In infrastructure, there are many reasons for allowing traffic between virtual networks such as application requirements, backup/DR requirements, replication requirements and so on. If it is internal networks, we can do this using inter-VLAN routing. If it is between networks in different physical locations, we can do it using VPN & Firewalls.
If it is Azure, how we can allow traffic between two virtual networks? Well, there are two options to choose from.
1. Azure VPN Gateways
2. Azure VNET Peering
Azure VPN Gateways
If we are connecting virtual networks over the internet, we have to use VPN gateway option. This is the same for connecting Azure networks with on-premises networks. Also, if the encryption is a requirement, we have to use VPN gateways.
Azure VNET Peering
Azure VNET peering allows connecting virtual networks seamlessly via Azure backbone infrastructure. This is similar to inter-VLAN routing in on-premises networks. The traffic will not pass via the public internet. It provides low latency, high bandwidth connectivity between virtual networks. VNET peering can use to connect virtual networks in the same Azure region or different Azure regions.
In this demo, I am going to demonstrate how to connect two virtual networks using Azure VNET peering.
For the configuration process, I will be using PowerShell. Therefore, please make sure you have an Azure PowerShell module installed. More info about it can find under https://docs.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-2.6.0
Create two resource groups and new virtual networks
As the first part of the configuration, I am going to create two new resource groups and two virtual networks.
1. Launch PowerShell console and connect to Azure using Connect-AzAccount
2. Then create two new resource group using,
New-AzResourceGroup -Name REBELRG1 -Location "East US"
New-AzResourceGroup -Name REBELRG2 -Location "East US"
In the above, REBELRG1 & REBELRG2 are the resource group names and East US is the resource group location.
3. The next step is to create a new virtual network under REBELRG1 resource group.
$vmsubnet = New-AzVirtualNetworkSubnetConfig -Name vmsubnet -AddressPrefix "10.0.2.0/24"
New-AzVirtualNetwork -Name REBELVN1 -ResourceGroupName REBELRG1 -Location "East US" -AddressPrefix "10.0.0.0/16" -Subnet $vmsubnet
In the above, REBELVN1 is the new virtual network name. It has 10.0.0.0/16 address space. It also has a new subnet 10.0.2.0/24 (vmsubnet) for virtual machines.