vnet peering too expensive
Best practices are to create a subscription for ExpressRoute and then peer VNets for different subscriptions. This doubles the cost of traffic to and from Azure making it a non start for most. It is understandable to have costs between regions, but for networking that would be no cost if in the same subscription, why is there then a cost for my networks in my two subscriptions in the same region? These cost make it impossible to follow best practices for security, design, partner management, etc.
Thank you for your feedback.
We are evaluating what we can do in this space.
- Anavi N [MSFT]
Paulo Gerardo commented
Team do you have any update regarding this?
I totally agree with Rocky. Actually Azure price is much higher than AWS: 3.5 times in zone 1 and 9 times in zone 2 including Japan!
VPC Peering connections in the same AWS Region is charged at $0.01/GB in each direction.
I'm pondering the same. Microsoft's "best practice" architecture is not best for customers from a cost perspective. The hub-and-spoke architecture makes sense if VNet-peering (at least in the same region) were free. Otherwise, with each spoke being a different VNet (in a possibly different subscription), a lot of traffic can potentially flow across the hub-spoke VNet peering links. Then we may be forced to minimize the number of VNet spokes and use subnets/NSGs/NVAs within VNets to provide isolation between lifecycle environments or business units.
Donald Scott commented
I tend to agree with Rocky and Mike. I think there should be an analysis to see if the pricing can be updated. This cost might actually deter total Azure consumption.
Mike Webber commented
Best practices for a virtual data center recommend having a hub and spoke vnet architecture. Ingress and egress controls are placed in the hub and traffic from and to the spokes is forced through the hub. This results in a large amount of data transiting the peered vnets. $.02 per GB for traffic that is not leaving the data center is not acceptable.