Currently I’m working on AZ-102 certification and I wanted to share with you a small lab I created to try Azure virtual network and especially remote gateway. To create a Hub-and-Spoke topology, you need that each spoke virtual network communicates through the hub virtual network. To implement this kind of solution, you need several virtual networks and peering. I would like to implement the following solution:
All VMs must be able to communicate through NE01-VMProject1 which is the hub. A peering will be established between NE01-NET – NE02-NET and NE01-NET – NE03-NET. To prepare this topic, I’ve already created the following resources:
- Resource groups
- Virtual machines
- Virtual networks
As you can see below, the VM NE01VM1 is connected to NE01-NET virtual network with the IP 10.11.0.4.
The VM NE02VM1 is connected to NE02-NET virtual network with the IP 10.12.0.4.
Because no peering is created, a VM cannot ping another:
Create the peering
First, I edit Peerings from NE02-NET.
I call it NE02-NET-NE01-NET and I select the virtual network NE01-NET. For the moment, I leave default configuration.
From NE01-NET virtual network, I do the same thing to peer it to NE02-NET. I leave also the default configuration for the moment.
When peers are created, you should get the peering status to Connected.
Now, VM from NE01-VMProject1 and NE02-VMProject2 are able to communicate:
So, I create the peers between NE03-VMProject3 and NE01-VMProject1. I repeat the same steps as previously. I create a peer from NE01-NET to connect to NE03-NET.
Then I create a peer from NE03-NET to connect to NE01-NET.
From this point, VMs from NE03-VMProject3 are able to communicate with NE01-VMProject1 VMs and VMs from NE02-VMProject2 can ping VM from NE01-VMProject1. However, VM from NE03-VMProject3 can’t communicate with NE02-VMProject2 because gateway and routes are missing:
Create virtual gateway and route tables
First, create a virtual gateway in your hub network (NE01-NET) with the following settings. The gateway takes the 4th IP address in gateway subnet. You need this information for later. So, in this example, the internal IP address of this virtual network gateway is 10.11.1.4.
Then in NE02-VMProject2 and NE03-VMProject3, create a route table resource with the following settings:
Now, navigate in route table resource and click on Routes. Click on Add.
Configure the route as the following:
Route Name | Address prefix | Next hop type | Next hop address | |
NE02-NET-ROUTE | To-NE03-NET | 10.13.0.0/16 | Virtual appliance | 10.11.1.4 |
NE03-NET-ROUTE | To-NE02-NET | 10.12.0.0/16 | Virtual appliance | 10.11.1.4 |
Now, click on Subnet and Associate.
Associate the NE02-NET-ROUTE to NE02-NET virtual network and NE03-NET-ROUTE to NE03-NET.
Configure hub peers
Now we need to allow gateway transit in each hub peer. Open each peering configuration in NE01-NET and Allow gateway transit as below.
Configure spoke peers
In each spoke peer (NE02-NET and NE03-NET), enable Use remote gateways option.
Wait a few minutes and then all VMs should be able to communicate.
Cool post, thanks!
Side question:
Why don’t you enforce HTTPS? You obviously support it, so I’m curious why you haven’t flipped the switch to redirect all HTTP to HTTPS.
Sorry I don’t understand your question, where do you see HTTPS in this post ?