Azure, Technology

20. Implement and Manage Virtual Networking

Contents

Introduction to VNet Peering

By default, a VM on one VNet cannot communicate with a VM on another VNet.

You can setup peering relationship between the 2 networks to allow them to communicate.

Peering must be setup to work in both directions

Setting up Peering

In this example we will setup the connection between the Virtual Networks: vSydney and vMelbourne

  1. Go to the vSydney Vnet
  2. Go to Peering’s
  3. Click on Add
  4. Set your options:
    – Name of peering from vSyndey to vMelbourne
    – If you want to connect to a Vnet across subscriptions, you can select to use the Resource ID
    – Select the Subscription
    –  Set the Virtual Network: vMelbourne
    – Set the name of the reverse connection: vMelbourne to vSydney
    – Configure Virtual Network Access Settings: here is where you change the options if you only want the traffic to flow in one direction
    – Configure forwarded traffic settings: here you can set if forwarded traffic can be passed between the VNets. EG: if there is peering setup between vCanberra and vSydney, should traffic from vCanberra be able to communicate with vMelbourne through vSydney
  5. Click OK
  6. This will create both peering relationships

 

Configure Global Peering

In this example we will setup peering between the already peered Australian networks (vMelbourne and vSyndey) and a virtual network in Japan – vTokyo (which is obviously a different region).

Chaining Relationship

Using the same method as above, setup peering between vMelbourne and vTokyo. The virtual networks vMelbourne and vTokyo can now communicate, but vSyndey cant communicate with vtokyo. To allow this to work we can enable “Forwarded traffic” on the peering networks.

Peering Pricing

Virtual networks are free to setup, but you have to pay for peering.

VNET Peering within the same region

Inbound data transfer $0.014 per GB
Outbound data transfer $0.014 per GB

Global VNET Peering

  Zone 1 Zone 2 Zone 3 US Gov
Inbound data transfer $0.049 per GB $0.124 per GB $0.220 per GB $0.061 per GB
Outbound data transfer $0.049 per GB $0.124 per GB $0.220 per GB $0.061 per GB

From <https://azure.microsoft.com/en-au/pricing/details/virtual-network/>

 

Azure-to-Azure  Virtual Network Gateway

Using a network gateway is another way to allow devices on different virtual networks to communicate. A Virtual Network Gateway can be used for:

  • Site to site connection between on premise network and Azure virtual network
  • Connection between two Azure virtual networks

Creating Gateway Subnet

To connect two virtual networks using a network gateway, you have to have a gateway subnet in each of the networks.

  1. Go to the Virtual Network -> subnets
  2. Click Add Gateway Subnet
  3. Configure the options:
    – Name: this is set by Azure (GatewaySubnet)
    – Address range: this is auto populated with an address range for the virtual network for the virtual network
  4. Click Create

Add Network Gateway Device

In order to use the network you have to have a Gateway device in the Gateway subnet. To do this:

  1. Go to the Marketplace and search for “Virtual Network Gateway”
  2. Click on Create
  3. Set your options:
    – Name: give the device a name, EG: vnetgateway
    – Region: this should be the same as your virtual network
    – Gateway type: VPN
    – Virtual Network: the network that you created the Gateway subnet in
    – Gateway subnet address range: it should pick this up automatically from the Gateway subnet
    – Public IP Address: create new (If you don’t already have one to use
  4. Click Create

 

VPN Gateways

“Setting up a virtual network is free of charge. However, we do charge for the VPN gateway that connects to on-premises and other virtual networks in Azure. This charge is based on the amount of time that the gateway is provisioned and available.”

From <https://azure.microsoft.com/en-au/pricing/details/vpn-gateway/>

VPN Gateway Type Price Bandwidth S2S tunnels P2S tunnels
Basic $36.09/month 100 Mbps Max. 10

1-10: Included

Max. 128

1-128: Included

VpnGw1 $190.4351/month 650 Mbps Max. 30

1-10: Included

11-30: $0.021/hour per tunnel

Max. 250

1-128: Included

129-250: $0.014/hour per connection

VpnGw2 $491.1221/month 1 Gbps Max. 30

1-10: Included

11-30: $0.021/hour per tunnel

Max. 500

1-128: Included

129-500: $0.014/hour per connection

VpnGw3 $1,252.8625/month 1.25 Gbps Max. 30

1-10: Included

11-30: $0.021/hour per tunnel

Max. 1000

1-128: Included

129-1000: $0.014/hour per connection

VpnGw4 $2,104.809/month 5 Gbps Max. 30

1-10: Included

11-30: $0.021/hour per tunnel

Max. 5000

1-128: Included

129-5000: $0.014/hour per connection

VpnGw5 $3,658.3585/month 10 Gbps Max. 30

1-10: Included

11-30: $0.021/hour per tunnel

Max. 10000

1-128: Included

129-10000: $0.014/hour per connection

 

NOTE: you only pay for outbound traffic, inbound is free. And different zones are different prices.

 

Adding a Network Gateway Connection

Now that the Gateway subnets and gateway devices are deployed, we can have a look at these by going to “Virtual Network -> Connected Devices”.
Here we will see the Gateway device is connected to the Gateway subnet.

Gateway Devices

Too see these devices go to the “Resource Group -> Overview” Here you will see the devices in the Resource Group and the gateways will be listed.

Setting up the Network Gateway Connection

In this example we will be setting up a VNet to VNet connection

  1. Click on the Gateway
  2. Go to Connections
  3. Click on Add
  4. Set your options:
    – Give it a name
    – Type: VNet-to-VNet
    – First Virtual Network Gateway: this is the one that you are in
    – Second Virtual Network Gateway: the gateway in the other VNet you created
    – Shared Key (PSK): we have to set this and enter it on both gateways so they can communicate
    – Set subscription, Resource Group, Location
  5. Click Create

Once deployed you can click on the Connection. Here you can see its status.

NOTE: gateways have some enterprises features over peering, such as: redundancy options, scaling options etc…

Leave a Reply

Your email address will not be published. Required fields are marked *