Nov 09 2021 03:15 AM - edited Nov 09 2021 06:35 AM
Keyword :
Scenario :
SPOKE networks must communicate with each other, but peering between them was not allowed.
Problem :
-- SPOKE 1 is peered with the HUB network
-- HUB is peered with SPOKE 2
-- No communication between SPOKE 1 and SPOKE 2
Solutions :
1- a Network Virtual Appliance (NVA) from the market place : a VM with a configured Firewall/Router within the HUB and configure it to forward traffic to and from the Spoke1 & 2.
2- a Virtual Gateway attached to the HUB network : enable communication between spokes with the defined routes.
We will see the 2nd solution
1- Create the Hub Vnet (10.2.0.0/16)
2- Create the spoke1 Vnet (10.3.0.0/16)
3- Create the spoke2 Vnet (10.4.0.0/16)
We have 03 Vnets :
3- Configure peering
**** With Portal Azure
Hub <> Spoke1
Hub <> Spoke2
******************************************************************************
Or you can do it **** With PowerShell Script
example : create peering Hub <> Spoke1
$SpokeRG = "Networks"
$SpokeRM = "spoke1"
$HubRG = "Networks"
$HubRM = "centralHub"
$spokermvnet = Get-AzVirtualNetwork -Name $SpokeRM -ResourceGroup $SpokeRG
$hubrmvnet = Get-AzVirtualNetwork -Name $HubRM -ResourceGroup $HubRG
Add-AzVirtualNetworkPeering `
-Name SpokeRMtoHubRM `
-VirtualNetwork $spokermvnet `
-RemoteVirtualNetworkId $hubrmvnet.Id `
-UseRemoteGateways
Add-AzVirtualNetworkPeering `
-Name HubRMToSpokeRM `
-VirtualNetwork $hubrmvnet `
-RemoteVirtualNetworkId $spokermvnet.Id `
-AllowGatewayTransit
******************************************************************************
4- Create a Virtual Network Gateway
It's created now 😉
5- Now, go back to the Peering section of each of the SPOKE Networks and configure “Use Remote gateways” option
6- Create the route tables and define users routes needed for the SPOKE to SPOKE communication
Add route :
--The Gateway subnet : CIDR /29 ==> The first and last IP are reserved for azure services.
--The internal IP address will be from the 4 ==> 10.2.1.4
****RT of Spoke01
The Address prefix must be the network of the Spoke2 Virtual Network 10.4.0.0/16
Virtual appliance : Next hop type
Next hop address : internal address of the Virtual Network Gateway 10.2.1.4
****RT of Spoke02
The Address prefix must be the network of the Spoke2 Virtual Network 10.3.0.0/16
Virtual appliance : Next hop type
Next hop address : internal address of the Virtual Network Gateway 10.2.1.4
7- Associate these Route tables with our Virtual Networks
In the Route table field select, Spoke1RouteTable and click Save
***Vnet Spoke1
***Vnet Spoke2
===> The two SPOKE Virtual Networks are able to communicate with each other via the HUB
--Create two windows VMs ===> The first in Spoke 1 network and the second The VM in Spoke 2 network
--Allow ICMP ping in the firewall of the 02 VMs
First VM in Spoke 1 network
Second VM in Spoke 2 network
====> The result of the test :
Ping from VM1 To VM2
Ping from VM2 to VM1