INTRODUCTION
In today's interconnected digital landscape, the ability to create secure and seamless connections between different components of your cloud infrastructure is paramount. Azure Virtual Network (VNet) peering, one of the many powerful features offered by Microsoft Azure, enables you to achieve just that. With VNet peering, you can establish network communication between Virtual Networks in Azure, creating a unified and efficient network environment for your applications and services.
But, as with any sophisticated technology, getting started with Azure VNet peering may seem daunting at first. That's where we come in! In this comprehensive guide, we'll walk you through the step-by-step process of implementing Azure VNet peering using Azure CLI, the command-line interface that offers precise control and automation capabilities for Azure services.
Whether you're an Azure newcomer looking to understand the fundamentals or an experienced cloud architect seeking a refresher, this blog will provide you with the insights and practical instructions you need to create, configure, and manage Azure VNet peering like a pro.
Join us as we demystify the world of Virtual Network peering, exploring the key concepts, prerequisites, and best practices. By the end of this guide, you'll be equipped with the knowledge and tools to effortlessly establish network connections across your Azure VNets, enabling your applications and services to communicate seamlessly.
So, without further ado, let's dive into the exciting world of Azure VNet peering with Azure CLI and take the first step toward creating an interconnected, efficient, and resilient cloud infrastructure.
PREREQUISITES
- Azure Subscription
- Azure CLI
- Planning and Design
STEP 1: Sign into Azure Account
Login to your Azure account through your Command Line Interface (CLI) by typing this command az login
as shown in the image below then tap the enter key to run it.
- This opens a tab in your browser, where you will be required to provide your login details.
Select the particular account you wish to deploy the resources and sign in.
A notification indicating you have been granted access to the account displays.
- Your account detail is displayed on your CLI.
STEP 2: Create a Resource Group
A resource group is a logical grouping of Azure resources that are related to a specific application, project, or environment. It serves as a logical container for our resources in Azure and helps us in organization, management, access control, deletion and cleanup of our account.
We create the resource group using this command:
az group create --name <resource group name> --location <azure region>
- From the above image, it can be seen that for this exercise, we created a resource group called Proj-RG. Which is visible on the portal (see below).
STEP 3: Create the Virtual Networks (Vnet).
For this exercise, we will be creating two virtual networks (EastVNet and WestVNet).
We proceed to create the virtual networks that we intend to peer. The convention is to have distinct IP address range for each Vnet to ensure that they do not overlap. Virtual networks that are to be peered should not have overlapping IP addresses.
We use this command to create the Vnets one after the other.
az network vnet create --resource-group <resource group name> --name <Vnet name> --address-prefix 10.1.0.0/16 --subnet-name <subnet name> --subnet-prefix 10.1.0.0/24
For EastVNet
From the above image, the IP address range for EastVnet can be seen as "10.1.0.0/16" and the subnet IP address range is "10.1.0.0/16".
We can use this command
az network vnet list --output table
to verify if indeed the virtual networks were created.
- We can add an additional subnet to an existing virtual network through this command.
az network vnet create --resource-group Proj-RG --name EastVNet --address-prefix 10.2.0.0/16 --subnet-name EastSubnet1 --subnet-prefix 10.2.0.0/24
This will create an aditional subnet in EastVNet.
- We use this command to verify the subnets in a particular Vnet.
az network vnet subnet list --resource-group Proj-RG --vnet-name EastVNet --output table
- We can also proceed to the Azure portal to view the virtual networks we created inside the resource group (Proj-RG).
STEP 4: Peering the Virtual Networks
The final step is to peer the virtual networks.
We use the following commands to achieve that.
We begin by creating West to East peering. That is peering WestVNet to EastVNet.
- We use this command to get the Resource ID of the EastVNet in order to perform the peering.
az network vnet show --resource-group Proj-RG --name EastVNet --query id --out tsv
- We now run this command for the peering using the EastVNet resource ID.
az network vnet peering create --name WesttoEastPeering --resource-group Proj-RG --vnet-name WestVNet --remote-vnet "/subscriptions/21b8f625-edc8-4cf1-99ec-861cfa81ecc3/resourceGroups/Proj-RG/providers/Microsoft.Network/virtualNetworks/EastVNet" --allow-vnet-access
Output of the command
{
"allowForwardedTraffic": false,
"allowGatewayTransit": false,
"allowVirtualNetworkAccess": true,
"doNotVerifyRemoteGateways": false,
"etag": "W/\"2a34dc33-8176-4ad6-ab9f-db94281f712f\"",
"id": "/subscriptions/21b8f625-edc8-4cf1-99ec-861cfa81ecc3/resourceGroups/Proj-RG/providers/Microsoft.Network/virtualNetworks/WestVNet/virtualNetworkPeerings/WesttoEastPeering",
"name": "WesttoEastPeering",
"peeringState": "Initiated",
"peeringSyncLevel": "RemoteNotInSync",
"provisioningState": "Succeeded",
"remoteAddressSpace": {
"addressPrefixes": [
"10.1.0.0/16"
]
},
"remoteVirtualNetwork": {
"id": "/subscriptions/21b8f625-edc8-4cf1-99ec-861cfa81ecc3/resourceGroups/Proj-RG/providers/Microsoft.Network/virtualNetworks/EastVNet",
"resourceGroup": "Proj-RG"
},
"remoteVirtualNetworkAddressSpace": {
"addressPrefixes": [
"10.1.0.0/16"
]
},
"resourceGroup": "Proj-RG",
"resourceGuid": "ed95c55f-94b2-0ecd-2f52-dc24ce394fb7",
"type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings",
"useRemoteGateways": false
}
To peer East to West. That is peering EastVNet to WestVNet, in order to complete the peering circuit.
