Cloud Computing - Azure

Lab21 – Understanding VNET Peering between Two VNET’s in same

Region – Azure

Virtual network (VNET) peering:

Virtual network peering enables you to seamlessly connect two Azure virtual networks.
Once peered, the virtual networks appear as one, for connectivity purposes. The traffic
between virtual machines in the peered virtual networks is routed through the Microsoft
backbone infrastructure, much like traffic is routed between virtual machines in the
same virtual network, through private IP addresses only. Azure supports:

 VNet peering - connecting VNets within the same Azure region

 Global VNet peering - connecting VNets across Azure regions

The benefits of using virtual network peering, whether local or global, include:

 Network traffic between peered virtual networks is private. Traffic between the
virtual networks is kept on the Microsoft backbone network. No public Internet,
gateways, or encryption is required in the communication between the virtual
networks.
 A low-latency, high-bandwidth connection between resources in different virtual
networks.
 The ability for resources in one virtual network to communicate with resources in a
different virtual network, once the virtual networks are peered.
 The ability to transfer data across Azure subscriptions, deployment models, and
across Azure regions.
 The ability to peer virtual networks created through the Azure Resource Manager
or to peer one virtual network created through Resource Manager to a virtual
network created through the classic deployment model. To learn more about
Azure deployment models, see Understand Azure deployment models.
 No downtime to resources in either virtual network when creating the peering, or
after the peering is created.

Page 1 of 99
Cloud Computing - Azure

Connectivity
After virtual networks are peered, resources in either virtual network can directly
connect with resources in the peered virtual network.

The network latency between virtual machines in peered virtual networks in the same
region is the same as the latency within a single virtual network. The network
throughput is based on the bandwidth that's allowed for the virtual machine,
proportionate to its size. There isn't any additional restriction on bandwidth within the
peering.

The traffic between virtual machines in peered virtual networks is routed directly
through the Microsoft backbone infrastructure, not through a gateway or over the
public Internet.

Network security groups can be applied in either virtual network to block access to
other virtual networks or subnets, if desired. When configuring virtual network peering,
you can either open or close the network security group rules between the virtual
networks. If you open full connectivity between peered virtual networks (which is the
default option), you can apply network security groups to specific subnets or virtual
machines to block or deny specific access.

Page 2 of 99
Cloud Computing - Azure

Topology:

Page 3 of 99
Cloud Computing - Azure

In Azure portal, click “Resource group”.

Page 4 of 99
Cloud Computing - Azure

Click “Add”.

Page 5 of 99
Cloud Computing - Azure

While create “Resource group”,

Type “Resource group name” as “SansboundAzureClass”.

Select “Subscription” as “Free Trial”.

Select “Resource group location” as “Central US”.

Page 6 of 99
Cloud Computing - Azure

Click “Create”.

Page 7 of 99
Cloud Computing - Azure

Click “Virtual Networks”.

Page 8 of 99
Cloud Computing - Azure

Click “Add”.

Page 9 of 99
Cloud Computing - Azure

While create “Virtual network”.

Type “Name” as “SANS-MCSE”.

Type “Address space” as “10.0.0.0/16”.

Select “Subscription” as “SansboundAzureClass”.

Select “Location” as “Central US”.

Type “Subnet” name as “SANS-MCSEPubSubnet”.

Type “Address range” as “10.0.1.0/24”.

Page 10 of 99
Cloud Computing - Azure

Click “Create”.

Page 11 of 99
Cloud Computing - Azure

Click “Add”.

Page 12 of 99
Cloud Computing - Azure

While create “Virtual network”,

Type “Name” as “172.16.0.0/16”.

Select “Subscription” as “Free Trial”.

Select “Resource group” as “SansboundAzureClass”.

Select “Location” as “Central US”.

Type “Subnet” name as “SANS-CCNA-PubSubnet”.

Type “Address range” as “172.16.1.0/24”.

Page 13 of 99
Cloud Computing - Azure

Click “Create”.

