In the previous blog we looked into the topic How to communicate with two VMs in the same VNet. In today's blog we will look into the concepts of VNet Peering in Azure.
By default traffic between two virtual networks are not allowed. And this fairly makes sense too. But there are common real-time business scenarios available where you need to establish this connectivity.
There are two ways we can achieve this;
Azure VPN Gateways
Azure VNet Peering
In this blog we will understand the concepts of the later one.
VNet Peering connects two virtual networks for resource sharing in one region or across regions in Microsoft Azure. A VNet peering connection between virtual networks enables you to route traffic between them privately through IPv4 addresses.
Furthermore, VNet Peering itself is of two types;
- Default Virtual Network Peering
Connecting virtual networks within the same Azure region.
- Global Virtual Network Peering
Global VNet to VNet peering is when you connect different virtual networks (VNet) across Azure regions.
The most important advantage amongst all is communication between virtual networks does not require a public Internet, gateways or even encryption. Network traffic between peer to peer VPNs remains private. All these operations are handled by azure. Azure automatically creates system routes and assigns the routes to each subnet in a virtual network.
In this blog we will try to achieve default virtual peering.
Our first step is to create two virtual machines present two different address spaces of a virtual networks.
Above image will help in achieving the required configurations.
Once done if we try an open the virtual machines and try to ping the ip address of the other through command prompt by default it will not allow.
Let's try and achieve this
First we need to open the first virtual network dashboard in the azure portal.
In the left hand side there is a option called peering.
- Once you click on this you will see the Peering sub dash for that network. This contains a option of Add. Click on that Add option.
- Moving ahead we will have to configure the required settings to start peering from network 1 to network 2.
a) Firstly, we will have to provide a meaningful name to this peering. This also helps us in understanding the peering type.
b) Second is to select deployment models. There are two deployment model. Going forward I am selecting the resource manager model.
In classic mode, each resource provisioned in Azure is a single management unit. You manage all of the resources individually. The classic mode does not allow grouping of resources, which makes managing Azure resources difficult.
Azure resource management mode adds the concept of the resource group, which is a container for resources that share a common lifecycle.
c) Next, We will have to select the destination virtual network. If you have multiple virtual networks created please select the correct virtual network.
d) Another important step is the creation of configuration for the reverse peering. For this we will have to add a meaningful name in the field(Name of the peering {Net2} to {Net1}. Based on naming conventions you are following).
e) Later on azure gives us the flexibility to configure whether we want to enable or disable the peering from {Net 1} to {Net 2} and vice versa.
f) Lastly, we get an options to configure gateway transit and forward traffic settings.
Difference between forward traffic and gateway traffic settings are the forward traffic setting allows peer's forwarded traffic (traffic not instigating from inside the peer VNet) into your VNet.
While, Gateway transit allows the peer VNet to use your VNet gateway.
These setting are helpful while trying to connect an on-premise network. Moreover, only one of the network in the peering can have gateway configured. Since, we don't require this we can keep this as disabled.
g) Once, done re-visit the above details once and click on "OK" down below. This will create the required peering configuration.
Now open up the command prompt of both the virtual machines and try to ping the other one. You could see the peering is able to establish the connection.
Connects
Check out my other blogs:
Travel/Geo Blogs
Subscribe to my channel:
Youtube Channel
Instagram:
Destination Hideout
Top comments (0)