How To Connect Azure Virtual Networks Using Virtual Network Peering

0
312

Azure Virtual Network (VNet) Peering enables the connection of two or more virtual networks in Azure. Connectivity-wise the two peered networks appear as one. Peered traffic is routed through Microsoft’s private network and not over the public internet. An Azure virtual network is a software-defined network with a custom address space and segmented subnets.

There are two types of peering offered by Azure.

  • Virtual network peering enables connecting virtual networks within the same Azure region.
  • Global virtual network peering connects traffic across Azure regions.

Why would we want to use virtual network peering to connect two different virtual networks? There are a couple of benefits to peered networks.

  • Utilize a low-latency and high-bandwidth connection between resources in different virtual networks.
  • Transfer data across Azure subscriptions, tenants, and regions.
  • No downtime when configuring peered virtual networks.

In this article, we are going to demonstrate creating a peered network using Azure Powershell commands. You will need the Azure PowerShell module to perform these commands.

Connecting Virtual Machines via Peered Virtual Networks

In this tutorial, we are going to create two new resources groups, virtual networks, and virtual machines. Once everything has been set up, we will peer the virtual networks between the two Azure VM’s and demonstrate that they can indeed communicate. First, we need to import the Az module and authenticate to Azure using the Connect-AzAccount cmdlet.

Import-Module -Name ‘Az’
Connect-AzAccount

Next, for the sake of this tutorial, we are going to create two resource groups where our virtual machines and virtual networks will reside.

New-AzResourceGroup -Name ‘TestLocation1’ -Location “Central US”
New-AzResourceGroup -Name ‘TestLocation2’ -Location “Central US”

Creating the resource groups for this tutorial.

Before we provision our virtual machines, we first need to create the different virtual networks that we would like to peer together.

$Params = @{
“Name” = ‘TestVirtualNetwork1’
“ResourceGroupName” = ‘TestLocation1’
“Location” = ‘Central US’
“AddressPrefix” = ‘10.0.0.0/16’
“Subnet” = (New-AzVirtualNetworkSubnetConfig -Name ‘VMSubnet’ -AddressPrefix ‘10.0.1.0/24’)
}

New-AzVirtualNetwork @Params

$Params = @{
“Name” = ‘TestVirtualNetwork2’
“ResourceGroupName” = ‘TestLocation2’
“Location” = ‘Central US’
“AddressPrefix” = ‘10.1.0.0/16’
“Subnet” = (New-AzVirtualNetworkSubnetConfig -Name ‘VMSubnet’ -AddressPrefix ‘10.1.1.0/24’)
}

New-AzVirtualNetwork @Params

We can verify that the virtual networks have been created successfully, using the Get-AzVirtualNetwork cmdlet.

Verifying that the virtual networks were successfully created.

To demonstrate that we can connect two virtual networks, we need resources from within those networks to send traffic from. To do this, we will create two standard virtual machines each located in different virtual networks.

$Params = @{
‘Name’ = ‘LCWin2019-01’
‘ResourceGroupName’ = ‘TestLocation1’
‘Location’ = ‘centralus’
‘VirtualNetworkName’ = ‘TestVirtualNetwork1’
‘SubnetName’ = ‘VMSubnet’
‘AddressPrefix’ = ‘10.0.1.0/24’
‘PublicIpAddressName’ = ‘TestVM01PublicIP’
‘OpenPorts’ = 3389
‘Image’ = ‘MicrosoftWindowsServer:WindowsServer:2019-Datacenter:latest’
‘Size’ = ‘Standard_D2_v3’
‘Credential’ = $VMCredential
}

$VM1 = New-AzVM @Params

$Params = @{
‘Name’ = ‘LCWin2019-02’
‘ResourceGroupName’ = ‘TestLocation2’
‘Location’ = ‘centralus’
‘VirtualNetworkName’ = ‘TestVirtualNetwork2’
‘SubnetName’ = ‘VMSubnet’
‘AddressPrefix’ = ‘10.1.1.0/24’
‘PublicIpAddressName’ = ‘TestVM02PublicIP’
‘OpenPorts’ = 3389
‘Image’ = ‘MicrosoftWindowsServer:WindowsServer:2019-Datacenter:latest’
‘Size’ = ‘Standard_D2_v3’
‘Credential’ = $VMCredential
}

$VM2 = New-AzVM @Params

Finally, we will connect the two virtual networks by using Add-AzVirtualNetworkPeering. After retrieving the virtual network configurations, we will pass that information to create our peered connection.

You may notice that we need to peer from both directions. This gives you flexibility in how you want to structure your data flow, but it is also easy to miss when setting up the peering!

$VNet1 = Get-AzVirtualNetwork -Name ‘TestVirtualNetwork1’ -ResourceGroupName ‘TestLocation1’
$VNet2 = Get-AzVirtualNetwork -Name ‘TestVirtualNetwork2’ -ResourceGroupName ‘TestLocation2’

$Params = @{
‘Name’ = ‘TestVirtualNetwork1peerTestVirtualNetwork2’
‘VirtualNetwork’ = $VNet1
‘RemoteVirtualNetworkId’ = $VNet2.Id
}

Add-AzVirtualNetworkPeering @Params

$Params = @{
‘Name’ = ‘TestVirtualNetwork2peerTestVirtualNetwork1’
‘VirtualNetwork’ = $VNet2
‘RemoteVirtualNetworkId’ = $VNet1.Id
}

Add-AzVirtualNetworkPeering @Params

Using Get-AzVirtualNetworkPeering we can see that our peered networks are now available for use.

Demonstrating that the peering connection was successfully created.

Demonstrating the Peered Virtual Network Connection

Now that everything is properly connected, we can show that the virtual machines can ping each other successfully. First, make sure that your network adapters are on a private network and that you have allowed the File and Printer Sharing (Echo Request – ICMPv4-In) firewall rule. Otherwise, even with a peered network, your ping tests will most likely fail.

Verifying firewall settings.

As you can see below, both sides of the peered virtual network connection work as expected.

Sending ICMP pings from the first VM to the 2nd.
Sending ICMP pings from the second VM to the 1st.

Conclusion

Connecting Azure Virtual Networks through peering enables different resources to easily communicate and share data securely. With PowerShell, this task is made easy and can be quickly incorporated into deployment scripts. Even though you may be using separate virtual networks for both policy and security reasons, you are not limited in your VM connectivity. Get started with Azure Virtual Networks today!