Page 14 of 99
Cloud Computing - Azure

Click “Refresh” to view the newly created Virtual network.

Page 15 of 99
Cloud Computing - Azure

Click “Virtual machines”.

Page 16 of 99
Cloud Computing - Azure

In “Virtual machines”,

Click “Add”.

Page 17 of 99
Cloud Computing - Azure

While create virtual machine,

Select “Subscription” as “Free Trial”.

Select “Resource group” as “SansboundAzureClass”.

Type “Virtual machine name” as “MCSEVM-Azure”.

Select “Region” as “Central US”.

Select “Image” as “Windows Server 2008 R2 SP1”.

Change “Virtual machine size” as “Standard B1s”.

Page 18 of 99
Cloud Computing - Azure

In “Administrator Account”,

In “Username” type as “sansbound”.

In “Password” of virtual machine.

Page 19 of 99
Cloud Computing - Azure

In “Save Money”,

Click “Yes” to “Already have a windows license”.

Need to check “Confirmation” box.

Page 20 of 99
Cloud Computing - Azure

In “Disks”,

Click “Next : Networking >”.

Page 21 of 99
Cloud Computing - Azure

In “Networking”,

Create “Virtual machine”

Select “Virtual network” as “SANS-MCSE”.

Select “Subnet” as “SANS-MCSEPubSubet”.

Page 22 of 99
Cloud Computing - Azure

Click “Next : Management”.

Page 23 of 99
Cloud Computing - Azure

In “Management”,

Click “Next : Guest config”.

Page 24 of 99
Cloud Computing - Azure

In “Guest config”,

Click “Next : Tags >”.

Page 25 of 99
Cloud Computing - Azure

In “Tags”,

Click “Next : Review + create >”.

Page 26 of 99
Cloud Computing - Azure

Click “Create”.

Page 27 of 99
Cloud Computing - Azure

Click “Virtual machines” in left side panel.

Page 28 of 99
Cloud Computing - Azure

In “Virtual machines”, click “Add”.

Page 29 of 99
Cloud Computing - Azure

While create virtual machine,

Select “Subscription” as “Free Trial”.

Select “Resource group” as “SansboundAzureClass”.

In “Virtual machine name” as “CCNAVM-Azure”.

Select “Region” as “Central US”.

Select “Image” as “Ubuntu Server 18.04 LTS”.

Change “Virtual machine Size” as “Standard B1s”.

Page 30 of 99
Cloud Computing - Azure

In “Administrator Account”,

Click “Authentication type” as “Password”.

Type “Username” as “sansbound”.

Type “Password” for virtual machine.

Page 31 of 99
Cloud Computing - Azure

Click “Next : Disks >”.

Page 32 of 99
Cloud Computing - Azure

In “Disks”

Click “Next : Networking >”.

Page 33 of 99
Cloud Computing - Azure

In “Networking”,

Select “Virtual network” as “SANS-CCNA”.

Click “Subnet” as “SANS-CCNA-PubSubnet”.

Page 34 of 99
Cloud Computing - Azure

Click “Next : Management”.

Page 35 of 99
Cloud Computing - Azure

In “Management”,

Click “Next : Guest config”.

Page 36 of 99
Cloud Computing - Azure

In “Guest config”,

Click “Next : Tags >”.

Page 37 of 99
Cloud Computing - Azure

In “Tags”,

Click “Next : Review + create”.

Page 38 of 99
Cloud Computing - Azure

Click “Create”.

Page 39 of 99
Cloud Computing - Azure

Click “All resources”.

Page 40 of 99
Cloud Computing - Azure

In “All resources”,

Click “Network security group” named as “MCSEVM-Azure-nsg”.

Page 41 of 99
Cloud Computing - Azure

In “MCSEVM-Azure-nsg” network security group,

Click “Subnets”.

Page 42 of 99
Cloud Computing - Azure

We have required to associate the “SANS-MCSEPubSubnet” to “MCSEVM-Azure-nsg” network security

group.

