So what is vNet peering? Well, basically it is a way to connect two vNets over the backbone of Azure’s network rather than creating an Azure VPN Gateway between the two. Some good points about using vNet peering over a Gateway is the cost saving, bandwidth limitations and latency. vNet peering also fully supports, NSG (Network Security Groups), NVA (Network Virtual Appliances), UDR (User defined Routes), Internal Load Balancers, and probably more.
Now to the good bit, the step by step guide to setting it up.
Before you can setup the vNet peer you need to have at least two networks and they can even be in different subscriptions. You can even do vNet peering across Azure regions. This is called Global vNet Peering. The basic rule of thumb is as long as each vNet has different subnets, then you are all good.
For this step by Step guide, I have two VM’s in two different networks and they are:
VM 1: Pixel1
Network 1: Pixel1
Subnet: 192.168.100.0/24
Location: UK South
VM 2: Pixel2
Network 2: Pixel2
Subnet: 10.2.0.0/24
Location: East US
Configure vNet peering using the Azure Portal
First vNet
If you log in to one of the VM’s and try to ping the other you will get Request timed out
Now Navigate to your first vNet in the Azure portal.
Now click on Peerings on the left hand side.
Click Add
In the new blade enter a Name for this peering, select the Subscription that the other vNet is in. Then Select the Virtual Network.
Under the Configuration section make sure Enabled is selected if you want to allow communication between the two vNets. This allows the peer virtual network address space to be included as part of the Virtual_Network tag in NSG’s.
The next three checkboxes do the following.
Allow forwarded traffic – This allows the peer’s forwarded traffic (traffic not originating from inside the peer virtual network) into your virtual network.
Allow gateway transit – This allows the peer virtual network to use your virtual network gateway. The peer network cannot already have a gateway configured, and must select use remote gateway in its peering settings.
Use remote gateway – You will need to select this option if you wish to use your peer’s virtual network gateway. The peer virtual network must have a gateway already configured and have Allow gateway transit ticked. You can not use this setting if you already have a gateway ticked.
Once you have configured as you require, click OK
You will now see that the peering has been created and is in the Initiated status.
You have now set up the first part of the peering. You will need to set up the other vNet in order for the peering to connect.
Second vNet
Navigate to your second vNet and click Peerings.
Click Add
In the new blade enter a Name for this peering, select the Subscription that the other vNet is in. Then Select the Virtual Network.
Under the Configuration section make sure Enabled is selected if you want to allow communication between the two vNets. This allows the peer virtual network address space to be included as part of the Virtual_Network tag in NSG’s.
Once you have configured as you require, click OK
After a short while, you will see that the Perring Status now says Connected
If you jump back to your virtual machine you should now be able to ping the other one after you have allowed it through the firewall. To do that use the following PowerShell command.
| New-NetFirewallRule -DisplayName "Allow ICMPv4-In" -Protocol ICMPv4 |
The PowerShell Way
Open up the Cloud Shell making sure it’s running in the PowerShell mode and use the following PowerShell commands. Just make sure you change the names to yours.
| $vnet1Name = 'Pixel1' | |
| $vnet1RG = 'Pixel1' | |
| $vnet2Name = 'Pixel2' | |
| $vnet2RG = 'Pixel2' | |
| $vnet1 = Get-AzureRmVirtualNetwork -Name $vnet1Name -ResourceGroupName $vnet1RG | |
| $vnet2 = Get-AzureRmVirtualNetwork -Name $vnet2Name -ResourceGroupName $vnet2RG | |
| Add-AzureRmVirtualNetworkPeering -Name $vnet1Name'-to-'$vnet2Name -VirtualNetwork $vnet1 -RemoteVirtualNetworkId $vnet2.Id | |
| Add-AzureRmVirtualNetworkPeering -Name $vnet2Name'-to-'$vnet1Name -VirtualNetwork $vnet2 -RemoteVirtualNetworkId $vnet1.Id |
As you can see the PowerShell method is rather easy.
I hope you found this article helpful. If you have any questions please let me know by the usual methods.
5 Comments
Agnel Amodia · September 27, 2018 at 12:43 am
Hey…Could we please use the different naming conventions for VM and Network Such as
VM 1: Pixel1VM
Network 1: Pixel1NW
VM 2: Pixel2VM
Network 2: Pixel2NW.
It will be really helpful to differentiate in powershell. Thanks.
Pixel Robots. · September 27, 2018 at 7:00 am
Hey, thanks for the comment. You can use any names you like. I just used them in this example. Going forward I will make sure they are more clear.
Thanks again
Tony · March 20, 2019 at 2:35 pm
Great article and website – thanks for putting this together. Can i confirm, if the 2 networks that are to be peered are in separate subscriptions, i presume i have to “federate” so that my account has access to both subscriptions?
Pixel Robots. · March 20, 2019 at 2:46 pm
Are your subscriptions in the same tenant? If they are then no you do not.
Azure Network Services - Vegibit · October 7, 2021 at 4:39 pm
[…] Setting Up Azure Vnet Peering (pixelrobots.co.uk) […]