{"id":24701702,"url":"https://github.com/hurricanemark/vnetspeering","last_synced_at":"2025-03-22T04:13:05.489Z","repository":{"id":209514266,"uuid":"724260597","full_name":"hurricanemark/VNetsPeering","owner":"hurricanemark","description":"Azure Virtual Networks Peering -  Connecting three virtual networks using Global VNet Peering for different regions.","archived":false,"fork":false,"pushed_at":"2023-11-27T18:38:19.000Z","size":61,"stargazers_count":0,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-27T05:27:11.507Z","etag":null,"topics":["azure","geteway","on-premises-data-gateways","peering","vnet"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hurricanemark.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2023-11-27T18:09:50.000Z","updated_at":"2023-11-28T19:25:42.000Z","dependencies_parsed_at":"2023-11-27T19:50:42.253Z","dependency_job_id":null,"html_url":"https://github.com/hurricanemark/VNetsPeering","commit_stats":null,"previous_names":["hurricanemark/vnetspeering"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hurricanemark%2FVNetsPeering","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hurricanemark%2FVNetsPeering/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hurricanemark%2FVNetsPeering/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hurricanemark%2FVNetsPeering/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hurricanemark","download_url":"https://codeload.github.com/hurricanemark/VNetsPeering/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244902924,"owners_count":20529115,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["azure","geteway","on-premises-data-gateways","peering","vnet"],"created_at":"2025-01-27T05:25:13.014Z","updated_at":"2025-03-22T04:13:05.470Z","avatar_url":"https://github.com/hurricanemark.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Virtual Network Peering \n\nWhen connecting via peering, the VMx in these virtual networks can communicate with each other as if they are in the same network.  This should be the first choice unless you have existing VPN or ExpressRoute connections or services behind Azure Basic Load Balancers.\n\n\n\n*Let's create three virtual networks on Azure cloud and configure them to connect via global virtual network peering method.*\n\n1. The `Sales` VNet is deployed in `North Europe` region.  The Sales team wants access to Marketing data.\n\n2. The `Marketing` VNet is deployed in `North Europe` region.  Members of the Marketing team regularly chat with the Sales team.  Data is shared via download because `Sales` and `Marketing` do not have connection   \n\n3. The `Research` VNet is deployed in the `West Europe` region.  Members of the Research team have a logical working relationship with Marketing but they do not want the Sales team to have direct access to their data.\n\n\n## Create Sales VNet using Azure-CLI\n\nIn Cloud Shell, run the following command to create the virtual network and subnet for the Sales systems:\n\n```\naz network vnet create --resource-group learn-4b116c1a-4db8-4f09-b42a-9528a56f3339 --name SalesVNet --address-prefixes 10.1.0.0/16 --subnet-name Apps --subnet-prefixes 10.1.1.0/24 --location northeurope\n```\n\n*Output:*\n\n```\n{\n  \"newVNet\": {\n    \"addressSpace\": {\n      \"addressPrefixes\": [\n        \"10.1.0.0/16\"\n      ]\n    },\n    \"enableDdosProtection\": false,\n    \"etag\": \"W/\\\"1b7d6ba9-4a1b-4236-afee-fb2a05d74a87\\\"\",\n    \"id\": \"/subscriptions/bbd2d6bc-2bb3-440e-843d-917ae7f983fe/resourceGroups/learn-4b116c1a-4db8-4f09-b42a-9528a56f3339/providers/Microsoft.Network/virtualNetworks/SalesVNet\",\n    \"location\": \"northeurope\",\n    \"name\": \"SalesVNet\",\n    \"provisioningState\": \"Succeeded\",\n    \"resourceGroup\": \"learn-4b116c1a-4db8-4f09-b42a-9528a56f3339\",\n    \"resourceGuid\": \"f2052ec9-56cb-4ab5-b980-31edba278edf\",\n    \"subnets\": [\n      {\n        \"addressPrefix\": \"10.1.1.0/24\",\n        \"delegations\": [],\n        \"etag\": \"W/\\\"1b7d6ba9-4a1b-4236-afee-fb2a05d74a87\\\"\",\n        \"id\": \"/subscriptions/bbd2d6bc-2bb3-440e-843d-917ae7f983fe/resourceGroups/learn-4b116c1a-4db8-4f09-b42a-9528a56f3339/providers/Microsoft.Network/virtualNetworks/SalesVNet/subnets/Apps\",\n        \"name\": \"Apps\",\n        \"networkSecurityGroup\": {\n          \"id\": \"/subscriptions/bbd2d6bc-2bb3-440e-843d-917ae7f983fe/resourceGroups/SandboxNSGs/providers/Microsoft.Network/networkSecurityGroups/NSG-northeurope\",\n          \"resourceGroup\": \"SandboxNSGs\"\n        },\n        \"privateEndpointNetworkPolicies\": \"Disabled\",\n        \"privateLinkServiceNetworkPolicies\": \"Enabled\",\n        \"provisioningState\": \"Succeeded\",\n        \"resourceGroup\": \"learn-4b116c1a-4db8-4f09-b42a-9528a56f3339\",\n        \"type\": \"Microsoft.Network/virtualNetworks/subnets\"\n      }\n    ],\n    \"type\": \"Microsoft.Network/virtualNetworks\",\n    \"virtualNetworkPeerings\": []\n  }\n}\n```\n\n## Create Marketing VNet using Azure-CLI\n\nRun the following command to create the virtual network and subnet for the Marketing systems:\n\n```\naz network vnet create --resource-group learn-4b116c1a-4db8-4f09-b42a-9528a56f3339 --name MarketingVNet --address-prefixes 10.2.0.0/16 --subnet-name Apps --subnet-prefixes 10.2.1.0/24 --location northeurope\n```\n\n*Output:*\n\n```\n{\n  \"newVNet\": {\n    \"addressSpace\": {\n      \"addressPrefixes\": [\n        \"10.2.0.0/16\"\n      ]\n    },\n    \"enableDdosProtection\": false,\n    \"etag\": \"W/\\\"b9a1d42b-5cdc-4a12-b5db-f29bc82a7f27\\\"\",\n    \"id\": \"/subscriptions/bbd2d6bc-2bb3-440e-843d-917ae7f983fe/resourceGroups/learn-4b116c1a-4db8-4f09-b42a-9528a56f3339/providers/Microsoft.Network/virtualNetworks/MarketingVNet\",\n    \"location\": \"northeurope\",\n    \"name\": \"MarketingVNet\",\n    \"provisioningState\": \"Succeeded\",\n    \"resourceGroup\": \"learn-4b116c1a-4db8-4f09-b42a-9528a56f3339\",\n    \"resourceGuid\": \"b4743ff9-61ad-4ed1-8970-a8309e5b2e46\",\n    \"subnets\": [\n      {\n        \"addressPrefix\": \"10.2.1.0/24\",\n        \"delegations\": [],\n        \"etag\": \"W/\\\"b9a1d42b-5cdc-4a12-b5db-f29bc82a7f27\\\"\",\n        \"id\": \"/subscriptions/bbd2d6bc-2bb3-440e-843d-917ae7f983fe/resourceGroups/learn-4b116c1a-4db8-4f09-b42a-9528a56f3339/providers/Microsoft.Network/virtualNetworks/MarketingVNet/subnets/Apps\",\n        \"name\": \"Apps\",\n        \"networkSecurityGroup\": {\n          \"id\": \"/subscriptions/bbd2d6bc-2bb3-440e-843d-917ae7f983fe/resourceGroups/SandboxNSGs/providers/Microsoft.Network/networkSecurityGroups/NSG-northeurope\",\n          \"resourceGroup\": \"SandboxNSGs\"\n        },\n        \"privateEndpointNetworkPolicies\": \"Disabled\",\n        \"privateLinkServiceNetworkPolicies\": \"Enabled\",\n        \"provisioningState\": \"Succeeded\",\n        \"resourceGroup\": \"learn-4b116c1a-4db8-4f09-b42a-9528a56f3339\",\n        \"type\": \"Microsoft.Network/virtualNetworks/subnets\"\n      }\n    ],\n    \"type\": \"Microsoft.Network/virtualNetworks\",\n    \"virtualNetworkPeerings\": []\n  }\n}\n```\n\n\n## Create Research VNet using Azure-CLI\n\nRun the following command to create the virtual network and subnet for the Research systems:\n\n```\naz network vnet create --resource-group learn-4b116c1a-4db8-4f09-b42a-9528a56f3339 --name ResearchVNet --address-prefixes 10.3.0.0/16 --subnet-name Data --subnet-prefixes 10.3.1.0/24 --location westeurope\n```\n\n\n*Output:*\n\n```\n{\n  \"newVNet\": {\n    \"addressSpace\": {\n      \"addressPrefixes\": [\n        \"10.3.0.0/16\"\n      ]\n    },\n    \"enableDdosProtection\": false,\n    \"etag\": \"W/\\\"e5152332-0fec-4f60-9408-c766bdc3c08b\\\"\",\n    \"id\": \"/subscriptions/bbd2d6bc-2bb3-440e-843d-917ae7f983fe/resourceGroups/learn-4b116c1a-4db8-4f09-b42a-9528a56f3339/providers/Microsoft.Network/virtualNetworks/ResearchVNet\",\n    \"location\": \"westeurope\",\n    \"name\": \"ResearchVNet\",\n    \"provisioningState\": \"Succeeded\",\n    \"resourceGroup\": \"learn-4b116c1a-4db8-4f09-b42a-9528a56f3339\",\n    \"resourceGuid\": \"0e5121d8-8543-44d5-ba82-8b7de07f866c\",\n    \"subnets\": [\n      {\n        \"addressPrefix\": \"10.3.1.0/24\",\n        \"delegations\": [],\n        \"etag\": \"W/\\\"e5152332-0fec-4f60-9408-c766bdc3c08b\\\"\",\n        \"id\": \"/subscriptions/bbd2d6bc-2bb3-440e-843d-917ae7f983fe/resourceGroups/learn-4b116c1a-4db8-4f09-b42a-9528a56f3339/providers/Microsoft.Network/virtualNetworks/ResearchVNet/subnets/Data\",\n        \"name\": \"Data\",\n        \"networkSecurityGroup\": {\n          \"id\": \"/subscriptions/bbd2d6bc-2bb3-440e-843d-917ae7f983fe/resourceGroups/SandboxNSGs/providers/Microsoft.Network/networkSecurityGroups/NSG-westeurope\",\n          \"resourceGroup\": \"SandboxNSGs\"\n        },\n        \"privateEndpointNetworkPolicies\": \"Disabled\",\n        \"privateLinkServiceNetworkPolicies\": \"Enabled\",\n        \"provisioningState\": \"Succeeded\",\n        \"resourceGroup\": \"learn-4b116c1a-4db8-4f09-b42a-9528a56f3339\",\n        \"type\": \"Microsoft.Network/virtualNetworks/subnets\"\n      }\n    ],\n    \"type\": \"Microsoft.Network/virtualNetworks\",\n    \"virtualNetworkPeerings\": []\n  }\n}\n```\n\n\n# Confirm the VNets configuration\n\nTo view:\n\n```\naz network vnet list --query \"[?contains(provisioningState, 'Succeeded')]\" --output table\n```\n\n\n\n*Output:*\n\n```\nLocation     Name           EnableDdosProtection    ProvisioningState    ResourceGuid                          ResourceGroup\n-----------  -------------  ----------------------  -------------------  ------------------------------------  ------------------------------------------\nnortheurope  MarketingVNet  False                   Succeeded            b4743ff9-61ad-4ed1-8970-a8309e5b2e46  learn-4b116c1a-4db8-4f09-b42a-9528a56f3339\nnortheurope  SalesVNet      False                   Succeeded            f2052ec9-56cb-4ab5-b980-31edba278edf  learn-4b116c1a-4db8-4f09-b42a-9528a56f3339\nwesteurope   ResearchVNet   False                   Succeeded            0e5121d8-8543-44d5-ba82-8b7de07f866c  learn-4b116c1a-4db8-4f09-b42a-9528a56f3339\n```\n\n\n\n# Create virtual machines in each virtual network\n\nNow, you'll deploy some Ubuntu virtual machines (VMs) in each of the virtual networks. These VMs simulate the services in each virtual network. In the final unit of this module, you'll use these VMs to test connectivity between the virtual networks.\n\n\n- In Cloud Shell, run the following command, replacing \u003cpassword\u003e with a password that meets the requirements for Linux VMs, to create an Ubuntu VM in the Apps subnet of SalesVNet. Note this password for later use.\n\n```\naz vm create --resource-group learn-4b116c1a-4db8-4f09-b42a-9528a56f3339 --no-wait --name SalesVM --location northeurope --vnet-name SalesVNet --subnet Apps --image Ubuntu2204 --admin-username azureuser --admin-password \u003cpassword\u003e\n```\n\ne.g.\n\n```\nmarkn [ ~ ]$ az vm create --resource-group learn-4b116c1a-4db8-4f09-b42a-9528a56f3339 --no-wait --name SalesVM --location northeurope --vnet-name SalesVNet --subnet Apps --image Ubuntu2204 --admin-username azureuser --admin-password markN123@Azura\n```\n\n- Run the following command, replacing \u003cpassword\u003e with a password that meets the requirements for Linux VMs, to create another Ubuntu VM in the Apps subnet of MarketingVNet. Note this password for later use. The VM may take a minute or two to be created.\n\n```\naz vm create --resource-group learn-4b116c1a-4db8-4f09-b42a-9528a56f3339 --no-wait --name MarketingVM --location northeurope --vnet-name MarketingVNet --subnet Apps --image Ubuntu2204 --admin-username azureuser --admin-password \u003cpassword\u003e\n```\n\ne.g.\n\n```\nmarkn [ ~ ]$ az vm create --resource-group learn-4b116c1a-4db8-4f09-b42a-9528a56f3339 --no-wait --name MarketingVM --location northeurope --vnet-name MarketingVNet --subnet Apps --image Ubuntu2204 --admin-username azureuser --admin-password markN123@Azura\n```\n\n\n- Run the following command, replacing \u003cpassword\u003e with a password that meets the requirements for Linux VMs, to create an Ubuntu VM in the Data subnet of ResearchVNet. Note this password for later use.\n\n```\naz vm create --resource-group learn-4b116c1a-4db8-4f09-b42a-9528a56f3339 --no-wait --name ResearchVM --location westeurope --vnet-name ResearchVNet --subnet Data --image Ubuntu2204 --admin-username azureuser --admin-password \u003cpassword\u003e\n```\n\n\n*Output:*\n\n```\nSelecting \"uksouth\" may reduce your costs. The region you've selected may cost more for the same services. You can disable this message in the future with the command \"az config set core.display_region_identified=false\". Learn more at https://go.microsoft.com/fwlink/?linkid=222571\n```\n\n\n- To confirm that the VMs are running, run the following command. The Linux watch command is configured to refresh every five seconds.\n\n```\nwatch -d -n 5 \"az vm list \\\n    --resource-group learn-4b116c1a-4db8-4f09-b42a-9528a56f3339 \\\n    --show-details \\\n    --query '[*].{Name:name, ProvisioningState:provisioningState, PowerState:powerState}' \\\n    --output table\"\n```\n\n*Output:*\n\n```\nEvery 5.0s...  SandboxHost-638366955739826176: Mon Nov 27 16:47:43 2023\n\nName         ProvisioningState    PowerState\n-----------  -------------------  ------------\nMarketingVM  Succeeded            VM running\nSalesVM      Succeeded            VM running\nResearchVM   Succeeded            VM running\n```\n\n---\n*Note: A ProvisioningState of Succeeded and a PowerState of VM running indicates a successful deployment for the VM.\n\n\n\u003cbr /\u003e\n\u003clr /\u003e\n\n# Configure virtual network peering connections by using Azure CLI commands\n\nTo enable communication, you need to create peering connections for the virtual networks. To satisfy your company's requirements, you'll configure a hub and spoke topology and permit virtual network access when you create the peering connections.\n\n## Create virtual network peering connections\n\n- Follow these steps to create connections between the virtual networks and to configure the behavior of each connection.\n\nIn Cloud Shell, run the following command to create the peering connection between the SalesVNet and MarketingVNet virtual networks. This command also permits virtual network access across this peering connection.