There are two methods to connect two virtual networks.
1. Azure VPN Gateways
2. Azure VNET Peering
Azure VNET Peering
Azure VNET peering allows connecting virtual networks seamlessly via Azure backbone infrastructure. This is similar to inter-VLAN routing in on-premises networks. The traffic will not pass via the public internet. It provides low latency, high bandwidth connectivity between virtual networks. VNET peering can use to connect virtual networks in the same Azure region or different Azure regions.
Azure VPN Gateways
If we are connecting virtual networks over the internet, we have to use VPN gateway option. This is the same for connecting Azure networks with on-premises networks. Also, if the encryption is a requirement, we have to use VPN gateways. Azure VPN Gateways can use to connect,
• Virtual Networks in the same region
• Virtual Networks in different regions
• Virtual Networks in different subscriptions
If the connection is over the public internet, it is not possible to guarantee the uptime as it depends on many facts. By using Active-Active Azure VPN gateways to improve the high availability of the VNet-to-VNet connections. This is important if you connecting the virtual network between different Azure regions. We also can use Active-Active Azure VPN gateways with cross-premises VPN connections.
In Active-Active Azure VPN gateway setup,
• There are two Gateway IP configurations with two public IP addresses for one VPN gateway. This allows initiating full-mesh connectivity between two virtual networks.
• VPN gateway SKU must be VpnGw1, VpnGw2, VpnGw3, or HighPerformance
• Supported to use BGP
In this demo, I am going to demonstrate how we can establish VNet-to-VNet connectivity between two Azure regions via Active-Active Azure VPN gateways.
In this demo setup, I got two virtual networks in East US and UK South region. As shown above, I am going to establish a fully mesh connectivity between two virtual networks.
For the configuration process, I will be using PowerShell. Therefore, please make sure you have an Azure PowerShell module installed. More info about it can find under https://docs.microsoft.com/en-us/powershell/azure/install-az-ps?view=azps-3.8.0
Create Active-Active Azure VPN Gateway in East US
Create a resource group in East US
The first step of the configuration is to create a new resource group in East US.
To do that,
1. Launch PowerShell console and connect to Azure using Connect-AzAccount
2. Create a new resource group using New-AzResourceGroup -Name REBELRG1 -Location “East US”. Here REBELRG1 is RG group name and East US is the location.
Create a virtual network
The next step is to create a new virtual network under REBELRG1 resource group.
$subn1 = New-AzVirtualNetworkSubnetConfig -Name VMNet1 -AddressPrefix 10.0.0.0/24
$gwsubn1 = New-AzVirtualNetworkSubnetConfig -Name “GatewaySubnet” -AddressPrefix 10.0.255.0/27
New-AzVirtualNetwork -Name EUSVnet1 -ResourceGroupName REBELRG1 -Location “East US” -AddressPrefix 10.0.0.0/16 -Subnet $subn1,$gwsubn1
EUSVnet1 address space is 10.0.0.0/16. It is a class B IP address range. We do not need the entire range for workloads. Therefore, I am going to create two small subnets under it.
• VM Network – 10.0.0.0/24
• Gateway subnet – 10.0.255.0/27
In the above, VM network is going to use for virtual machines and Gateway Subnet is going to use for the VPN gateway setup.
Virtual Network Gateway can only be created in a subnet with name ‘GatewaySubnet’