Virtual Network Peering

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
22 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
24
Video Transcription
00:00
>> Hey everybody and welcome back.
00:00
In this lecture, we're going to be talking
00:00
about virtual network peering.
00:00
The learning objectives for
00:00
this lesson are going to be to understand
00:00
what network peering is and how it applies to VNets.
00:00
We're going to talk a little bit about VNet,
00:00
peering and transitivity,
00:00
so the concept of transitivity.
00:00
Then we're going to understand some of
00:00
the rules in place when it comes to IP
00:00
address blocks when we're dealing
00:00
with a VNet peering environment.
00:00
VNet peering is actually
00:00
a pretty interesting topic because it gets
00:00
down to the primary idea behind networking.
00:00
This is basically when we're connecting
00:00
two or more VNets together to expand our network,
00:00
to scale it out, to be able to
00:00
communicate between one network to another.
00:00
Maybe one application environment
00:00
to your infrastructure environment
00:00
or your VNets in the Cloud to maybe another VNet,
00:00
that's in another accounts or maybe it's
00:00
with a partnership company that you work with.
00:00
This is something that's very handy.
00:00
But there's a lot of rules in place
00:00
because this has everything to do with data,
00:00
leaving our environment, our network,
00:00
and going to another network
00:00
and in turn allowing them to also access our networks.
00:00
At this point we're dropping the drawbridge,
00:00
if we're going to use an illustration here,
00:00
we're opening up our kingdom
00:00
and allowing people in and allowing people out.
00:00
We want to make sure that we
00:00
know what we're signing up for.
00:00
Azure makes this really easy,
00:00
but they also have certain stipulations
00:00
in place that we have to make sure we
00:00
are following so that we
00:00
don't set things up the wrong way so that data
00:00
is being able to communicate between
00:00
networks and in a streamlined fashion.
00:00
Let's go ahead and dive into. VNet peering basically
00:00
connects two different virtual networks or VNets.
00:00
It allows the resources that are
00:00
assigned to those VNets to communicate with one another.
00:00
The allowed VNet peering scenarios
00:00
are as follows: You can connect
00:00
two VNets that are
00:00
both belonging to the same Azure region.
00:00
That's okay. You can connect
00:00
two VNets in different regions.
00:00
That's something that we call global VNet peering,
00:00
and that's okay too.
00:00
Again, these are traditional ideas.
00:00
This is part of the reason why we go with the Cloud.
00:00
It's just easy and we all know that these are
00:00
things that we want to be able to
00:00
take advantage of when we move to the Cloud.
00:00
It's definitely a selling proposition
00:00
for Azure or any other Cloud provider.
00:00
We want to make sure that we can
00:00
take advantage of these things.
00:00
Another handy thing to note
00:00
is you can also connect or peer
00:00
two different VNets from
00:00
two different subscriptions within
00:00
the same Azure account if you'd like as well.
00:00
Maybe you're not communicating with
00:00
anyone outside of your environment.
00:00
Maybe it's between two different teams,
00:00
like you have marketing and developments.
00:00
That sounds like a pretty common use case.
00:00
There may be a scenario where you need to
00:00
have a VNet from one department to
00:00
communicate with another department
00:00
in order for that collaboration to happen
00:00
or the transference of
00:00
data ingress and egress between the two VNets.
00:00
These are different scenarios that will likely be
00:00
applicable to you as you're designing
00:00
and administrating these Azure architectures.
00:00
But here's a few scenarios that are not allowed.
00:00
You cannot have networks
00:00
that have overlapping CIDR blocks.
00:00
Now, if you don't understand what CIDR blocks are,
00:00
I do recommend that you take a step
00:00
back and maybe go and do
00:00
some refresher learning on your networking concepts.
00:00
CIDR blocks basically classify
00:00
how IP addresses are assigned to a network,
00:00
how we organize and slice
00:00
up the IP addresses
00:00
for computers and servers and whatnot.
00:00
But this course is not about networking,
00:00
this course is about the Cloud.
00:00
If you need to brush up on some of
00:00
your CIDR and networking knowledge,
00:00
I do recommend you take a look at some of
00:00
our courses on networking right here within Cybrary.
00:00
Moving on, here are
00:00
some examples of what I mean by overlapping CIDR blocks.
