How To Configure Virtual Network Peering in Azure

In this tutorial, I will be guiding you on how to set up a virtual network peering in Azure. Why do we need to set up the virtual network peering? When we have different virtual networks with resources in each network and we need the resources in those different networks to communicate with each other over a low-latency, high-bandwidth connection using the Microsoft backbone network.

When we are done creating the virtual network peering it will enable us to connect two or more Virtual Networks in Azure and the resources in those networks will communicate with each other.

What is Azure Virtual Network?

Azure Virtual Network is the fundamental building block for your private network in Azure. A virtual network enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the internet, and on-premises networks. A virtual network is similar to a traditional network that you’d operate in your own data center. An Azure Virtual Network brings with it extra benefits of Azure’s infrastructure such as scale, availability, and isolation.

Virtual Network Peering?

Virtual network peering links virtual networks, enabling you to route traffic between them using private IP addresses. Ingress and egress traffic is charged at both ends of the peered networks.

Supported Peering in Azure;

Virtual network peering: Connecting virtual networks within the same Azure region.

Global virtual network peering: Connecting virtual networks across Azure regions.

Build in the cloud with an Azure free account

Are you ready to follow along with this tutorial? If your answer is Yes! Then click here to register for Azure Subscription.

Virtual Network pricing

Virtual Network in Azure is free of charge. Every subscription can create up to 50 Virtual Networks across all regions. Inbound and outbound traffic is charged at both ends of the peered networks. Network appliances such as VPN Gateway and Application Gateway that are run inside a virtual network are also charged.

Click the link to read more: Virtual Network Pricing | Microsoft Azure

Overview

We will be creating two virtual networks and we will be naming them abcofcloudVNetHQ and abcofcloudVNetBranch, after creating the virtual networks, we will then create two virtual machines named VM1 and VM2. VM1 will be placed in a subnet in abcofcloudVNetHQ and VM2 will be placed in a subnet in abcofcloudVNetBranch.

Creating a Virtual Network

We will start with creating the abcofcloudVNetHQ.

Step 1: Sign into the Azure Portal.

Step 2: Search for virtual network in the Azure portal search box.

Step 3: In the search results, select virtual network right under Marketplace.

vnet-peering-azure

Step 5: Under the Basics tab, choose the Subscription you want to use for this virtual network.

Step 6: A Resource group can be selected from the existing resource group, or a new resource group can be created by clicking on Create new. We will be using the abcofcloudRG for this tutorial.

Step 7: Enter a preferred name for the virtual network, for this tutorial, we will be naming the virtual network abcofcloudVNetHQ.

Step 8: Choose a preferred location for the virtual network, by clicking on the drop-down and selecting the region you prefer, and then clicking on Next at the bottom, we will be using the UK South for this tutorial.

For this tutorial, we will leave the Security tab with the default settings and click on Next.

vnet-peering-azure1

We will be using the 172.20.0.0/16 for our address space and for the subnet, we will be using 172.20.0.0/24 for the Subnet Address range.

Step 9: Click on the 3 dots beside the Add a subnet and then click on the Delete address space.

vnet-peering-azure2

Step 10: click on the Add an IP address space, and select the IPv4 with the Starting address as 172.20.0.0, the Address space size will be /16 (65536 addresses) then click on Add.

vnet-peering-azure-abcofcloud.cloud1

Step 11: Select the + Add a subnet button and enter the HQSubnet1 for the Subnet Name and the Starting address as 172.20.0.0 with the Subnet size as /24 (256 addresses) and then click on Add.

vnet-peering-azure-abcofcloud.cloud2

Once that is done click on Review + Create and select Create.

vnet-peering-azure-abcofcloud.cloud3

What we need to do next is create the second Virtual Network which is abcofcloudVNetBranch using the same procedure from Step 1 to Step 11 but we just need to make a few changes.

Resource group: abcofcloudRG

Virtual network name: abcofcloudVNetBranch

Region: UK South

IP Address space: 172.22.0.0/16

Subnet name: BranchSubnet1

Starting Address: 172.22.0.0

Subnet size: /24 (256 addresses).

