2.
    vnet_propagation2.png
  8. Click Confirm.
  9. In the left menu, click Hubs.
  10. Click on the hub you created in Step 2. 
  11. In the left menu, click Routing.
  12. Click ... next to the Default routing table. 
  13. Verify that the routes propagated in this step have appeared.
    check_routes.png
  14. Click X to close the window.

Step 7. Change the Edge Service of Your Sites 

Note that your sites will have a short downtime for up to 10 minutes.

Change the Edge Service of all sites connected to the old Edge Service from Step 1 to the new Edge Service created in Step 5. For more information, see How to Change the Edge Service of a Site.

Step 8. (Optional) Move Virtual Network Connections from the Old Hub to the New Hub

This step is necessary only if you have virtual networks associated to the old hub.

Note that traffic from and to the virtual networks disrupts for up to 10 minutes.

  1. Log into the Azure portal: https://portal.azure.com.
  2. In the left menu, click Virtual WANs.
  3. Select the Virtual WAN containing the hub from Step 2.
  4. On the left side, click Virtual network connections.
  5. Click ... next to the virtual network connections of the hub with the old virtual router version.
  6. Click Delete virtual network connection.
    del_vnet_conn.png
  7. Click + Add connection.
  8. The Add connection window opens. Specify values for the following:
    • Connection name – Enter a name for the connection.
    • Hubs – Select the hub created in Step 2.
    • Subscription – Select your subscription.
    • Resource group – Select the resource group containing the virtual network.
    • Virtual network – Select the virtual network.
    • Propagate Route Tables – From the drop-down menu, select Default from the hub created in Step 2.
      add_vnet_conn.png
  9. Click Create.

Next Steps

  • Delete the old hub.