Page 43 of 99
Cloud Computing - Azure

While “Associate subnet”,

Click “Choose a virtual network”.

Page 44 of 99
Cloud Computing - Azure

Click “SANS-MCSE” to select the Virtual network.

Page 45 of 99
Cloud Computing - Azure

In “Choose a subnet” click on “SANS-MCSEPubSubnet”.

Page 46 of 99
Cloud Computing - Azure

Click “Ok”.

Page 47 of 99
Cloud Computing - Azure

You have successfully associated the “SANS-MCSEPubSubnet” subnet with “MCSEVM-Azure-nsg”

network security group.

Page 48 of 99
Cloud Computing - Azure

Click “All resources”.

Page 49 of 99
Cloud Computing - Azure

Click “Inbound security rules”

Page 50 of 99
Cloud Computing - Azure

Click “Add”.

Page 51 of 99
Cloud Computing - Azure

While “Add inbound security rule”,

Select “Protocol” as “TCP”.

Type Rule “Name” as “AllowRDP”.

Page 52 of 99
Cloud Computing - Azure

Click “Add”.

Page 53 of 99
Cloud Computing - Azure

We have allowed “RDP” port to manage the Windows Servers remotely.

Page 54 of 99
Cloud Computing - Azure

Click “All resources”.

Page 55 of 99
Cloud Computing - Azure

Click “CCNAVM-Azure-nsg” Network security group.

Page 56 of 99
Cloud Computing - Azure

In “CCNAVM-Azure-nsg” network security group,

Click “Subnets”.

Page 57 of 99
Cloud Computing - Azure

In “Subnets” click “Associate” to associate the subnet to network security group.

Page 58 of 99
Cloud Computing - Azure

While associate subnet,

Click “Choose a virtual network”

Page 59 of 99
Cloud Computing - Azure

Click on “SANS-CCNA” to select Virtual network.

Page 60 of 99
Cloud Computing - Azure

In “Choose a subnet” click on “SANS-CCNA-PubSubnet”.

Page 61 of 99
Cloud Computing - Azure

Click “Ok”.

Page 62 of 99
Cloud Computing - Azure

In Network security group “Subnets”,

We are able see that “SANS-CCNA-PubSubnet” has been successfully associated with “CCNAVM-Azure-
nsg” network security group.

Page 63 of 99
Cloud Computing - Azure

Click “Inbound security rules”,

Page 64 of 99
Cloud Computing - Azure

In “Inbound security rules”,

Click “Add”.

Page 65 of 99
Cloud Computing - Azure

While “Add inbound security rule”,

Type “Destination port ranges” as “22”.

In “Protocol” select “TCP”.

Set “Priority” as “100”.

Type “Name” as “AllowSSH”.

Page 66 of 99
Cloud Computing - Azure

Click “Add”.

Page 67 of 99
Cloud Computing - Azure

You are able to see that inbound rule has been created for “CCNAVM-Azure-nsg” successfully.

Page 68 of 99
Cloud Computing - Azure

Click Virtual machine named “MCSEVM-Azure” which belongs to “SANS-MCSE” Virtual network as well
as “SANS-MCSE-PubSubnet”.

Page 69 of 99
Cloud Computing - Azure

In “MCSEVM-Azure”

Click on “Networking”,

Kindly note the Public and Private IP address of the Virtual machine.

Page 70 of 99
Cloud Computing - Azure

From your local machine, type “mstsc” in run box, and press “Enter”.

Click “Connect”.

Page 71 of 99
Cloud Computing - Azure

Type username as sansbound

Type password for the Windows 2008 R2 server.

Click “Ok”.

Page 72 of 99
Cloud Computing - Azure

Click “Yes”.

Page 73 of 99
Cloud Computing - Azure

You have successfully logged into the “Windows 2008 R2 Server”.

Page 74 of 99
Cloud Computing - Azure

In “Windows 2008 R2 server”,

Type “firewall.cpl” in Run box and press “Enter”.

Page 75 of 99
Cloud Computing - Azure

Click “Turn Windows Firewall on or off”.

Page 76 of 99
Cloud Computing - Azure

Click “Turn off” on both.

Click “Ok”.

Page 77 of 99
Cloud Computing - Azure

In “All resources”.

Click virtual machine named “CCNAVM-Azure”.

Page 78 of 99
Cloud Computing - Azure

In virtual machine named “CCNAVM-Azure”,

Click “Networking”.

Kindly note the Public and Private IP address of the Virtual machine of Ubuntu.

Page 79 of 99
Cloud Computing - Azure

In “Windows server 2008 R2”machine,

Try to ping IP address of the Ubuntu (172.16.1.4)

But, we have got request timed out.

What is the reason?

Windows 2008 R2 server is belongs to “SANS-MCSEPubSubnet” of “SANS-MCSE” virtual network.

But Ubuntu machine which you are trying to connect is belongs to “SANS-CCNA-PubSubnet” of “SANS-
CCNA” virtual network.

That is the reason, two different virtual networks are will not communicate with each other by
default.

So that, we have required to configure Vnet peering on both Virtual networks.

Page 80 of 99
Cloud Computing - Azure

Click “Virtual networks” in left side panel.

Page 81 of 99
Cloud Computing - Azure

Click “SANS-MCSE” virtual network.

Page 82 of 99
Cloud Computing - Azure

In “SANS-MCSE” virtual network,

Click on “Peerings”.

Page 83 of 99
Cloud Computing - Azure

Click “Add”.

Page 84 of 99
Cloud Computing - Azure

While “Add peering”

Type “Name” as “SANSMCSE-CCNA”.

In “Peer details” as “Resource manager”.

Select “Subscription” as “Free Trial”.

Select “Virtual network” of Remote Virtual network.

In “Configuration” need to check “Allow forwarded traffic”.

Page 85 of 99
Cloud Computing - Azure

Click “Ok”.

Page 86 of 99
Cloud Computing - Azure

By default you are not able to view “Peering” details, click on any other option like “Options”.

Page 87 of 99
Cloud Computing - Azure

Click “Peerings”.

Page 88 of 99
Cloud Computing - Azure

In “Peerings”,

You are able to see that you have successfully added peering in “SANS-MCSE” virtual network.

Page 89 of 99
Cloud Computing - Azure

Click “Virtual networks” in left side panel.

Page 90 of 99
Cloud Computing - Azure

In “Virtual networks”,

Click “SANS-CCNA” virtual network.

Page 91 of 99
Cloud Computing - Azure

In “SANS-CCNA” virtual network,

Click “Peerings”.

Page 92 of 99
Cloud Computing - Azure

Click “Add” to add remote virtual network.

Page 93 of 99
Cloud Computing - Azure

While “Add peering”,

Type peering “Name” as “SANS-CCNA-MCSE”.

In “Virtual network deployment model” click on “Resource manager”.

Select “Subscription” as “Free Trail”.

Select “Virtual network” as “SANS-MCSE” (which you have required to configure VNET peering).

In “Configuration”, need to check “Allow forwarded traffic”.

Page 94 of 99
Cloud Computing - Azure

Click “Ok”.

Page 95 of 99
Cloud Computing - Azure

Click “Overview”.

Page 96 of 99
Cloud Computing - Azure

Click “Peerings” to view the remote virtual network details.

Page 97 of 99
Cloud Computing - Azure

You are able see that “SANS-CCNA-MCSE” peering.

Page 98 of 99
Cloud Computing - Azure

In Windows 2008 R2 server, try to ping 172.16.1.4 (Ubuntu IP) of “SANS-CCNA” virtual network from
10.0.1.4 of “SANS-MCSE” virtual network.

Now we can able to access the resources between two different Virtual networks (VNET’s) from same
region.

Page 99 of 99