In this blog post, I will go over,
- What is Azure VNet (Virtual Network) Peering,
- When to use VNet Peering,
- How to implement VNet Peering.
What is Azure Virtual Network (VNet) Peering?
Azure VNet (Virtual Network) Peering enables resources within two separate virtual networks to communicate with one another. Leveraging Microsoft’s backbone infrastructure, the two peered virtual networks will communicate over its own isolated network.
Below we have two Virtual Networks (VNet01 and 02), that have different IP Address spaces. By implementing VNet Peering, the two networks will be able to communicate with one another, as if all resources are in one network. Some notes, VNet Peering is not transitive, ie. If VNet01 and VNet02 are Peered, and VNet02 and VNet03 are Peered. This means, VNet01 and VNet03 cannot communicate with one another. Another note, inbound and outbound traffic in the VNet Peer are $0.01 per GB. Prices are a bit higher for Global VNet Peering. Get the official numbers here, https://azure.microsoft.com/en-us/pricing/details/virtual-network/.
When to use Azure Virtual Network Peering?
As mentioned above, you want to enable Azure VNet Peering when you have two virtual networks that have resources (VMs) in both networks that need to communicate with one another. For example, let’s say you have exhausted 4,000 VM limit within a VNet…
Some of the benefits of VNet Peering is:
- Network traffic between the Peered VNets is private.
- No public Internet, gateway, or encryption is required.
- No downtime when creating the peering.
- Can create VNet Peers outside of a single region.** As of this year, VNet Peering is now expandable between regions, ie. Global VNet Peering. (https://azure.microsoft.com/en-us/updates/global-vnet-peering-region-expansion)
Before you go ahead and implement, there are a few requirements:
- The virtual networks must not have overlapping IP address spaces
- Cannot add or remove IP Address ranges once the VNets have been peered
- Both VNets must be created via ARM (Azure Resource Model) and cannot be deployed via ASM/Classic Portal
- Get the official prerequisites here, https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview.
Finally, how to implement it!
In this example, both of my virtual networks (VNets) are in the same region, Canada Central.
Select VNet01, and select Peering:
Give the Peering a name, “VNet01Peering” and select the other VNet, VNet02.
Give it a few seconds, and it should now be connected to VNet02:
Next, we now need to apply the same concepts to VNet02. So let’s do that now.
Now if we go to the VMs within each of the Virtual Networks, and try to ping another VM in the other VNet, it should now work! Based on the images below, you can see the Ping failed, that was from a previous ping response prior to VNet Peering being implemented.
VM01 in VNet01 trying to Ping VM02 in VNet02; 10.10.10.4 -> 192.168.1.4: 10.10.10.0/24 -> 192.168.1.0/24.
And conversely, the other way around…
VM02 in VNet02 trying to Ping VM01 in VNet01; 192.168.1.4 -> 10.10.10.4 -> : 192.168.1.0/24 -> 10.10.10.0/24.