3.1.2. High Availability Design

VPN connections can fail—your ISP has outages, your on-premises device needs maintenance. High availability patterns ensure connectivity survives these events.

Active-Passive (Default):

• Two gateway instances, one active
• Failover takes 10-15 seconds
• Single tunnel from on-premises
• Simplest to configure

Active-Active:

• Both gateway instances active simultaneously
• Two tunnels from on-premises (to each instance)
• Better throughput (aggregate both tunnels)
• Faster failover (sub-second with BGP)
• On-premises device must support two tunnels

Zone-Redundant (AZ SKUs):

• Gateway instances spread across Availability Zones
• Survives entire datacenter failure
• Requires AZ-suffix SKUs (VpnGw1AZ, etc.)
• Uses Standard Public IP (not Basic)

💡 Design decision: For production workloads, combine active-active with zone-redundant deployment. This handles both gateway-level and zone-level failures.

⚠️ Exam Trap: Zone-redundant gateways require Standard SKU public IPs. Basic SKU public IPs don't support zones—a common misconfiguration.