We run this command again for the WestVNet to get the resource ID
az network vnet show --resource-group Proj-RG --name WestVNet --query id --out tsv
- We can now go ahead and run the peering command to peer EastVnet to WestVnet.
az network vnet peering create --name EasttoWestPeering --resource-group Proj-RG --vnet-name EastVNet --remote-vnet "/subscriptions/21b8f625-edc8-4cf1-99ec-861cfa81ecc3/resourceGroups/Proj-RG/providers/Microsoft.Network/virtualNetworks/WestVNet" --allow-vnet-access
Output of the command
{
"allowForwardedTraffic": false,
"allowGatewayTransit": false,
"allowVirtualNetworkAccess": true,
"doNotVerifyRemoteGateways": false,
"etag": "W/\"32bb25f8-1dc4-4b74-af18-4a183d67f138\"",
"id": "/subscriptions/21b8f625-edc8-4cf1-99ec-861cfa81ecc3/resourceGroups/Proj-RG/providers/Microsoft.Network/virtualNetworks/EastVNet/virtualNetworkPeerings/EasttoWestPeering",
"name": "EasttoWestPeering",
"peeringState": "Connected",
"peeringSyncLevel": "FullyInSync",
"provisioningState": "Succeeded",
"remoteAddressSpace": {
"addressPrefixes": [
"10.2.0.0/16"
]
},
"remoteVirtualNetwork": {
"id": "/subscriptions/21b8f625-edc8-4cf1-99ec-861cfa81ecc3/resourceGroups/Proj-RG/providers/Microsoft.Network/virtualNetworks/WestVNet",
"resourceGroup": "Proj-RG"
},
"remoteVirtualNetworkAddressSpace": {
"addressPrefixes": [
"10.2.0.0/16"
]
},
"resourceGroup": "Proj-RG",
"resourceGuid": "ed95c55f-94b2-0ecd-2f52-dc24ce394fb7",
"type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings",
"useRemoteGateways": false
}
- We can use this command to verify the state of peering.
az network vnet peering list --resource-group Proj-RG --vnet-name EastVNet --output table
SOME BENEFITS OF VIRTUAL NETWORK PEERING
Private Network Communication: VNet peering enables private, low-latency communication between VNets, creating a virtual private network within Azure. This is especially useful when you want to keep network traffic within the Azure backbone, avoiding exposure to the public internet.
Simplified Network Architecture: VNets that are peered together can communicate as if they are part of a single network. This simplifies network architecture and eliminates the need for complex and costly VPN gateways or dedicated network appliances.
Cost-Efficiency: VNet peering is a cost-effective solution for interconnecting VNets. You don't incur data transfer charges within the same Azure region when using VNet peering, which can lead to significant cost savings compared to data transfer over a VPN or ExpressRoute.
Low Latency: Since VNet peering traffic stays within Azure's high-speed backbone network, it results in low-latency communication, making it suitable for applications that require quick response times.
Transitive Connectivity: VNet peering can be transitive, allowing traffic to flow from one VNet to another through a peered VNet. This can simplify network topologies and routing.
Redundancy and High Availability: By peering VNets in different regions, you can create redundant network architectures for disaster recovery and high availability scenarios.
Isolation: Even when VNets are peered, they maintain their isolation. You can apply network security group (NSG) rules and route traffic as needed, providing granular control over communication.
Hybrid Scenarios: VNet peering can be used in hybrid scenarios where you connect on-premises networks to Azure VNets, making it easier to extend your network infrastructure to the cloud.
In conclusion, mastering the art of Azure VNet peering with Azure CLI opens up a world of possibilities for creating efficient, secure, and interconnected cloud architectures. By following the step-by-step instructions in this guide, you'll be well on your way to harnessing the full potential of Azure's networking capabilities. So, don't hesitate to dive in, explore, and embrace the power of Azure VNet peering to enhance your cloud infrastructure and take your applications to the next level.
Thank you for your time and happy peering!
Top comments (0)