Azure, Microsoft

AZ-100 – Create Connectivity Between Virtual Networks – Study Notes #14

This article covers the “Create connectivity between virtual networks” section of the AZ-100 and AZ-103 Exams and is part of my AZ-100 Study Notes series.

VNETs by default are isolated from each other unless specifically configured otherwise. They provide Internet Access and connectivity between Azure Resources and also allow connecting to On-Premise networks and filtering and routing.

Azure will reserve the first three and Last IP from the VNET pool, meaning ip configs would start at 192.168.0.4 for example.

Creation

To create a VNET –

  1. Navigate to “Virtual networks”
  2. Click Add then provide a name for the new VNet.
  3. You then provide an Address Space, which is the range of IP’s allowed within the VNet.
  4. Select the Subscription, Resource Group and Location.
  5. Then define an initial Subnet by defining a name and the address range to utilise.
  6. Additional Subnets may be created by going into the new Vnet and selecting “Subnets” and then defining new subnets.

To create a Route –

  1. Navigate to “Route Tables”
  2. Select “Add” and provide a Name and select or create a Resource Group.
  3. Then select “Create”
  4. At this point we have a Route Table but we need to define custom routes.
  5. In Route Tables select “Routes” in the “Settings” menu then click “Add”.
  6. Define the route you want to configure and then click OK.
  7. Once that’s done we finally need to navigate to “Subnets” in the “Settings” menu and associate it with a subnet.

Create and configure VNET peering

VNET peering allows you to connect VNETs both within the same region and across regions.

To create a peering –

  1. Navigate to “Virtual networks” and select the VNET to apply a peering to.
  2. Select “Peerings” in the “Settings” menu and then click Add.
  3. Provide a name and optionally change the deployment model to Classic and select “I know my resource ID” if you do not have read access to the network we will connect to.
  4. Select the Subscription and then select the VNET that we’ll connect to.
  5. Now choose whether to enable “Allow virtual network access” which will if enabled allow data to flow between the networks, disabling this is a good alternative to deleting a peer if you just want to temporarily stop data between the networks.
  6. Choose whether to enable “Allow forwarded traffic” which if enabled will allow forwarding of data originating from outside the initial VNET to the second VNET.
  7. For “Allow gateway transit” and “Use remote gateways” options I’d suggest reading the Microsoft documentation in the link at the bottom of this section.
Example of configuring a Peering between two VNETs

Microsoft has a good overview of how this works here – https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering

Create and configure VNET to VNET

So now we know how to create a Peer however the Peering Status is only set to Initiated and not Completed because the VNET peer must be set up from both sides.

Navigate to the other Virtual network and configure another peering from the second to the first VNET and once created the status changes to Connected on both VNET peers showing that there is an active connection between them.

Example showing a connected Peering, indicating that the peer is setup on both VNETs

There is also a tutorial which walks you through creating a connected VNET to VNET – https://docs.microsoft.com/en-us/azure/virtual-network/tutorial-connect-virtual-networks-portal

Verify virtual network connectivity

The primary method of checking network connectivity is using what’s called a “Network Watcher” within the same region as the resource to test.

More information on this can be found at – https://docs.microsoft.com/en-us/azure/network-watcher/network-watcher-connectivity-portal

Example of a successful test via the RDP port between two VM’s in separate VNETs using a Network Watcher

Create virtual network gateway

To create a Virtual Network gateway –

  1. Navigate to “Virtual Network Gateways”.
  2. Provide a Name and select the Gateway Type –
    1. VPN – A private network connecting two points over the internet.
    2. ExpressRoute – A dedicated connection between On-Premise and Azure provided by a Microsoft supplier.
  3. Select the SKU to use –
    1. More details here – https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings
  4. Select the Virtual Network that will send and receive data, must already have a gateway subnet setup on the Network.
  5. Either select an existing public IP or create a new one.
  6. Finally, click Create to create the new Network Gateway.

You then need to configure the Local Network Gateway and then finally connect the Virtual and Local gateways in Azure, both of which are covered in the link below.

For a full guide on setting up a Site-to-Site Connection look here – https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-site-to-site-resource-manager-portal

Advertisement

One thought on “AZ-100 – Create Connectivity Between Virtual Networks – Study Notes #14

  1. Pingback: AZ-100/AZ-103 – Microsoft Azure Infrastructure and Deployment – Study Notes #1 – Sysadmin Central

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.