VNET’s

Azure , , , , 0 Comments

Hi!

If you want to run IaaS services (VM’s) within Azure you would proberbly run very fast into the need for an VNET as this will form the base of your Azure networking. In this Post I will explain what VNET’s are and show you how to create VNET(‘s). Beginning with what are the pre-requirsits and what should you consider before creating VNET (‘s):

  • VNET’s are bound to a Azure Regio (like West-Europe, North Europe, US-West… etc.). In short: If you want a VNET in multiple Regio’s: create a seperate VNET for each Regio)
  • VNET’s consists of:
    • VNET Name
    • (multiple) Address Range (CIDR address block)
    • (multiple) Subnet Address Ranges
  • You can have multiple VNET’s in the same subscription/Azure regio with different CIDR Address blocks. You could also use the same CIDR address block on different VNET’s (For example: Develop, Test and Production VNET’s)
  • To compare VNET’s with on-premise: A VNET is a VLAN. All VNET’s are isolated from each other
  • Your VM’s will get an IP address assigned, within the connected IP Subnet range, from the Azure DHCP service! (Never configure a static Ip Address within the VM!)
  • You can also create a VNET at VM creation time (in the Create VM wizard). Keep in mind that Azure will Always propose to create a new VNET at VM creation time, even if you already have a VNET.
  • By default, all Azure resources (VM’s etc.) connected to a VNET have Internet access
  • By default, Azure routes all traffic between subnets in the same VNET
    • Interconnecting VNET’s:
      • Use VNET Peering if you need to connect multiple VNET’s in the same Azure Regio (Same latency and bandwidth)
      • Use VNET-to-VNET connection (requires Azure VPN Gateway) (limited latency and bandwidth, depends on VPN Gateway used)

Ok, Lets create a VNET:

Lets explain above VNET Settings:

Name = Just an name, give it a recognizable name and/or add the Region name in it.
Address space = This is the CIDR address block
Subnet name =
Just an name, give it a recognizable name
Subnet address range = an IP Subnet which fits into the CIDR address block
Location = The location / Azure region where the VNET will be created

Recommandations:

  • Don’t assign all IP addresses (subnet) to match the CIDR address block. eg: if you have the following Address space: 192.168.1.0/24, don’t assign 192.168.1.0/24 as your subnet! note that some resources (like VPN gateway) needs its own IP Subnet address range within the CIDR address space.

Now that we have created a VNET, lets take a closer look at all settings:

Address Space and Subnets:
You can create multiple Address spaces within a VNET. Within a Address space you can create multiple Subnets:

Example 1:
Address Space = 192.168.1.x/24
Subnet = 192.168.1.0/25 (255.255.255.128)
Gateway Subnet = 192.168.1.252/30 (255.255.255.252)

Example 2:
Address Space = 172.16.x.x/16 (255.255.0.0)
Subnet-1 = 172.16.1.x/24 (255.255.255.0)
Subnet-2 = 172.16.2.x/24 (255.255.255.0)
etc.
Gateway Subnet = 172.16.254.252/30 (255.255.255.252)

Example 3:
Address Space = 192.168.1.x/24
Subnet-1 = 192.168.1.0/26 (255.255.255.192)
Subnet-2 = 192.168.1.64/26 (255.255.255.192)
etc.
Address Space = 192.168.2.x/24
Subnet-1 = 192.168.2.0/26 (255.255.255.192)
Subnet-2 = 192.168.2.64/26 (255.255.255.192)

The Address spaces and subnets you will use really depends on what your deployment (VM’s) require. Before you start creating VNET’s, Address Spaces and Subnets, think carefully on what your requirments are. Of course, you can Always change the Address Space and/or Subnet (as long as it fits into the Address Space and other dependencies)

DNS Servers:
Your VM’s connected to your VNET will be confired with Azure DNS servers by default! If, for example, you have multiple VM’s connected to an VNET and they are member servers of an domain, you want to assign your VM your own DNS Servers. You can do this by selecting ‘Custom’ in the DNS server settings tab:

Peerings:
You can use Peerings for:

  • Connect VNET’s within the same Azure Region (location)
  • Connect VNET’s within different Subscriptions, but both associated to the same Azure AD tenant.
  • Connect VNET’s from Azure Classic (ASM) to Azure Resource Manager (ARM). If you have resources in both ASM and ARM, you can connect both VNETS to each other. Also this can be very helpfull if you want to migrate resources from ASM to ARM.

With Peerings the bandwidth and latency is the same as if the resources are connected to the same VNET. Please keep in mind that you need to create a Peering on both VNET’s, one for each direction.

Peering settings:

  • Deployment model of the ‘Peer’ (ASM or ARM)
  • You will use ‘I know my resource ID’ if you want to peer with a VNET in different Subscriptions where you don’t have direct access to
  • Select ‘Allow Forwarded traffic’ Whether traffic not originating from a peered VNet is accepted or dropped
  • Select ‘Allow gateway transit’ if you want to allow the peered VNET to use your VPN gateway
  • Select ‘Use remote gateways’ if you want to use the VPN gateway of the peered VNET

gr,

Pieterbas


Resources:

Azure Virtual Network – overview

Leave a Reply

Your email address will not be published. Required fields are marked *

*