Cloud-based networks have become the backbone of modern enterprise infrastructure. As services become increasingly distributed and application traffic grows in complexity, traditional IP routing begins to face limitations. Ensuring smooth application performance, strong security, and efficient troubleshooting requires a more stateful and context-aware approach.
Both Microsoft Azure Virtual WAN and Google Cloud WAN address this need, but still operate primarily at the IP level. This blog introduces a concept in which Session-Aware Routing (SAR) is integrated into the cloud WAN architecture on both platforms.
Current State – Azure Virtual WAN and Google Cloud WAN
Azure Virtual WAN offers centralized management, IPsec/GRE tunneling, BGP-based routing, and built-in security through Azure Firewall and Azure Network Manager. Google Cloud WAN, in turn, is based on a globally managed SDN routing layer, supporting automated connection management and integration with Service Directory.
In both solutions, application-layer visibility remains limited. Optimization based on sessions—such as QoS, Zero Trust enforcement, or traffic prioritization—would require a more advanced and dynamic approach.
Session-Aware Routing – Why Is It the Next Step?
SAR enables the following capabilities:
- Application-level QoS and SLA precision
- Dynamic session-based traffic steering
- Security and monitoring policies applied per session
- Improved end-user experience and faster troubleshooting
Concept Proposal: Azure and Google SAR Agent Architecture
SAR functionality could be brought to the cloud in the following way:
- Azure Virtual WAN: A “Session Insight Agent” installed on the VNet Gateway or NVA monitors session data (e.g., TCP/UDP flows, App-ID, NBAR).
- Google Cloud WAN: A similar SAR agent could be deployed as part of the Cloud Router or Google Cloud Interconnect Gateway, integrated with Service Directory.
- SAR agents feed session-level data into Azure Monitor and Google Cloud Observability.
- Routing policies are generated based on session identifiers and distributed across the WAN infrastructure (similar to intent-based routing).
Benefits
- Deeper integration with SD-WAN and SASE architectures (e.g., Juniper, Cisco SD-WAN, Zscaler)
- Application-aware routing and optimization across cloud environments
- Convergence of traffic management and security
- Unified visibility and control at the session level
Summary and Next Steps
Bringing together session awareness and dynamic routing in cloud WAN solutions is a natural evolution toward a modern, application-centric network architecture. Providers like Microsoft and Google now have the opportunity to build the next generation of WAN platforms—ones that don’t just move packets, but understand the context and can respond intelligently in real time.
In the proof-of-concept phase, SAR agents can be piloted in collaboration with partners such as Juniper, Cisco, or Zscaler, creating an open, standards-based foundation for session-level control across cloud environments. Session Awareness in Cloud WAN is next requirements.
Hannu Rokka
Senior Advisor
5Feet Networks Oy, Helsinki, Suomi
linkedin.com/in/hannurokka