00:00
We have here a network with a
00:00
10.0.0.0 that cannot be paired with another VNets,
00:00
that is a 10.0.0.0 because the IPs overlap,
00:00
the CIDR blocks too overlap.
00:00
Now, we can have a
00:00
10.1.2.0 communicate with a
00:00
1.72.16 because they're very different.
00:00
The CIDR blocks are not the same.
00:00
This is a class A and this is a class B.
00:00
We can have these two networks
00:00
communicate with one another.
00:00
This is a very simple illustration.
00:00
There's lot more detailed information
00:00
if you look at the Azure documentation,
00:00
that does help you navigate these things.
00:00
But there again, this is just
00:00
to give you all an idea of what we're
00:00
talking about when we're dealing with VNet
00:00
peering and really what the concept of VNet peering is.
00:00
If you need to refresh on
00:00
your knowledge on networking, no worries.
00:00
I personally do not work in networking every day.
00:00
It's actually been a while since
00:00
I've had to configure a network.
00:00
I did upgrade my home network recently,
00:00
so I did do that but I definitely don't
00:00
peer anything when it comes to my home network.
00:00
It's okay if you need to go back and do a refresher.
00:00
That's something that we should always do.
00:00
Always recap and brush up on
00:00
the things that maybe we don't work
00:00
on on a day-to-day basis
00:00
that we were staying current and we can still be
00:00
able to obtain new knowledge pieces,
00:00
new nuggets of knowledge.
00:00
That way we can obtain new nuggets of knowledge
00:00
and enhance our capabilities going forward.
00:00
If you need to, go ahead and do that refresher,
00:00
if not, let's go ahead and move forward.
00:00
Continuing on with our conversation on VNet peering,
00:00
there is another rule that needs to be noted and you may
00:00
see a few questions on this topic in your exam.
00:00
It's pretty common that they
00:00
do send the questions out like this
00:00
because you need to understand
00:00
what the transitivity rules are for VNet Peering.
00:00
So going back to our illustration here,
00:00
we have three different VNets.
00:00
We have our VNet A,
00:00
we have a hub VNet,
00:00
and then our VNet B.
00:00
Here's our hub, here's our spokes.
00:00
VNet A is communicating with
00:00
hub VNet and same with VNet B.
00:00
It is communicating, it is peering.
00:00
If you look at the green line,
00:00
we can see that there is communication.
00:00
We can also see some blue lines
00:00
to indicate some communication between
00:00
our VPN gateway and our remote gateway. Here we are.
00:00
One thing I want to note here is that,
00:00
to get down to the core of it,
00:00
transitive peering is when we say that
00:00
VNet A can communicate with
00:00
VNet B because they're both
00:00
communicating with the hub VNet.
00:00
There is a transitive rule
00:00
here saying that they can do that. This is not allowed.
00:00
Whenever you're dealing with
00:00
any type of virtual networking in
00:00
the Cloud, it is not allowed.
00:00
This is not something that we can do.
00:00
If you wanted VNet A to communicate with VNet B,
00:00
you can very easily sync these two up
00:00
and get them communicating directly to each other.
00:00
But they cannot use
00:00
a mutual VNet for
00:00
that vehicle of communication.
00:00
There needs to be a direct communication.
00:00
This is the concept of transitive,
00:00
or in this case what we should be avoiding.
00:00
This is non transitive peering.
00:00
VNets do not peer in a transitive fashion.
00:00
All right everyone, this was a short lecture,
00:00
but this was really to talk about
00:00
the concept of VNet peering and some of
00:00
the rules that you're going to need to be aware of.
00:00
You want to make sure that you understand the laws of
00:00
transitivity when we are talking about VNet peering.
00:00
If you didn't understand that quite right,
00:00
feel free to reach out to me.
00:00
I'm more than happy to have
00:00
a conversation with you about this.
00:00
We can always dive into documentation
00:00
and learn more about this together.
00:00
If there's anything that maybe you're unsure about,
00:00
you can always ping me on Twitter,
00:00
reach out to me on LinkedIn
00:00
wherever you feel comfortable,
00:00
and we can definitely dive into this further.
00:00
All right, folks, that's about it for this lecture,
00:00
I will see you in the next one.
Up Next
Configure Network Security Groups (NSGs) to Allow Application and Database Traffic Lab
1h 30m
Azure Network Security Lab
2h