Table of Contents
Virtual Network (VNet) Peering in Azure is a mechanism that connects two networks seamlessly, allowing resources in either network to communicate with each other as if they were in the same network. By using virtual network peering, administrators can establish low-latency, high-bandwidth connections between resources in different virtual networks. This feature is valuable for scenarios where you need to maintain segregated networks for management or security purposes, yet allow controlled access between them.
Azure Virtual Network (VNet) peering is a non-transitive, one-to-one relationship between two VNets that allows them to communicate using the Azure backbone network. Once peered, resources in either VNet can communicate with each other using private IP addresses. There are two types of peering:
When configuring VNet peering, there are several steps and considerations:
Ensure that the IP address spaces for both VNets do not overlap. Peering cannot be established if the address spaces conflict.
You create a peering for each VNet and point it to the other VNet. Here’s an example using PowerShell:
<powershell>
# VNet1 Configuration
$VNet1 = Get-AzVirtualNetwork -Name VNet1 -ResourceGroupName ResourceGroup1
$VNet2 = Get-AzVirtualNetwork -Name VNet2 -ResourceGroupName ResourceGroup2
Add-AzVirtualNetworkPeering -Name LinkVNet1ToVNet2 -VirtualNetwork $VNet1 -RemoteVirtualNetworkId $VNet2.Id
Add-AzVirtualNetworkPeering -Name LinkVNet2ToVNet1 -VirtualNetwork $VNet2 -RemoteVirtualNetworkId $VNet1.Id
</powershell>
After configuring peering, check the peering status to confirm that it’s connected. This can be done via the Azure Portal or PowerShell.
Consideration | Description |
---|---|
Cost | While VNet peering does not have a base cost, there is a charge for outbound data transfer across peering connections. |
Service Limits | Azure imposes limits on the number of peered connections a VNet can have. These are outlined in Azure’s documentation and can be increased by a support request. |
Traffic Flow | Traffic between peered VNets flows bi-directionally. However, if needed, you can modify Network Security Groups (NSGs) to control traffic flow. |
Transitive Relationships | VNet peering is not transitive. To connect multiple VNets, each VNet must be peered with each other VNet in the network topology. |
Subscription and Management | Peering can be done across subscriptions and between tenants, provided they’re associated with the same Active Directory tenant, or RBAC permissions are configured appropriately. |
After creating a VNet peering, you can manage the peering settings to customize the network connectivity to suit your requirements:
In conclusion, virtual network peering is a highly efficient and secure way to connect Azure networks. Azure administrators can leverage VNet peering to enhance connectivity and simplify network designs while maintaining proper security and isolation as needed. Whether you’re preparing for the AZ-104 Microsoft Azure Administrator exam or working with Azure VNets in a professional setting, understanding how to create, configure, and manage VNet peering is an essential skill.
Answer: A) True
Explanation: Virtual network peering enables resources in different virtual networks to communicate with each other as if they were in the same network. This can be done across Azure regions without using gateways.
Answer: B) False
Explanation: The peered networks must have non-overlapping address spaces, as address space sharing is not allowed in virtual network peering.
Answer: B) Non-overlapping address spaces in both virtual networks
Explanation: To establish virtual network peering, both virtual networks should have non-overlapping IP address spaces.
Answer: B) False
Explanation: Even after peering, virtual networks maintain their separate address spaces, and IP address conflicts are not allowed.
Answer: B) False
Explanation: Virtual network peering connections are bi-directional; however, they must be initiated from one network and then accepted from the other network but do not need to be set up separately for each direction.
Answer: B) System routing
Explanation: System routing is used by default, enabling resources in peered virtual networks to communicate with each other directly, not through the internet or a gateway.
Answer: A) True
Explanation: Virtual network peering can be configured between virtual networks in the same Azure subscription or across different Azure subscriptions.
Answer: B) No
Explanation: Virtual network peering is specific to Azure virtual networks. Connectivity between an Azure VNet and an on-premises network requires a VPN or ExpressRoute, not peering.
Answer: A) True
Explanation: Virtual network peering supports transit routing, where a peered virtual network can route traffic to a third virtual network through a hub virtual network.
Answer: B) They are immediately disconnected.
Explanation: Once the virtual network peering is removed, any established connections between resources in the previously peered networks are immediately disconnected.
Answer: A) Azure Network Contributor
Explanation: The Azure Network Contributor role allows users to manage virtual networks, including setting up peering connections.
Answer: B) False
Explanation: Traffic between peered virtual networks is not encrypted by default. Encryption can be enabled by implementing encryption solutions at the application level or by using VPN or ExpressRoute with encryption options.
Virtual network peering is a feature in Azure that allows you to connect virtual networks in different regions or subscriptions to create a single network infrastructure.
Using virtual network peering enables the sharing of resources across virtual networks, enables cross-region deployments, and simplifies network management.
To create virtual network peering in Azure, you must first create the virtual networks you want to peer, navigate to the virtual network peering section, create a new peering, and configure the peering settings.
Yes, virtual network peering can be used to connect virtual networks across different regions.
Yes, virtual network peering can be used to connect virtual networks across different Azure subscriptions.
Yes, virtual network peering is available in all Azure deployment models, including the Azure Resource Manager, classic, and global models.
Depending on the deployment model, the configuration and management process for virtual network peering may differ slightly. Refer to the Azure documentation for more information on configuring virtual network peering in different deployment models.
Yes, virtual network peering can be modified or deleted after it is created.
The requirements and constraints for virtual network peering in Azure include virtual network address space constraints, routing requirements, and security considerations.
Yes, you can limit the traffic between peered virtual networks by configuring the peering settings to allow only specific traffic types.
You can verify the connection between peered virtual networks using the Azure Portal or the Azure CLI.
No, virtual network peering is only used to connect virtual networks in Azure.
No, virtual network peering cannot be used to connect two virtual networks with overlapping IP addresses.
The maximum number of peered virtual networks in Azure is 500.
A peering transit route in Azure allows you to route traffic between multiple peered virtual networks through a single transit virtual network.
If this material is helpful, please leave a comment and support us to continue.