A company has a hybrid cloud environment with an on-premises data center and Microsoft Azure. The on-premises infrastructure includes a VPN gateway connected to an Azure virtual network via site-to-site VPN. The network team reports that traffic from on-premises to Azure is experiencing high latency and packet loss. The VPN tunnel status shows as connected. The team has verified that the on-premises firewall is not dropping packets. The Azure administrator checks the virtual network gateway metrics and sees high inbound packet drops and a high number of VPN tunnel rekeys. What is the MOST likely cause of the issue?
Under-provisioned gateways drop packets under load and trigger rekeys due to timeouts.
Why this answer
Option A is correct because a VPN gateway SKU that is too small for the traffic volume causes packet drops and frequent rekeys, leading to high latency and loss. Option B is wrong because a misconfigured local network gateway address space would cause connectivity failure, not just high latency. Option C is wrong because mismatched encryption algorithms would prevent the tunnel from establishing or cause constant renegotiation, not just increased rekeys.
Option D is wrong because overlapping address spaces would cause routing conflicts and connectivity issues, not specifically packet drops and rekeys.