Contents
Introduction to VNet Peering
By default, a VM on one VNet cannot communicate with a VM on another VNet.
You can setup peering relationship between the 2 networks to allow them to communicate.
Peering must be setup to work in both directions
Setting up Peering
In this example we will setup the connection between the Virtual Networks: vSydney and vMelbourne
- Go to the vSydney Vnet
- Go to Peering’s
- Click on Add
- Set your options:
– Name of peering from vSyndey to vMelbourne
– If you want to connect to a Vnet across subscriptions, you can select to use the Resource ID
– Select the Subscription
– Set the Virtual Network: vMelbourne
– Set the name of the reverse connection: vMelbourne to vSydney
– Configure Virtual Network Access Settings: here is where you change the options if you only want the traffic to flow in one direction
– Configure forwarded traffic settings: here you can set if forwarded traffic can be passed between the VNets. EG: if there is peering setup between vCanberra and vSydney, should traffic from vCanberra be able to communicate with vMelbourne through vSydney - Click OK
- This will create both peering relationships
Configure Global Peering
In this example we will setup peering between the already peered Australian networks (vMelbourne and vSyndey) and a virtual network in Japan – vTokyo (which is obviously a different region).
Chaining Relationship
Using the same method as above, setup peering between vMelbourne and vTokyo. The virtual networks vMelbourne and vTokyo can now communicate, but vSyndey cant communicate with vtokyo. To allow this to work we can enable “Forwarded traffic” on the peering networks.
Peering Pricing
Virtual networks are free to setup, but you have to pay for peering.
VNET Peering within the same region
Inbound data transfer | $0.014 per GB |
Outbound data transfer | $0.014 per GB |
Global VNET Peering
Zone 1 | Zone 2 | Zone 3 | US Gov | |
Inbound data transfer | $0.049 per GB | $0.124 per GB | $0.220 per GB | $0.061 per GB |
Outbound data transfer | $0.049 per GB | $0.124 per GB | $0.220 per GB | $0.061 per GB |
From <https://azure.microsoft.com/en-au/pricing/details/virtual-network/>
Azure-to-Azure Virtual Network Gateway
Using a network gateway is another way to allow devices on different virtual networks to communicate. A Virtual Network Gateway can be used for:
- Site to site connection between on premise network and Azure virtual network
- Connection between two Azure virtual networks
Creating Gateway Subnet
To connect two virtual networks using a network gateway, you have to have a gateway subnet in each of the networks.
- Go to the Virtual Network -> subnets
- Click Add Gateway Subnet
- Configure the options:
– Name: this is set by Azure (GatewaySubnet)
– Address range: this is auto populated with an address range for the virtual network for the virtual network - Click Create
Add Network Gateway Device
In order to use the network you have to have a Gateway device in the Gateway subnet. To do this:
- Go to the Marketplace and search for “Virtual Network Gateway”
- Click on Create
- Set your options:
– Name: give the device a name, EG: vnetgateway
– Region: this should be the same as your virtual network
– Gateway type: VPN
– Virtual Network: the network that you created the Gateway subnet in
– Gateway subnet address range: it should pick this up automatically from the Gateway subnet
– Public IP Address: create new (If you don’t already have one to use - Click Create
VPN Gateways
“Setting up a virtual network is free of charge. However, we do charge for the VPN gateway that connects to on-premises and other virtual networks in Azure. This charge is based on the amount of time that the gateway is provisioned and available.”
From <https://azure.microsoft.com/en-au/pricing/details/vpn-gateway/>
VPN Gateway Type | Price | Bandwidth | S2S tunnels | P2S tunnels |
Basic | $36.09/month | 100 Mbps | Max. 10
1-10: Included |
Max. 128
1-128: Included |
VpnGw1 | $190.4351/month | 650 Mbps | Max. 30
1-10: Included 11-30: $0.021/hour per tunnel |
Max. 250
1-128: Included 129-250: $0.014/hour per connection |
VpnGw2 | $491.1221/month | 1 Gbps | Max. 30
1-10: Included 11-30: $0.021/hour per tunnel |
Max. 500
1-128: Included 129-500: $0.014/hour per connection |
VpnGw3 | $1,252.8625/month | 1.25 Gbps | Max. 30
1-10: Included 11-30: $0.021/hour per tunnel |
Max. 1000
1-128: Included 129-1000: $0.014/hour per connection |
VpnGw4 | $2,104.809/month | 5 Gbps | Max. 30
1-10: Included 11-30: $0.021/hour per tunnel |
Max. 5000
1-128: Included 129-5000: $0.014/hour per connection |
VpnGw5 | $3,658.3585/month | 10 Gbps | Max. 30
1-10: Included 11-30: $0.021/hour per tunnel |
Max. 10000
1-128: Included 129-10000: $0.014/hour per connection |
NOTE: you only pay for outbound traffic, inbound is free. And different zones are different prices.
Adding a Network Gateway Connection
Now that the Gateway subnets and gateway devices are deployed, we can have a look at these by going to “Virtual Network -> Connected Devices”.
Here we will see the Gateway device is connected to the Gateway subnet.
Gateway Devices
Too see these devices go to the “Resource Group -> Overview” Here you will see the devices in the Resource Group and the gateways will be listed.
Setting up the Network Gateway Connection
In this example we will be setting up a VNet to VNet connection
- Click on the Gateway
- Go to Connections
- Click on Add
- Set your options:
– Give it a name
– Type: VNet-to-VNet
– First Virtual Network Gateway: this is the one that you are in
– Second Virtual Network Gateway: the gateway in the other VNet you created
– Shared Key (PSK): we have to set this and enter it on both gateways so they can communicate
– Set subscription, Resource Group, Location - Click Create
Once deployed you can click on the Connection. Here you can see its status.
NOTE: gateways have some enterprises features over peering, such as: redundancy options, scaling options etc…