Bonus: After creating both virtual networks, in the search box at the top type Network Watcher and on the Network Watcher page click on Topology. Select the Subscription and the Resource Group, you will see both virtual networks and their subnets, but once the peering is added you will see a line showing the peering has been added.

vnet-peering-azure-abcofcloud.cloud

 

Creating a Virtual Network Peer

This is the point where we will peer the virtual networks, for us to do that we need to locate the virtual network we created. We can either do this by going to the Resource group “abcofcloudRG” or using the search box.

Step 1: Search for abcofcloudVNetHQ in the Azure portal search box and select it.

vnet-peering-azure-abcofcloud.cloud4

Step 2: On the abcofcloudVNetHQ virtual network page, click on Peerings Under the Settings area and then click on + Add.

vnet-peering-azure-abcofcloud.cloud6

Once that is done, we need to add peering from this virtual network “abcofcloudVNetHQ” to the remote virtual network “abcofcloudVNetBranch”.

Step 3: Now that we are on the Add peering page, we need to choose a preferred name for the peering link name for this virtual network, and for this tutorial, I will be using the abcofcloudVNetHQ-to-abcofcloudVNetBranch.

Step 4: Since the goal is to allow resources in both virtual networks to communicate, for Traffic to remote virtual network, I will leave it on Allow(default), and for Traffic forwarded from a remote virtual network, I will leave it on Allow(default).  The Virtual network gateway or Route Server will be None(default).

Step 5: Now it is time to give a preferred name to the Remote virtual network peering link name, you will see the name I will be using is the reverse name of the virtual network peering link name, because we are going to be deciding how the remote virtual network should handle the communication. The preferred name I will be using for this tutorial is abcofcloudVNetBranch-to-abcofcloudVNetHQ.

The Virtual network deployment model will be Resource manager, we won’t be using the resource ID for this tutorial instead, we will select the subscription of the virtual network we wish to peer.

Step 6: We will then select the Virtual network from the drop-down which is abcofcloudVNetBranch.

Every other thing will be left as default same way we did earlier and then we click on Add.

vnet-peering-azure-abcofcloud.cloud7

Note: The remote virtual network can be in the same region of abcofcloudVNetHQ or in a different region.

Once the Add button is selected the peering status will be showing updating and this will take a few minutes, if it doesn’t change, click on the Refresh button at the top, beside the + Add button and it will change to Connected.

vnet-peering-azure-abcofcloud.cloud

 

vnet-peering-azure-abcofcloud.cloud

 

Note: You can search for the virtual network abcofcloudVNetBranch and on the virtual network page click on Peerings, you will also find the peering that was added with Peering status Connected.

vnet-peering-azure-abcofcloud.cloud

Bonus: Let’s use the Network Watcher and see what has been added, you will notice there is now a line showing a peering between both virtual networks.

vnet-peering-azure-abcofcloud.cloud

 

I am glad you were on this to this point, the fun part is for us to confirm if everything is working fine, and this will mean creating a Virtual Machine (VM) in both virtual networks and then trying to ping VM1 from VM2 in another virtual network.

At this point I will go get a cup of water; you too can take a little break if you wish to.

Welcome back from the break, so it’s time to create a VM, I won’t be going in-depth on how to create a VM, but I will be showing you how I will add the VM to the subnet in each of the virtual networks.

Creating a Virtual Machine

Step 1: In the search box in the Azure portal type Virtual Machine and then click on Virtual Machine under Marketplace.

vnet-peering-azure-vm-abcofcloud.cloud

Step 2: We will choose our preferred Subscription,

Resource group: abcofcloudRG

Virtual machine name: VM1

Region: UK South

Image: Windows Server 2022 Datacenter – x64 Gen2

Size: Standard_DS1_v2

Username: abcofcloud

Password: Enter a password of your choosing. The password must be at least 12 characters long and meet the defined complexity requirements.

Public inbound ports: Allowed selected ports.

