Notes from MS Learn AZ-700 Module 1: Introduction to Azure Virtual Networks – Unit 7: Enable Cross-Virtual Network Connectivity with Peering
VNet peering allows you to connect separate VNets in same Azure region (VNet Peering) or different regions (Global VNet Peering).
Traffic between peered is private and appears as one for connectivity purposes. Traffic between VMs in peered VNets use MS backbone infrastructure – no internet, gateways, encryption needed
- Terms:
- Regional VNet Peering – wihin same region
- Global VNet Peering – VNets in difference regions peered
- Can be in any Azure public cloud region
- Can be in any China cloud region
- CANNOT be in Government cloud region
- Only VNets in same region peerable in Government cloud regions.
- Benefits:
- Low latency, high bandwidth connection between resource in different VNets
- Ability for network security groups in either VNet for blocking purposes
- Ability to transfer data between VNets in different subscriptions, MS Entra tenants, deployment models, and regions
- Ability to peer VNets created using Azure Resource Manager
- Ability to peer VNet created in Azure Resource Manager with one created through classic deployment model
- No downtime to resource when creating peering or when peering creation is complete
- Steps to configure VNet Peering:
- Create 2 VNets
- Peer VNets
- Create VMs in each VNet
- Test communication between VMs
- Configuration done through the “Add peering” page. When peering is added on 1 VNet it is automatically added to second VNet
- Gateway Transit and Connectivity
- VNets are peered – Configure a VPN gateway in them as a transit point. In this case peered VNet uses remote gateway to access other resources.
- VNet can have only one gateway. Gateway transit support for both VNet and Global VNet peerings
- When. Gateway Transit allowed VNet can access resource outside of peering – examples
- Site-2-Site VPN to on-prem
- VNet-2-VNet connectivity to another VNet
- Point-2-Site VPN to client
- Allows peered VNets to share gateway for resource access
- Service Chaining to direct traffic to gateway
- Create user defined route directing traffic from one VNet to network virtual appliance in another
- User defined routes point to VM in another VNet as next hop or a virtual network gateway
- Can be utilized to create a hub and spoke topology