\n\n```\naz network vnet peering create --name SalesVNet-To-MarketingVNet --remote-vnet MarketingVNet --resource-group learn-4b116c1a-4db8-4f09-b42a-9528a56f3339 --vnet-name SalesVNet --allow-vnet-access\n```\n\n*Output:*\n\n```\n{\n  \"allowForwardedTraffic\": false,\n  \"allowGatewayTransit\": false,\n  \"allowVirtualNetworkAccess\": true,\n  \"doNotVerifyRemoteGateways\": false,\n  \"etag\": \"W/\\\"6deb1192-2787-4bbf-b0ae-a40d8a137b55\\\"\",\n  \"id\": \"/subscriptions/bbd2d6bc-2bb3-440e-843d-917ae7f983fe/resourceGroups/learn-4b116c1a-4db8-4f09-b42a-9528a56f3339/providers/Microsoft.Network/virtualNetworks/SalesVNet/virtualNetworkPeerings/SalesVNet-To-MarketingVNet\",\n  \"name\": \"SalesVNet-To-MarketingVNet\",\n  \"peeringState\": \"Initiated\",\n  \"peeringSyncLevel\": \"RemoteNotInSync\",\n  \"provisioningState\": \"Succeeded\",\n  \"remoteAddressSpace\": {\n    \"addressPrefixes\": [\n      \"10.2.0.0/16\"\n    ]\n  },\n  \"remoteVirtualNetwork\": {\n    \"id\": \"/subscriptions/bbd2d6bc-2bb3-440e-843d-917ae7f983fe/resourceGroups/learn-4b116c1a-4db8-4f09-b42a-9528a56f3339/providers/Microsoft.Network/virtualNetworks/MarketingVNet\",\n    \"resourceGroup\": \"learn-4b116c1a-4db8-4f09-b42a-9528a56f3339\"\n  },\n  \"remoteVirtualNetworkAddressSpace\": {\n    \"addressPrefixes\": [\n      \"10.2.0.0/16\"\n    ]\n  },\n  \"resourceGroup\": \"learn-4b116c1a-4db8-4f09-b42a-9528a56f3339\",\n  \"resourceGuid\": \"46711130-3766-0464-30f0-99dd247ca099\",\n  \"type\": \"Microsoft.Network/virtualNetworks/virtualNetworkPeerings\",\n  \"useRemoteGateways\": false\n}\n```\n\n\n- Run the following command to create a reciprocal connection from MarketingVNet to SalesVNet. This step completes the connection between these virtual networks.\n\n```\naz network vnet peering create --name MarketingVNet-To-SalesVNet --remote-vnet SalesVNet --resource-group learn-4b116c1a-4db8-4f09-b42a-9528a56f3339 --vnet-name MarketingVNet --allow-vnet-access\n```\n\n*Output:*\n\n```\n{\n  \"allowForwardedTraffic\": false,\n  \"allowGatewayTransit\": false,\n  \"allowVirtualNetworkAccess\": true,\n  \"doNotVerifyRemoteGateways\": false,\n  \"etag\": \"W/\\\"f8d5442d-b7ea-4f98-94e6-fa7b15b6dcc1\\\"\",\n  \"id\": \"/subscriptions/bbd2d6bc-2bb3-440e-843d-917ae7f983fe/resourceGroups/learn-4b116c1a-4db8-4f09-b42a-9528a56f3339/providers/Microsoft.Network/virtualNetworks/MarketingVNet/virtualNetworkPeerings/MarketingVNet-To-SalesVNet\",\n  \"name\": \"MarketingVNet-To-SalesVNet\",\n  \"peeringState\": \"Connected\",\n  \"peeringSyncLevel\": \"FullyInSync\",\n  \"provisioningState\": \"Succeeded\",\n  \"remoteAddressSpace\": {\n    \"addressPrefixes\": [\n      \"10.1.0.0/16\"\n    ]\n  },\n  \"remoteVirtualNetwork\": {\n    \"id\": \"/subscriptions/bbd2d6bc-2bb3-440e-843d-917ae7f983fe/resourceGroups/learn-4b116c1a-4db8-4f09-b42a-9528a56f3339/providers/Microsoft.Network/virtualNetworks/SalesVNet\",\n    \"resourceGroup\": \"learn-4b116c1a-4db8-4f09-b42a-9528a56f3339\"\n  },\n  \"remoteVirtualNetworkAddressSpace\": {\n    \"addressPrefixes\": [\n      \"10.1.0.0/16\"\n    ]\n  },\n  \"resourceGroup\": \"learn-4b116c1a-4db8-4f09-b42a-9528a56f3339\",\n  \"resourceGuid\": \"46711130-3766-0464-30f0-99dd247ca099\",\n  \"type\": \"Microsoft.Network/virtualNetworks/virtualNetworkPeerings\",\n  \"useRemoteGateways\": false\n}\n```\n\n\n\nNow that you have connections between Sales and Marketing, create connections between Marketing and Research.\n\nIn Cloud Shell, run the following command to create the peering connection between the MarketingVNet and ResearchVNet virtual networks:\n\n\n```\naz network vnet peering create --name MarketingVNet-To-ResearchVNet --remote-vnet ResearchVNet --resource-group learn-4b116c1a-4db8-4f09-b42a-9528a56f3339 --vnet-name MarketingVNet --allow-vnet-access\n```\n\n\n*Output:*\n\n```\n{\n  \"allowForwardedTraffic\": false,\n  \"allowGatewayTransit\": false,\n  \"allowVirtualNetworkAccess\": true,\n  \"doNotVerifyRemoteGateways\": false,\n  \"etag\": \"W/\\\"19e4de79-3b23-4e8c-8768-aa361c0b2378\\\"\",\n  \"id\": \"/subscriptions/bbd2d6bc-2bb3-440e-843d-917ae7f983fe/resourceGroups/learn-4b116c1a-4db8-4f09-b42a-9528a56f3339/providers/Microsoft.Network/virtualNetworks/MarketingVNet/virtualNetworkPeerings/MarketingVNet-To-ResearchVNet\",\n  \"name\": \"MarketingVNet-To-ResearchVNet\",\n  \"peeringState\": \"Initiated\",\n  \"peeringSyncLevel\": \"RemoteNotInSync\",\n  \"provisioningState\": \"Succeeded\",\n  \"remoteAddressSpace\": {\n    \"addressPrefixes\": [\n      \"10.3.0.0/16\"\n    ]\n  },\n  \"remoteVirtualNetwork\": {\n    \"id\": \"/subscriptions/bbd2d6bc-2bb3-440e-843d-917ae7f983fe/resourceGroups/learn-4b116c1a-4db8-4f09-b42a-9528a56f3339/providers/Microsoft.Network/virtualNetworks/ResearchVNet\",\n    \"resourceGroup\": \"learn-4b116c1a-4db8-4f09-b42a-9528a56f3339\"\n  },\n  \"remoteVirtualNetworkAddressSpace\": {\n    \"addressPrefixes\": [\n      \"10.3.0.0/16\"\n    ]\n  },\n  \"resourceGroup\": \"learn-4b116c1a-4db8-4f09-b42a-9528a56f3339\",\n  \"resourceGuid\": \"ba251e21-e4ee-0a04-33f2-234d7e24a82a\",\n  \"type\": \"Microsoft.Network/virtualNetworks/virtualNetworkPeerings\",\n  \"useRemoteGateways\": false\n}\n```\n\n\n- Run the following command to create the reciprocal connection between ResearchVNet and MarketingVNet:\n\n```\naz network vnet peering create --name ResearchVNet-To-MarketingVNet --remote-vnet MarketingVNet --resource-group learn-4b116c1a-4db8-4f09-b42a-9528a56f3339 --vnet-name ResearchVNet --allow-vnet-access\n```\n\n\n*Output:*\n\n```\n{\n  \"allowForwardedTraffic\": false,\n  \"allowGatewayTransit\": false,\n  \"allowVirtualNetworkAccess\": true,\n  \"doNotVerifyRemoteGateways\": false,\n  \"etag\": \"W/\\\"9f41b374-cdb7-487f-a744-689e902cfa79\\\"\",\n  \"id\": \"/subscriptions/bbd2d6bc-2bb3-440e-843d-917ae7f983fe/resourceGroups/learn-4b116c1a-4db8-4f09-b42a-9528a56f3339/providers/Microsoft.Network/virtualNetworks/ResearchVNet/virtualNetworkPeerings/ResearchVNet-To-MarketingVNet\",\n  \"name\": \"ResearchVNet-To-MarketingVNet\",\n  \"peeringState\": \"Connected\",\n  \"peeringSyncLevel\": \"FullyInSync\",\n  \"provisioningState\": \"Succeeded\",\n  \"remoteAddressSpace\": {\n    \"addressPrefixes\": [\n      \"10.2.0.0/16\"\n    ]\n  },\n  \"remoteVirtualNetwork\": {\n    \"id\": \"/subscriptions/bbd2d6bc-2bb3-440e-843d-917ae7f983fe/resourceGroups/learn-4b116c1a-4db8-4f09-b42a-9528a56f3339/providers/Microsoft.Network/virtualNetworks/MarketingVNet\",\n    \"resourceGroup\": \"learn-4b116c1a-4db8-4f09-b42a-9528a56f3339\"\n  },\n  \"remoteVirtualNetworkAddressSpace\": {\n    \"addressPrefixes\": [\n      \"10.2.0.0/16\"\n    ]\n  },\n  \"resourceGroup\": \"learn-4b116c1a-4db8-4f09-b42a-9528a56f3339\",\n  \"resourceGuid\": \"ba251e21-e4ee-0a04-33f2-234d7e24a82a\",\n  \"type\": \"Microsoft.Network/virtualNetworks/virtualNetworkPeerings\",\n  \"useRemoteGateways\": false\n}\n```\n\n\n## Check the virtual network peering connections\n\nNow that you've created the peering connections between the virtual networks, make sure the connections work.\n\nIn Cloud Shell, run the following command to check the connection between SalesVNet and MarketingVNet:\n\n```\naz network vnet peering list --resource-group learn-4b116c1a-4db8-4f09-b42a-9528a56f3339 --vnet-name SalesVNet --query \"[].{Name:name, Resource:resourceGroup, PeeringState:peeringState, AllowVnetAccess:allowVirtualNetworkAccess}\" --output table\n```\n\n*Output:*\n\n```\nName                        Resource                                    PeeringState    AllowVnetAccess\n--------------------------  ------------------------------------------  --------------  -----------------\nSalesVNet-To-MarketingVNet  learn-4b116c1a-4db8-4f09-b42a-9528a56f3339  Connected       True\n```\n\n- You've created only one connection from SalesVNet, so you get only one result. In the PeeringState column, make sure the status is Connected.\n\n- Run the following command to check the peering connection between the ResearchVNet and MarketingVNet virtual networks:\n\n\n```\naz network vnet peering list --resource-group learn-4b116c1a-4db8-4f09-b42a-9528a56f3339 --vnet-name ResearchVNet --query \"[].{Name:name, Resource:resourceGroup, PeeringState:peeringState, AllowVnetAccess:allowVirtualNetworkAccess}\" --output table\n```\n\n*Output:*\n\n```\nName                           Resource                                    PeeringState    AllowVnetAccess\n-----------------------------  ------------------------------------------  --------------  -----------------\nResearchVNet-To-MarketingVNet  learn-4b116c1a-4db8-4f09-b42a-9528a56f3339  Connected       True\n\n```\n\nAgain, you've created only one connection from ResearchVNet, so you get only one result. In the PeeringState column, make sure the status is Connected.\n\n- Run the following command to check the peering connections for the MarketingVNet virtual network.\n\n\n```\naz network vnet peering list --resource-group learn-4b116c1a-4db8-4f09-b42a-9528a56f3339 --vnet-name MarketingVNet --query \"[].{Name:name, Resource:resourceGroup, PeeringState:peeringState, AllowVnetAccess:allowVirtualNetworkAccess}\" --output table\n```\n\n*Output:*\n\n```\nName                           Resource                                    PeeringState    AllowVnetAccess\n-----------------------------  ------------------------------------------  --------------  -----------------\nMarketingVNet-To-SalesVNet     learn-4b116c1a-4db8-4f09-b42a-9528a56f3339  Connected       True\nMarketingVNet-To-ResearchVNet  learn-4b116c1a-4db8-4f09-b42a-9528a56f3339  Connected       True\n```\n\nRemember that you created connections from Marketing to Sales and from Marketing to Research, so you should get two connections. In the PeeringState column, make sure the status of both connections is Connected.\n\n![VNets](media/4-vnet-peering-configure-connections-result.svg)\n\n\n\u003cbr /\u003e\n\n## Check effective routes\n\n\nYou can further check the peering connection by looking at the routes that apply to the network interfaces of the VMs.\n\n- Run the following command to look at the routes that apply to the SalesVM network interface:\n\n```\naz network nic show-effective-route-table --resource-group learn-4b116c1a-4db8-4f09-b42a-9528a56f3339 --name SalesVMVMNic --output table\n```\n\n*Output:*\n\n```\nSource    State    Address Prefix    Next Hop Type    Next Hop IP\n--------  -------  ----------------  ---------------  -------------\nDefault   Active   10.1.0.0/16       VnetLocal\nDefault   Active   10.2.0.0/16       VNetPeering\nDefault   Active   0.0.0.0/0         Internet\nDefault   Active   10.0.0.0/8        None\nDefault   Active   127.0.0.0/8       None\nDefault   Active   100.64.0.0/10     None\nDefault   Active   172.16.0.0/12     None\nDefault   Active   25.48.0.0/12      None\nDefault   Active   25.4.0.0/14       None\nDefault   Active   25.30.0.0/15      None\nDefault   Active   198.18.0.0/15     None\nDefault   Active   25.33.0.0/16      None\nDefault   Active   40.109.0.0/16     None\nDefault   Active   192.168.0.0/16    None\nDefault   Active   104.147.0.0/16    None\nDefault   Active   157.59.0.0/16     None\nDefault   Active   40.108.0.0/17     None\nDefault   Active   104.146.0.0/17    None\nDefault   Active   23.103.0.0/18     None\nDefault   Active   25.41.0.0/20      None\nDefault   Active   20.35.252.0/22    None\n```\n\n\n*Note:*  The output table shows the effective routes for the VM's network interface. For SalesVMVMNic, you should have a route to 10.2.0.0/16 with Next Hop Type of VNetPeering. This is the network route for the peering connection from SalesVNet to MarketingVNet.\n\n\n- Run the following command to look at the routes for MarketingVM:\n\n```\naz network nic show-effective-route-table --resource-group learn-4b116c1a-4db8-4f09-b42a-9528a56f3339 --name MarketingVMVMNic --output table\n```\n\n\n*Output:*\n\n```\nSource    State    Address Prefix    Next Hop Type      Next Hop IP\n--------  -------  ----------------  -----------------  -------------\nDefault   Active   10.2.0.0/16       VnetLocal\nDefault   Active   10.1.0.0/16       VNetPeering\nDefault   Active   0.0.0.0/0         Internet\nDefault   Active   10.0.0.0/8        None\nDefault   Active   127.0.0.0/8       None\nDefault   Active   100.64.0.0/10     None\nDefault   Active   172.16.0.0/12     None\nDefault   Active   25.48.0.0/12      None\nDefault   Active   25.4.0.0/14       None\nDefault   Active   25.30.0.0/15      None\nDefault   Active   198.18.0.0/15     None\nDefault   Active   25.33.0.0/16      None\nDefault   Active   40.109.0.0/16     None\nDefault   Active   192.168.0.0/16    None\nDefault   Active   104.147.0.0/16    None\nDefault   Active   157.59.0.0/16     None\nDefault   Active   40.108.0.0/17     None\nDefault   Active   104.146.0.0/17    None\nDefault   Active   23.103.0.0/18     None\nDefault   Active   25.41.0.0/20      None\nDefault   Active   20.35.252.0/22    None\nDefault   Active   10.3.0.0/16       VNetGlobalPeering\n```\n\n*Note:*  The output table shows the effective routes for the VM's network interface. For MarketingVMVMNic, you should have a route to 10.1.0.0/16 with a next hop type of VNetPeering and a route to 10.3.0.0/16 with a next hop type of VNetGlobalPeering. These are the network routes for the peering connection from MarketingVNet to SalesVNet and from MarketingVNet to ResearchVNet.\n\n\n- Run the following command to look at the routes for ResearchVM:\n\n```\naz network nic show-effective-route-table --resource-group learn-4b116c1a-4db8-4f09-b42a-9528a56f3339 --name ResearchVMVMNic --output table\n```\n\n*Output:*\n\n```\nSource    State    Address Prefix    Next Hop Type      Next Hop IP\n--------  -------  ----------------  -----------------  -------------\nDefault   Active   10.3.0.0/16       VnetLocal\nDefault   Active   0.0.0.0/0         Internet\nDefault   Active   10.0.0.0/8        None\nDefault   Active   127.0.0.0/8       None\nDefault   Active   100.64.0.0/10     None\nDefault   Active   172.16.0.0/12     None\nDefault   Active   25.48.0.0/12      None\nDefault   Active   25.4.0.0/14       None\nDefault   Active   25.30.0.0/15      None\nDefault   Active   198.18.0.0/15     None\nDefault   Active   25.33.0.0/16      None\nDefault   Active   40.109.0.0/16     None\nDefault   Active   192.168.0.0/16    None\nDefault   Active   104.147.0.0/16    None\nDefault   Active   157.59.0.0/16     None\nDefault   Active   40.108.0.0/17     None\nDefault   Active   104.146.0.0/17    None\nDefault   Active   23.103.0.0/18     None\nDefault   Active   25.41.0.0/20      None\nDefault   Active   20.35.252.0/22    None\nDefault   Active   10.2.0.0/16       VNetGlobalPeering\n```\n\n*Note:*  The output table shows the effective routes for the VM's network interface. For ResearchVMVMNic, you should have a route to 10.2.0.0/16 with a next hop type of VNetGlobalPeering. This is the network route for the peering connection from ResearchVNet to MarketingVNet.\n\n\nNow that your peering connections are configured, let's take a look at how this affects the communication between VMs.\n\n\u003cbr /\u003e\n\n# Verify virtual network peering by using SSH between Azure virtual machines\n\nYour configuration used a hub and spoke topology. MarketingVNet was the hub, and SalesVNet and ResearchVNet were spokes.\n\n![5hub](media/5-hub-spoke-network.svg)\n\nRemember, peering connections are nontransitive. Intermediate virtual networks don't allow connectivity to flow through them to connected virtual networks. SalesVNet can communicate with MarketingVNet. ResearchVNet can communicate with MarketingVNet. MarketingVNet can communicate with both SalesVNet and ResearchVNet. The only communication that's not permitted is between SalesVNet and ResearchVNet. Even though SalesVNet and ResearchVNet are both connected to MarketingVNet, they can't communicate with each other because they're not directly peered to each other.\n\nLet's confirm the connectivity across the peering connections. To do this, you'll first create a connection from Azure Cloud Shell to a target VM's public IP address. Then you'll connect from the target VM to the destination VM by using the destination VM's private IP address.\n\n*Note:*  To test the virtual network peering connection, connect to the private IP address assigned to each VM.\n\n\n- To connect to your VMs, you'll use SSH (Secure Shell) directly from Cloud Shell. When using SSH, you'll first find the public IP addresses that are assigned to your test VMs.\n\n- In Cloud Shell, run the following command to list the IP addresses you'll use to connect to the VMs:\n\n\n```\naz vm list --resource-group learn-4b116c1a-4db8-4f09-b42a-9528a56f3339 --query \"[*].{Name:name, PrivateIP:privateIps, PublicIP:publicIps}\" --show-details --output table\n```\n\n*Output:*\n\n```\nName         PrivateIP    PublicIP\n-----------  -----------  -------------\nMarketingVM  10.2.1.4     23.102.44.227\nSalesVM      10.1.1.4     104.41.213.52\nResearchVM   10.3.1.4     20.4.18.140\n```\n\n\u003cbr /\u003e\n\n\n## Test connections from SalesVM\n\n\nIn the first test, you'll use SSH in Cloud Shell to connect to the public IP address of SalesVM. You'll then attempt to connect from SalesVM to MarketingVM and ResearchVM.\n\n- In Cloud Shell, run the following command, using SSH to connect to the public IP address of SalesVM. In the command, replace \u003cSalesVM public IP\u003e with the VM's public IP address.\n\n\n```\nssh -o StrictHostKeyChecking=no azureuser@\u003cSalesVM public IP\u003e\n```\n\ne.g. `ssh -o StrictHostKeyChecking=no azureuser@104.41.213.52`\n\n\n*output:*\n\n```\nWarning: Permanently added '104.41.213.52' (ED25519) to the list of known hosts.\n```\n\n![sale-1](media/5-sales-step-1.svg)\n\n\n- Sign in with the password that you used to create the VM. The prompt now shows that you're signed in to SalesVM.\n\n\n- In Cloud Shell, run the following command, using SSH to connect to the private IP address of MarketingVM. In the command, replace \u003cMarketingVM private IP\u003e with this VM's private IP address.\n\n\n```\nssh -o StrictHostKeyChecking=no azureuser@\u003cMarketingVM private IP\u003e\n\n```\n\nSign in by using the password you used to create the VM.\n\nEnter exit to close this SSH session and return to the SalesVM prompt.\n\nIn Cloud Shell, run the following command, using SSH to connect to the private IP address of ResearchVM. In the command, replace \u003cResearchVM private IP\u003e with this VM's private IP address.\n\n```\nssh -o StrictHostKeyChecking=no azureuser@\u003cResearchVM private IP\u003e\n```\n\n\nThe connection attempt should fail because there's no peering connection between the SalesVNet and ResearchVNet virtual networks. Up to 60 seconds might pass before the connection attempt times out. To force the attempt to stop, use Ctrl+C.\n\n\n![Sales-9](media/5-sales-step-9.svg)\n\n-  Enter `exit` to close SSH session.\n\n## Test connections from ResearchVM\n\n\nIn the second test, you'll use SSH in Cloud Shell to connect to the public IP address of ResearchVM. You'll then attempt to connect from ResearchVM to MarketingVM and SalesVM.\n\n- In Cloud Shell, run the following command, using SSH to connect to the public IP address of ResearchVM. In the command, replace \u003cResearchVM public IP\u003e with this VM's public IP address.\n\n\n```\nssh -o StrictHostKeyChecking=no azureuser@\u003cResearchVM public IP\u003e\n```\n\ne.g. `ssh -o StrictHostKeyChecking=no azureuser@20.4.18.140`\n\n\n![Research](media/5-research-step-1svg)\n\n\n- Sign in by using the password that you used to create the VM. The prompt now shows that you're signed in to ResearchVM.\n\n- In Cloud Shell, run the following command, using SSH to connect to the private IP address of MarketingVM. In the command, replace \u003cMarketingVM private IP\u003e with this VM's private IP address.\n\n```\nssh -o StrictHostKeyChecking=no azureuser@\u003cMarketingVM private IP\u003e\n```\n\n![ResearchVM](media/5-research-step-5.svg)\n\n\n\nThe connection attempt should succeed because of the peering connection between the ResearchVNet and MarketingVNet virtual networks.\n\n- Sign in by using the password you used to create the VM.\n\n- Enter exit to close this SSH session and return to the ResearchVM prompt.\n\n- In Cloud Shell, run the following command, using SSH to connect to the private IP address of SalesVM. In the command, replace \u003cSalesVM private IP\u003e with this VM's private IP address.\n\n\n```\nssh -o StrictHostKeyChecking=no azureuser@\u003cSalesVM private IP\u003e\n```\n\n\n*Note:* The connection attempt should fail because there's no peering connection between the ResearchVNet and SalesVNet virtual networks. Up to 60 seconds might pass before the connection attempt times out. To force the attempt to stop, use Ctrl+C.\n\n\n![FailExpected](media/5-research-step-9.svg)\n\n\n\u003cbr /\u003e\n\n## Test connections from Marketing VM\n\n\n\nIn the final test, you'll use SSH in Cloud Shell to connect to the public IP address of MarketingVM. You'll then attempt to connect from MarketingVM to ResearchVM and SalesVM.\n\n- In Cloud Shell, run the following command, using SSH to connect to the public IP address of MarketingVM. In the command, replace \u003cMarketingVM public IP\u003e with this VM's public IP address.\n\n```\nssh -o StrictHostKeyChecking=no azureuser@\u003cMarketingVM public IP\u003e\n```\n\ne.g. `ssh -o StrictHostKeyChecking=no azureuser@23.102.44.227`\n\n\n\n![Marketing](media/5-marketing-step-1.svg)\n\n\n\n- Sign in by using the password that you used to create the VM. The prompt shows that you're signed in to MarketingVM.\n\n- In Cloud Shell, run the following command, using SSH to connect to the private IP address of ResearchVM. In the command, replace \u003cResearchVM private IP\u003e with this VM's private IP address.\n\n\n```\nssh -o StrictHostKeyChecking=no azureuser@\u003cResearchVM private IP\u003e\n```\n\ne.g. `ssh -o StrictHostKeyChecking=no azureuser@10.3.1.0`\n\n\n![Marketing5-5](media/5-marketing-step-5.svg)\n\n\nThe connection attempt should succeed because of the peering connection between the MarketingVNet and ResearchVNet virtual networks.\n\n- Sign in by using the password you used to create the VM.\n\n- Enter exit to close this SSH session, and return to the MarketingVM prompt.\n\n- In Cloud Shell, run the following command, using SSH to connect to the private IP address of SalesVM. In the command, replace \u003cSalesVM private IP\u003e with this VM's private IP address.\n\n\n```\nssh -o StrictHostKeyChecking=no azureuser@\u003cSalesVM private IP\u003e\n```\n\ne.g. `ssh -o StrictHostKeyChecking=no azureuser@10.1.1.0`\n\n\n*Node:*  The connection attempt should also succeed because there is a peering connection between the MarketingVNet and SalesVNet virtual networks.\n\n\n![Marketing5-9](media/5-marketing-step-9.svg)\n\n\n- Sign in by using the password you used to create the VM.\n\n- Enter exit to close this SSH session, and return to the MarketingVM prompt.\n\n- Enter exit to close the SSH session, and return to Cloud Shell.\n\nThis is a simple test using SSH. It demonstrates network connectivity between peered virtual networks. It also demonstrates lack of network connectivity for transitive connections.\n\n*Note:* If these servers were running application services, the server connectivity would allow communication between the services running on the VMs. The connectivity would allow the business to share data across departments as required.\n\n\n\u003cbr /\u003e\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhurricanemark%2Fvnetspeering","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhurricanemark%2Fvnetspeering","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhurricanemark%2Fvnetspeering/lists"}