Here is the forth episode of my AZ-303 study notes series.
Like I mentioned in the Intro to VNets section, each VNet is an isolated and secure space. Each one has connectivity inside of itself and to the internet but by design there is no connectivity between VNets in a subscription or across subscriptions. What if we wanted to enable that? We can use VNet peering for this, it allows us to establish low-latency, high-bandwidth connectivity between VNets and works over the Microsoft backbone, that means that this connectivity avoids the public internet and is more secure.
- Provides connectivity over private IP.
- Supports cross-subscription connectivity.
- Supports cross-region connectivity.
- Address space cannot overlap.
- Does not support transitive routing by default. You could setup a Network Virtual appliance. A VM acts as a router and that could forward traffic.
- Allow forwarded Traffic: Allows forwarded traffic to pass through the VNET peer. Commonly used with Azure Firewall.
- Allow Gateway transit: Allows a VNet to be used to access other resources through a VNet gateway
- Use Remote Gateway: Configures a VNet to make use of a peered VNet's gateway, to access other resources.
You can also use VPN gateways to establish connectivity between VNets.
- VPN gateway within a special subnet called GatewaySubnet.
- Public IP addressing for each VPN gateway to establish the connection.
- IPSec IKE site-to-site VPN tunnel that ensures all traffic is encrypted.
- VNet peering: Designed for VNet-to-Vnet connectivity. Typically used for private low-latency interconnectivity.
- VPN gateway: Designed for hybrid connectivity. Generally used where encryption and/or transitive routing is needed.
I plan on creating more content around Azure; it's great to share what I've been learning.
If you have any feedback at all, please let me know in the comments below or reach out to me on socials.
Thanks for reading and possibly watching!