A naukri.com initiative
Dev
4w
178
Image Credit: Dev
Configuring Virtual Network Peering in Azure
- Virtual network peering enables us to connect two or more virtual networks in Azure, whether they are in the same Azure region or not. The traffic between peered virtual networks is private, and they appear as one for connectivity purposes.
- Azure supports two types of virtual network peering- Virtual Network Peering and Global virtual network peering. Virtual Network Peering is where you connect virtual networks within the same Azure region. Global virtual network peering is where you connect virtual networks across Azure regions.
- Virtual network peering gives us a low-latency, high-bandwidth connection between Azure resources that are deployed between different virtual networks. It gives us the ability to securely transfer data between between virtual networks across Azure subscriptions, regions, even Microsoft Entra tenants.
- Peering doesn't inflict any extract restrictions on bandwidth within the peering. We can apply network security groups (NSGs) in either virtual network to block access to other virtual networks or subnets.
- After peering, one can resize the address space of virtual networks without incurring any downtime. This works for both IPv4 and IPv6 address spaces.
- We can use service chaining to direct traffic from one virtual network to a gateway or virtual appliance and vice versa. This helps in deploying hub-and-spoke networks.
- Peering between virtual networks allows the next hop in a User Defined Route (UDR) to be the IP address of a virtual machine in the peered virtual network or a VPN gateway. We can't do this if the UDR specifies that the next hop is an Azure ExpressRoute gateway.
- If virtual networks are peered globally, resources in one virtual network won't be able to communicate with the frontend IP address of a basic load balancer (whether it's public or internal). Services that use a basic load balancer won't work over global virtual network peering.
- In summary, with just a few lines of Bicep, you can create two virtual networks and configure regional VNet peering between them so that resources in one virtual network can communicate with resources in the other without doing so over the public internet.
- Understanding how peering works in Azure virtual networks is important, especially when it comes to designing landing zones and figuring out how various resources across different networks, subscriptions, regions etc. will communicate with each other safely.
Read Full Article
10 Likes
For uninterrupted reading, download the app