Create a Hub-and-Spoke topology with Azure Virtual Network Peering

Currently I’m working on AZ-102 certification and I wanted to share with you a small lab I created to try Azure virtual network and especially remote gateway. To create a Hub-and-Spoke topology, you need that each spoke virtual network communicates through the hub virtual network. To implement this kind of solution, you need several virtual networks and peering. I would like to implement the following solution:

All VMs must be able to communicate through NE01-VMProject1 which is the hub. A peering will be established between NE01-NET – NE02-NET and NE01-NET – NE03-NET. To prepare this topic, I’ve already created the following resources:

  • Resource groups
  • Virtual machines
  • Virtual networks

As you can see below, the VM NE01VM1 is connected to NE01-NET virtual network with the IP 10.11.0.4.

The VM NE02VM1 is connected to NE02-NET virtual network with the IP 10.12.0.4.

Because no peering is created, a VM cannot ping another:

Create the peering

First, I edit Peerings from NE02-NET.

I call it NE02-NET-NE01-NET and I select the virtual network NE01-NET. For the moment, I leave default configuration.

From NE01-NET virtual network, I do the same thing to peer it to NE02-NET. I leave also the default configuration for the moment.

When peers are created, you should get the peering status to Connected.

Now, VM from NE01-VMProject1 and NE02-VMProject2 are able to communicate:

So, I create the peers between NE03-VMProject3 and NE01-VMProject1. I repeat the same steps as previously. I create a peer from NE01-NET to connect to NE03-NET.

Then I create a peer from NE03-NET to connect to NE01-NET.

From this point, VMs from NE03-VMProject3 are able to communicate with NE01-VMProject1 VMs and VMs from NE02-VMProject2 can ping VM from NE01-VMProject1. However, VM from NE03-VMProject3 can’t communicate with NE02-VMProject2 because gateway and routes are missing:

Create virtual gateway and route tables

First, create a virtual gateway in your hub network (NE01-NET) with the following settings. The gateway takes the 4th IP address in gateway subnet. You need this information for later. So, in this example, the internal IP address of this virtual network gateway is 10.11.1.4.

Then in NE02-VMProject2 and NE03-VMProject3, create a route table resource with the following settings:

Now, navigate in route table resource and click on Routes. Click on Add.

Configure the route as the following:

Route Name Address prefix Next hop type Next hop address
NE02-NET-ROUTE To-NE03-NET 10.13.0.0/16 Virtual appliance 10.11.1.4
NE03-NET-ROUTE To-NE02-NET 10.12.0.0/16 Virtual appliance 10.11.1.4

Now, click on Subnet and Associate.

Associate the NE02-NET-ROUTE to NE02-NET virtual network and NE03-NET-ROUTE to NE03-NET.

Configure hub peers

Now we need to allow gateway transit in each hub peer. Open each peering configuration in NE01-NET and Allow gateway transit as below.

Configure spoke peers

In each spoke peer (NE02-NET and NE03-NET), enable Use remote gateways option.

Wait a few minutes and then all VMs should be able to communicate.

About Romain Serre

Romain Serre works in Lyon as a Senior Consultant. He is focused on Microsoft Technology, especially on Hyper-V, System Center, Storage, networking and Cloud OS technology as Microsoft Azure or Azure Stack. He is a MVP and he is certified Microsoft Certified Solution Expert (MCSE Server Infrastructure & Private Cloud), on Hyper-V and on Microsoft Azure (Implementing a Microsoft Azure Solution).

2 comments

  1. Cool post, thanks!

    Side question:
    Why don’t you enforce HTTPS? You obviously support it, so I’m curious why you haven’t flipped the switch to redirect all HTTP to HTTPS.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

x

Check Also

Deploy Veeam Cloud Connect for large environments in Microsoft Azure

Veeam Cloud Connect is a solution to store backups and archives in a second datacenter ...

RDS 2016 farm: RDS Final configuration

This article is the final topic about how to deploy a Remote Desktop Service in ...

RDS 2016 Farm: Deploy RDS 2016 farm in Azure

This topic is part of a series about how to deploy a Windows Server 2016 ...