Sunday, 15 March 2020

Azure VNet Connectivity

Azure VNet Connectivity

In a typical IT environment, we tend to have multiple virtual networks, and also the workloads in these different virtual networks need to communicate with each other. So, we will discuss some connectivity scenarios which we can use to enable communication between workloads in various virtual networks.
Azure VNet Connectivity

Peering

Virtual network peering enables us to connect two VNet in the same or across regions. If both of the virtual networks are in Azure and also within the same region, then you can use peering. Due to this, the workload in those virtual machines can communicate with each other.
  • The traffic between different virtual machines in peered virtual networks is routed directly from the Microsoft backbone infrastructure, not through a gateway or over the public Internet.
  • We can deploy hub-and-spoke networks, where the virtual hub network can host infrastructure components such as a virtual network appliance or a VPN gateway.
  • Every spoke virtual network could then peer with the hub virtual network Traffic can flow through virtual network appliances or VPN gateways in the virtual hub network.
  • When virtual networks have peered, we can also configure the gateway in the peered virtual network as a transit point to an on-premises network.

Global peering

If we have a virtual network in azure that exists in different regions, then we can use Global peering. Gateway transit is supported for both VNet peering and Global VNet Peering.
Site to Site VPN: If we have an on-premises virtual network, and we may have other virtual networks existing in other cloud providers. To connect to our virtual network in Azure with the network that is an on-premises data center, we can use Site to site VPN.
Express Route: If we have a business requirement where this connection between our on-premises data center and virtual network should be on a private channel of communication, then you can use Express Route.

Points to Remember while peering:

  • Peering between VNets is allowed in the same subscription only.
  • Peering between VNets in different subscriptions under the same AD tenant is allowed.
  • Peering between VNets in different subscription located in different AD tenants are also allowed.

VPN Gateway

A VPN gateway is a specific type of virtual network gateway, which is used to send encrypted traffic between an Azure virtual network and an on-premises location over the public internet. VPN gateway act as a middle man on both sides of the virtual networks. And if the workloads in those virtual networks need to communicate with each other, they will communicate via this encrypted channel of communication between the VPN gateways of both virtual networks.
When we are planning to deploy a VPN gateway into Azure, we can configure the number of setting related to it:
  • Gateway SKUs: We need to select the SKU that satisfies our requirements based on the types of workloads, throughputs, features, and SLAs.
  • Zone-redundant gateways: We can get benefits from zone-resiliency to access your mission-critical, scalable service on Azure when we use zone-redundant gateways.
  • Connection types: Connection type can be IPsec, Vnet2Vnet, ExpressRoute, VPNClient.
  • VPN types: The VPN type that we choose depends on the connection topology that we want to create and the VPN device. It can be a policy-based VPN or Route-based VPN.
  • Gateway subnet: Before you create a VPN gateway, you must create a gateway subnet with the name 'GatewaySubnet' and do not deploy anything else into that subnet.
  • Local network gateway: Local network gateway usually represents your on-premises location, i.e., VPN devices, and address prefixes.
  • Connection topologies: Site to site, Multi-site, point-to-site, Vnet-to-Vnet, and express route.
  • Monitoring and Alerts: Monitors the key metrics and configure alerts.

No comments:

Post a Comment