In this article let us understand Virtual Network Peering (Vnet Peering).
We understood in our earlier articles that there is no communication between Virtual Networks in the same region or different regions/locations. What if there is a requirement to enable communication between Virtual Networks?
Azure provides us with two solutions.
- Virtual Network Peering
- VPN Gateway.
Let us look at only Vnet Peering now.
Virtual Network peering will enable communication between Virtual Networks which is blocked by default. If we establish communication is between the Virtual Network in the same region is called Vnet Peering, if it is between the Virtual Network in different regions/locations called Global Virtual Network Peering.
Peering can be done between Virtual Networks in different Subscriptions, active directory tenents, regions, or with in the same regions.
Traffic between the peered Virtual Network will pass through the Microsoft backend network, which means reliable, high-speed connectivity and low latency network.
Let us look into a scenario of enabling Global Vnet peering between two Virtual Networks Vnet-1 (10.0.0.0/16) in Central US and Vnet-2 (10.1.0.0/16) in South India
Below are the two Vnets as per the above diagram.
There are two Subnets in each Vnet, however, we will use Subnet-1 and Subnet-3 for the Vnet peering test.
Create two virtual machines vm-1 and vm-2 one in Subnet-1 of Vnet-1 and the other Subnet-3 of Vnet-2.
Let us do a quick ping test between vm-1 and vm-2 the result is they won't ping, which is expected behavior as virtual machines are into different Virtual Networks and they will not communicate.
Note: Make sure you disable the firewall on these servers before you ping.
To enable communication between these, go to one of the Vnets, select Peering option under settings.
Click on add to create peering.
Feed required information as shown in the below screenshot, we need to create two ways peering for peering to work correctly.
Enter the names of your peering as shown below, select the peer network in our case Vnet-2, make sure "allow network access from Vnet-1 to Vnet-2" and "allow network access from Vnet-2 to Vnet-1" are enabled.
Verify the peering connection from both the Virtual Networks in peering settings as shown below, make sure Peering status is connected.
Get back the virtual machines, VM-1 and VM-2 do the same ping test as we did above, this time these machines will communicate with each other., which is due to Vnet peering.
No comments:
Post a Comment