VNet to VNet Peering Daniel Bowbyes Microsoft announced in July VNet to VNet peering had entered public preview. In this session I want to give you a quick bit of history regarding the options we had prior to VNet peering What VNet peering gives us How we go about enabling VNet peering

VNET to VNET connections prior to July 2016 Express Route IPSEC IKE S2S VPN ASM ARM ARM ASM VNET 1 VNET 2 Why do you need to connect VNETs ? (if you have multiple subscriptions and want VM’s to be able to communicate. For me I have more than one MSDN sub so being able to have VM’s in both joined to the same AD is handy) To do this we had to add VPN Gateways to our VNETs [CLICK] and then create an IPSEC connection between the VPN Gateways [CLICK] (we could also use express route) [CLICK] And we could connect ASM to ASM VNets [CLICK] and ASM to ARM Vnets [CLICK] and ARM to ARM VNets [CLICK] These VNets could be across different regions [CLICK] Australia East Australia South East Australia East

VNET to VNET connections prior to July 2016 IPSEC IKE S2S VPN ASM ASM VNET 1 VNET 2 But you had to pay for the VPN Gateways when they where running and through put was limited 10 S2S connections with a Standard gateway 100 Mb though put (cost ~100 NZD) 30 S2S connections with a high performance gateway ( cost is ~544 NZD) – 200Mb though put Australia East Australia East

VNET to VNET Peering ( currently in preview ) Australia East VNET to VNET Peering ( currently in preview ) VNet Peering ASM ARM ARM VNet Peering VNET 1 VNET 2 [CLICK] From a network bandwidth side of things we are using Microsofts Azure high speed backbone so we are no longer limited by the speed of our VPN Gateway but we will still be limited to the amount of network bandwidth allocated to our VM (remember larger VM’s have higher bandwidth allocations) Supports ASM to ARM [CLICK] and ARM to ARM [CLICK] but not ASM to ASM Its only for VNets in the same region and can be between VNets in different subscriptions or the same subscription Vnet peerings can be hub and spoke or full mesh but are non transitive which means [CLICK]…….Vnet 1 can communicate with Vnet 2 but Vnet 1 can’t communicate with Vnet 3, currently you can configure 10 peers per vnet [CLICK] You can share a gateway over a vnet peering [Click] which means if I have a gateway or express route connected to a vnet I can advertise that gateway route across my vnet peerings (This only works for ARM) If I am running Azure DNS resolution for my VM’s with the current preview I don’t get the ability to look up machines Ip addresses in the vnet I am peering with. User Defined Routing is supported but we need to allow forwarded traffic when we setup the Vnet to VNet peering for UDR traffic to pass across the peering session In terms of cost while in preview its currently free and once it goes GA cost will be 0.0149 NZD per GB Co Existence --- makes moving to VNet peering easy Australia East Australia East

Enabling VNET to VNET Peering

Login-AzureRmAccount Get-AzureRmSubscription Get-AzureRmSubscription -Subscriptionname "you sub name here" |Select- AzureRmSubscription #register provider Register-Azurermproviderfeature -FeatureName AllowVnetPeering - ProviderNamespace Microsoft.network Register-AzureRmResourceProvider -ProviderNamespace Microsoft.Network #show provider registration status Get-AzureRmProviderFeature -FeatureName AllowVnetPeering -ProviderNamespace Microsoft.network

Setup VNet Peering using portal.azure.com

$vnet1 = Get-AzureRmVirtualNetwork -ResourceGroupName vnet101 -Name vnet1 Add-AzureRmVirtualNetworkPeering -name LinkToVNet2 -VirtualNetwork $vnet1 -RemoteVirtualNetworkId $vnet2.id Add-AzureRmVirtualNetworkPeering -name LinkToVNet1 -VirtualNetwork $vnet2 -RemoteVirtualNetworkId $vnet1.id $LinktoVNet2 = Get-AzureRmVirtualNetworkPeering -VirtualNetworkName vnet1 - ResourceGroupName vnet101 -Name LinkToVNet2 $LinktoVNet2.AllowForwardedTraffic = $true Set-AzureRmVirtualNetworkPeering -VirtualNetworkPeering $LinktoVNet2