When to use VNet Peering vs VPN Gateway on Azure

I was recently playing about with the Hub and Spoke model within Azure and came across two methods to provide connectivity between the two. The idea behind the design pattern is that the Hub is the main entry point with common services for the Spoke(s) to use. The Hub typically has some type of WAF or FW, to help protect and direct the inbound traffic. Its considered best practice that Spokes do not communicate directly with one another, but that all traffic is routed via the Hub. This enables central Hub control and visibility. 

TBC....the rest...