Azure cloud security tutorial series – Chapter 4 [Establish VNet Peering]

Objective

In the last chapter we saw on how to add resource to a VNet now in this chapter we will see how we will enable connectivity between two virtual networks. As we know that each virtual network is an isolated environment and for 2 resources in different two virtual network to talk to each other we will have to enable communication between two virtual networks. Azure Virtual network peering is supported within and across regions. We will start by creating two virtual networks, then verify routes between them before enabling peering. After enabling peering we will see what peering does.

  1. Start by creating a vnet as explained earlier in chapter 2. We created vnet1 in the below screenshot and review our configuration before be create our first vnet1.
  1. After clicking create our first virtual network with name as vnet1 with subnet1 (192.168.1.0/24) will be created in East US.
  2. Now we will create another virtual network vnet2 and review configuration before clicking create
  1. After clicking create our second virtual network with name as vnet2 with subnet2 (192.168.2.0/24) will be created in East US 2.
  2. Now we will add resource to each subnet and we will add one virtual machine to each subnet
  3. We are adding first virtual machine to vnet1_subnet1 once we create it will bring up our first VM
  1. We will add second virtual machine to vnet2/subnet2 as shown below:
  1. As we can see in the list of virtual machines below that our both virtual machines in different virtual networks across between regions is ready as shown below:
    • Name of VM1: vnet1-subnet1-vm1
      • Public IP: 52.170.1.138, Private IP: 192.168.1.4
    • Name of VM2: vnet2-subnet2-vm2
      • Public IP: 20.14.205.40, Private IP: 192.168.2.4
  1. Now lets try ping between both these machines before we enable vnet peering. Both will not ping each other as shown below:
    • Name of VM1: vnet1-subnet1-vm1
      • Public IP: 52.170.1.138, Private IP: 192.168.1.4
    • Name of VM2: vnet2-subnet2-vm2
      • Public IP: 20.14.205.40, Private IP: 192.168.2.4
  1. Lets also check the routes between VM’s
  1. Now lets enable vnet peering between virtual networks
  1. Once you add peering ping will start working between virtual machines in different virtual networks
  1. Lets see routes and see what has been modified or added. To see routes go to Virtual machines > vnet1-subnet1-vm1 > Networking > Network Interface >Effective routes. You will see route with next hop as VNetGlobalPeering
  1. Topology is as shown below: