2.9 Virtual Network Peering

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
18 hours 43 minutes
Difficulty
Intermediate
CEU/CPE
9
Video Transcription
00:00
>> Welcome back. In this episode,
00:00
we're going to talk about Virtual Network Peering.
00:00
We've mentioned this a few times in previous episodes,
00:00
so let's dive in a little bit
00:00
and learn some more about it.
00:00
My objectives include,
00:00
understanding Network Peering concepts,
00:00
and then jumping out to our Azure portal
00:00
to look at a Network peering demo.
00:00
Now I've mentioned Network Peering quite a few times,
00:00
so there shouldn't be too much to cover.
00:00
Network Peering allows
00:00
connecting virtual networks together.
00:00
Remember that subnets inside
00:00
a virtual network automatically have connectivity,
00:00
but different virtual networks do not.
00:00
Creating a peering connection
00:00
between two virtual networks will allow
00:00
resources in those different networks
00:00
to communicate with each other.
00:00
You can connect virtual networks
00:00
together that are in the same Azure region,
00:00
or different Azure regions.
00:00
This allows connecting your virtual networks
00:00
together across the globe.
00:00
These peering connections run over the Azure backbone,
00:00
so they are low latency,
00:00
have high bandwidth, and are private and secure,
00:00
since they do not traverse the public Internet.
00:00
VNet peering allows us to create
00:00
complex network topology,
00:00
and we can use different Azure
00:00
network resources to build them.
00:00
You can use a combination of user-defined routes,
00:00
and network security groups to control
00:00
traffic going to and from the peered virtual networks.
00:00
For example, you can use
00:00
user-defined routes to send traffic to
00:00
a specific virtual machine in the peered network
00:00
by defining it as the next top IP address,
00:00
or send it to a virtual network gateway.
00:00
Sending traffic from one network to a virtual appliance
00:00
or a network gateway in
00:00
a peered connection is called service chaining.
00:00
We can also build Hub and Spoke network topologies.
00:00
The hub or central network,
00:00
can host Network Virtual appliances
00:00
like a load balancer or a firewall,
00:00
or even a VPN gateway.
00:00
All the Spoke networks would connect to
00:00
the network through the peering connections.
00:00
All traffic would then flow
00:00
through the central hub network.
00:00
This would be useful if you wanted
00:00
all the network traffic inspected through a firewall,
00:00
or to go through a load balancer before being directed to
00:00
a different spoke network or out to the Internet.
00:00
One last concept to go over
00:00
is peering connections are not transitive.
00:00
Say we had three different VNets, A, B,
00:00
and C and we had a peering connection
00:00
between A and B and another one between B and
00:00
C. This does not mean A and
00:00
C have connectivity between each other automatically,
00:00
and they are not considered peered.
00:00
If you needed network traffic to go from A to C,
00:00
you would need to create
00:00
a peering connection between the two,
00:00
or have some type of
00:00
Network Virtual Appliance inside of VNet B that
00:00
could forward the traffic over to VNet
00:00
C. That does it for concepts right now.
00:00
Let's jump back over to our Azure portal,
00:00
and take a look at this in another demo.
00:00
Back in our Azure portal,
00:00
let's go check out our virtual networks.
00:00
Here we have our first virtual network that we
00:00
created prodweb-vnet, and in the background,
00:00
I went ahead and created another virtual network that we
00:00
could connect to called prodDb-vnet.
00:00
Let's go into our prodweb-vnet,
00:00
and under settings, let's go select peerings,
00:00
and let's click on "Add".
00:00
Now in our peering settings,
00:00
we need to give it a name,
00:00
and this is going to be going from
00:00
prodweb-vnet to the remote virtual network.
00:00
Since I know I'm going to my prodDB virtual network,
00:00
I'm going to give it a name that indicates that.
00:00
Next, I'm going to select
00:00
the virtual network that I want to connect to.
00:00
If you notice this drop-down menu is going to
00:00
show you virtual networks you cannot connect with.
00:00
Of course, since we're already
00:00
in prodweb-vnet virtual network,
00:00
we can't connect to that one,
00:00
but we are going to connect to the prodDb-vnet.
00:00
Once that is done, it's going to prompt us to name
00:00
the peering connection from prodDb back to prodweb.
00:00
This is going to be different
00:00
than the name that we gave it up here,
00:00
because this is going from prodweb to prodDb.
00:00
Next, we have a couple of configuration options.
00:00
First, we can allow network access
00:00
from prodweb to prodDb,
00:00
and network access from prodDb to prodweb.
00:00
This shows that peering connections
00:00
can go one way if you want it to.
00:00
For example, if we wanted prodweb to talk to prodDb,
00:00
but we didn't want the prodDb network
00:00
to talk back to prodweb,
00:00
we would just disable this option here.
00:00
However, I do want bi-directional communication,
00:00
so let's go ahead and leave this enabled.
00:00
Next we have settings for configuring forwarded traffic.
00:00
Let's hover over the information icon
00:00
to read more about this.
00:00
Basically, this is going to allow traffic not
00:00
originating from prodDb-vnet to
00:00
be forwarded and to prodweb-vnet.
00:00
This is going to be helpful if
00:00
you're building a hub and spoke network,
00:00
because traffic coming from
00:00
one spoke is going to go into the hub,
00:00
and you're going to want to allow that traffic to
00:00
be forwarded into another spoke.
00:00
Our last setting is configure gateway transit settings.
00:00
If we hover over the Information icon for it,
00:00
it's going to tell us that we can
00:00
use a Virtual Network or VPN gateway,
00:00
in a peered network in order to
00:00
access cross-premises like an On-premises network,
00:00
or to connect out to another VNet.
00:00
Inside of this peering connection,
00:00
the other virtual network has to have
00:00
a gateway configured in it and a gateway subnet.
00:00
For right now, all I want is to connect
00:00
these two virtual networks together
00:00
so all my settings I have here are what I want.
00:00
Let's go ahead and click on "Okay".
00:00
Now our peering connection is complete,
00:00
and we can see here in
00:00
our Virtual Network Peering settings,
00:00
our two prodDb-vnet is showing us connected.
00:00
To verify this, let's go look at the prodDb-vnet.
00:00
Let's take a look at its settings and peerings,
00:00
and we should see a reciprocal
00:00
peering connection to prodweb.
00:00
If we add virtual machines deployed
00:00
into each virtual network or subnet,
00:00
we would now be able to ping between each of
00:00
them using their IP addresses.
00:00
That does it for this demo.
00:00
Let's wrap it up by going back to our slides.
00:00
That does it for our discussion on virtual networks.
00:00
Next, we're going to cover
00:00
our next Azure resource with
00:00
an introduction to Virtual Machines.
00:00
See you in the next episode.
Up Next