Complete Overview of Azure Virtual Network Peering

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey everyone welcome to another 360 in 360 where I cover a certain technology 360 degrees in let's face it probably more than 360 seconds if history is anything to go by and in this video I want to explore Network peering but before we get started if this is useful please subscribe and if you want to get notified when I do the new videos click the little bell icon so let's get to it I previously talked about a virtual network and that virtual network this within a particular region within a certain subscription it cannot span regions it cannot span subscriptions and it's an isolation of communication so I can break that up into premiere subnets I put resources inside it and they can kind of all talk to each other but if I have a virtual networks those virtual networks could be in the same region the same subscription I just want multiple beenit's they could be in different regions they could be in different subscriptions but if I had these different subscriptions when and these different virtual networks even different azure ad tenants maybe I want them to be able to communicate with each other now there are options I can do things like this site-to-site VPN I could say out kind of a VPN gateway in each of these and do VPN connections between them don't be at a talk but I'm going to be using the gateway are going to be throttled based on that gateways performance I could connect into the same Express route circuit she could imagine I had Express rail and I had a certain meet me location and if I set up Express route gateways in all of my virtual networks and connected them to the same circuit or they can communicate but that traffic would hairpin you would go to the meet me and then come back again even if they win the same region so it's not really ideal so the better option is to actually use network peering so we've network peering I can think about hey look I have V net one and then maybe I have be net to and I can create a peering relationship between them so now workloads in those two virtual networks would just be able to communicate now they can be in the same region or they can actually be in different regions with global v-net peering now with regular v-neck killing in the same region it's roughly a penny per gigabyte so I do pay I paid for the egress from the region and the ingress coming into that virtual network so I sit the region I pay the egress from the v-net over the peer and I pay the ingress over the pier if it's a global they're in different regions then I pay a little bit more so there is a difference in the cost between if it's in the same region or if the target of the peer is in a different region but now I have this complete connectivity there can be no IP address overlap so I mean that's super clear no NP overlap if there's any overlap of the IP space they will not be able to be peered that's super important now what if I also have another vena let's have a V net over here V net 3 and I will hear that as well they are non transitive so what that means is if the net 2 is peer to be net 1 and B net 3 is peer to be net 1 there is no peering no communication between 2 & 3 if I want 2 & 3 to be able to talk or I would have to add appear here as well so if I had lots and lots of v-necks imagine I had a v-neck 4 as well and that was all here over here or I have to peer that one and I have to peer that one I get like a full mesh scenario so the important to realize they are not transitive in nature I have to create those peer now I think it's about 500 at the current time peers I can have one of the networks might have a lot of them but if I did kind of have this hub and then loss of spoke topology and it's gonna be very hard to manage pretty quickly there are things I can do so one of the things I can absolutely do is that's if I was just using peering on its own so another option if I think about kind of that harp scenario and then I have multiple spoke virtual networks and I just appear all of them to the hub so these are all just peering connections what I can absolutely do is I can have some kind of appliance in a certain subnet in my hub now that could be as a firewall it could be a network lots of clients and what I'm going to do is use it to find routing and I'll configure UDR on kind of all of these spokes to say look if you want to get to the IP space of any of the other spokes your next hop are the next place to go is that virtual appliance so now it will send the traffic to the appliance and it can then forward it on so to do that I have to enable that allow forwarded traffic on all of those peering connections but that would essentially now make these transitive in nature I just have appeared from the spoke to the hub but now the spokes would be able to communicate with each other via the hub because I've deployed that as your firewall that NVA I could also use a gateway to that but really the the firewall is the best option to do that another thing I can do here is imagine also there were kind of like on-premises connections there was kind of this network maybe I had some kind of gateway in the hub maybe its Express route maybe it's like the site VPN the other cool thing I could do is in the hub I can allow me to have gateway transit so I can turn on gateway transit on this end of the peering connection although these ones I'm gonna say hey don't use remote Gateway what that will enable me to do is now the IP spaces of these spokes will kind of be passed through to the targets that are now clicked into here and likewise this one know about those IP spaces so these can now use the connectivity of the hub to get to the connected networks ie on premises on premises by the hub will be able to get to the spokes so I can really do a lot of cool stuff with kind of having an appliance which enables the peers to not talk to each other and then by having gateways in the hub and again allowing that gateway transit on the hub's end of the pier and user-mode gateway on the spoke end of the peering to now get the connectivity to the hub all the way through to those spokes so get quite a nice looking combination spokes can talk spokes can talk to the other networks so there's there's really good stuff I can do I do want to point out permissions so to establish peering I'm basically almost thinking like creating two unidirectional peers it's not that exactly but I do have to kind of create the peer that way and then create the peer this way for its complete to create the peer on my end I have to be a network contributor or there's there's really four permissions I have to have to manage it and they're outlined in the white soft document on the network I want to peer to there is a peer action I have to have so what I do is I create a custom role that just has peer action and I give that to the user here that's establishing the peering in that direction on that target virtual network and then the people on this virtual network needs to be network contributor to establish the view in the other direction where they need the peer action so we're getting the same custom wrong and then once both ends have been kind of created I now complete that peering and it's ready to go to Sri ties them all those permissions think of it if I ever lasso one of my customers use this analogy and I want to lassu something for the target of my last sue I have to have a permission to be able to get the last two on to it so that's that peer action that's the only thing need on the target virtual network but I do need that permission I can't just peer to any virtual network I want I have to have that peer action so that's kind of network peering the idea of I'm using the azure backbone I'm gonna get the full bandwidth available of the VMS and the resources there's no sparkling there's no gateway being used here I can I pay that nominal chart with it's within region it's like a penny be gigabyte again I pay it for egress and ingress my virtual network if it's between regions global upend a little bit more that traffic to flow but it's going to give me that great connectivity I can enable those folks to talk if I want to and I can even extend that communication make sure I don't have overlapping right keys between any network there's a direct peer and good luck till next time take care please like subscribe comment and share
Info
Channel: John Savill's Technical Training
Views: 16,605
Rating: 4.9719887 out of 5
Keywords: Azure, Virtual Networks, Azure Virtual Networks, Network Peering, Networking
Id: J4S6AxYNDtM
Channel Id: undefined
Length: 9min 56sec (596 seconds)
Published: Fri Apr 10 2020
Related Videos
ExpressRoute Deep Dive
John Savill's Technical Training
31K
Microsoft Azure Master Class Part 6 - Networking
John Savill's Technical Training
44K
AZ-900 Episode 10 | Networking Services | Virtual Network, VPN Gateway, CDN, Load Balancer, App GW
Adam Marczak - Azure for Everyone
135K
NAT and NAT Gateway in Azure
John Savill's Technical Training
6.6K
Azure Routing explained in plain English with a story in 10 mins-User Defined Routes, Route priority
azuremonk - cloud in plain english
22K
DevOps Master Class - Part 1 - Foundation
John Savill's Technical Training
25K
Microsoft Peering vs Private Peering and Private Link for Azure PaaS Access from On-premises
John Savill's Technical Training
9.1K
Microsoft Azure Master Class Part 9 - Monitoring and Security
John Savill's Technical Training
23K
Picking the right Azure Load Balancing Solution
John Savill's Technical Training
6.5K
Azure Virtual Network Step by Step
Scott Duffy @ GetCloudSkills
104K
Azure Virtual Network Service Endpoints - explained in plain English with a story and demo
azuremonk - cloud in plain english
28K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.