Select inbound ports: RDP (3389)

Step 3: Click on Next: Disks and leave everything on the Disk tab as default, and then Click on Next: Networking.

vnet-peering-azure-vm-abcofcloud.cloud

vnet-peering-azure-vm-abcofcloud.cloud

Step 4: On the Networking tab;

Virtual network: abcofcloudVNetHQ

Subnet: HQSubnet1 (172.20.0.0/24)

Public IP: (new) VM1 -ip

NIC network security group: Basic

Public inbound ports: Allow selected ports

Select inbound ports: RDP (3389)

Click on Review + Create to validate and then click on Create.

vnet-peering-azure-vm-abcofcloud.cloud

Step 5: We will be creating the second Virtual Machine called VM2 but the VM will be placed in the abcofcloudVNetBranch virtual network. Repeat the steps from Step 1 to Step 4

Virtual machine name: VM2

Virtual network: abcofcloudVNetBranch

Subnet: BranchSubnet1 (172.22.0.0/24).

Bonus: Let’s take a look at Network Watcher and see what it looks like, you will see the VM1 and VM2 in the different virtual networks.

vnet-peering-azure-vm-abcofcloud.cloud

Virtual Machine communication check

The method we will use to confirm the communication between both VMs is to ping the private IP of VM2 from VM1 and also try to connect to VM2 from VM1 using the private IP of VM2.

Step 1: Search for VM1 using the search box in the Azure portal and then click on VM1.

vnet-peering-azure-vm-abcofcloud.cloud

Step 2: On the VM1 page click on Connect and Select RDP.

Step 3: For the IP address, select the Public IP address and then Download RDP File.

vnet-peering-azure-vm-abcofcloud.cloud

Step 4: Open the downloaded RDP file and click on connect if prompted.

vnet-peering-azure-vm-abcofcloud.cloud

Step 5: Enter the username and password you specified when creating yours and when we get a warning about the certificate, we will select Yes and continue with the connection.

vnet-peering-azure-vm-abcofcloud.cloud

We will repeat from Step 1 to Step 5 for VM2 so we can connect to VM2.

Note: We will test communication using ping from VM1 to VM2. Ping uses the Internet Control Message Protocol (ICMP). By default, the Windows Firewall blocks ICMP Echo Requests (Pings) from the network. And they’re different ways to allow it but for this tutorial, We will be using the PowerShell cmdlet to enable ICMP on VM2.

Allowing ICMP through the Windows Firewall for production deployment isn’t recommended.

Step 6:  Enable ICMP on VM2 using the PowerShell cmdlet without the quote “New-NetFirewallRule –DisplayName “Allow ICMPv4-In” –Protocol ICMPv4”.

vnet-peering-azure-vm-abcofcloud.cloud

Step 7: From VM1 open the command prompt and type “ping 172.22.0.4” without the quote, this (172.22.0.4) is the private IP address for VM2.

vnet-peering-azure-vm-abcofcloud.cloud

Step 8: In VM1 beside the Start Menu, we will search for Remote Desktop Connection and click on it.

vnet-peering-azure-vm-abcofcloud.cloud

Step 9: We are going to type in the Private IP of VM2 (172.22.0.4) and click on Connect.

vnet-peering-azure-vm-abcofcloud.cloud

Step 10: We will input the username and password and then click on Ok. When we get a warning about the certificate, we will select Yes and continue with the connection.

vnet-peering-azure-vm-abcofcloud.cloud

We can now confirm that both resources in different virtual networks can communicate.

vnet-peering-azure-vm-abcofcloud.cloud
This is an image showing VM1 connect to VM2 using the Private IP Address

Thank you for your time, I will proceed with disconnecting the RDP sessions and the resource group used for this tutorial will be deleted. I hope you do the same after testing.

References;

Azure Virtual Network peering | Microsoft Learn

Create a virtual network peering between different subscriptions – Azure Virtual Network | Microsoft Learn

Tutorial: Connect virtual networks with VNet peering – Azure portal | Microsoft Learn

Azure Virtual Network FAQ | Microsoft Learn

2 thoughts on “How To Configure Virtual Network Peering in Azure”

Leave a Comment

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners. View more
Cookies settings
Accept
Decline
Privacy & Cookie policy
Privacy & Cookies policy
Cookie name Active

Who we are

Suggested text: Our website address is: https://abcofcloud.com.

Comments

Suggested text: When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service Privacy Policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

Suggested text: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

Suggested text: If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year. If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select "Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed. If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

Suggested text: If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

Suggested text: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue. For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

Suggested text: If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where your data is sent

Suggested text: Visitor comments may be checked through an automated spam detection service.
Save settings
Verified by MonsterInsights