Configuring Azure V-NET To V-NET Connectivity Step by Step

What is a V-NET

V-NET stands for Virtual Network. As per the standard definition, a Virtual network is nothing but a computer network consisting of virtual links which are used to connect two or more devices.

These V-NETs can be created in Azure and you can host your azure resources within these virtual networks. Legitimate question to be asked as usual is – why would I connect to VNETs?

Here is why,

  • Achieve cross subscription resources communication .
  • To set up cross geo redundancy or synchronization using secure channel.
  • Establish high availability with the help of clustering technology or load balancer.
  • On premise to Azure resources communication.

This article assumes that you have basic understanding of networking terms and focuses on creation of azure virtual networks hosted in two different regions and a step by step process of configuration to join these networks.

Since I don’t have any on-premise network that needs to be connected to Azure VNET, hence we will create both VNETs in Azure and connect them to each other, the process remains the same if you are interested in connecting your on premise network and Azure VNET.

Let’s go ahead and create two virtual networks in Azure, note that for this entire demo we will be using classic azure portal.

We will create first VNET and name it India VNET and second VNET as US VNET. We will host India VNET in Southeast Asia and US VNET is Central US.

create

We don’t need DNS for our VNETsso we won’t be creating it for both the virtual networks.

Note that IP address range of both of these networks should not overlap with each other and hence we will set up different IP range for each of our VNET something like this

For India VNET – we will keep range starting from 10.1.0.0

For US VNET – range will start from 10.2.0.0

Once the virtual network is created, click on the configure tab and you can set the IP range like this,

range

Let’s repeat the same process for creation of US VNET.

process

Note that we are not setting DNS in this network too.

setting

Note that the IP range has been modified to 10.2.0.0 and save the changes.

Now since we have created to both VNETs, we will go ahead and see how we can connect those.

Note that in order to connect these networks together, we need to add each network in the local networks with names

Indian VNET On-Prem and US VNET On-Prem.

The idea is, India VNET will be connected to US VNET On-Prem and

US VNET will be connected to India VNET On-Prem.

Let’s go ahead and add US VNET On-Prem,

add

Select Add local network option,

option

Give name as US VNET On-Prem, enter some dummy value in VPN Device IP and click next.

On next screen, enter the starting IP range of US VNET which we created in earlier step.

range

Click next and you are done.

Now add India VNET On-Prem local network by following same procedures, only change will be the IP address range and the name of the VNET. You can choose to add dummy VPN device IP address as 2.2.2.2

So In short, theoretically India VNET On-Prem acting as local network for US VNET and US VNET On-Prem acting as local network for India VNET.

India VNET - US VNET On-Prem
US VNET - India VNET On-Prem

Once you are done with it, let’s see how it look in the azure portal.

Now we will go ahead and connect to the added local networks. To do it, select India VNET in azure portal and click on configure tab.

Under site to site connectivity, select checkbox which says – connect to local network.

Select US VNET On-Prem network from available list of local networks in the dropdown and save your changes.

vnet

Do the similar step to configure US VNET, i.e. configure US VNET using azure portal and connect it to local network i.e. India VNET On-Prem.

When you do this connection, in order to establish a secure channel for communication between these two networks, the gateway needs to be created and you can see that gateway gets created in both VNETs.

You can verify it by again going to configure tab of any VNET i.e. India VNET or US VNET and observe that gateway was created.

spaces

On the dashboard of VNET – now it starts showing the connection of each VNET to its corresponding local network.

vnet

As you can observe, both networks are still not fully connected to each other.

Now browse to each VNET’s dashboard page from azure portal i.e. India VNET and US VNET and select option to add dynamic routing.

routing

It takes a while to complete the procedure,

procedure

Once it is done, it adds the Gateway IP address for each of the VNET.

Gateway is nothing but a secure tunnel for communications between both VNETs.

Gateway IP address will be shown the dashboard page of the VNET and you can make a note of it created for each of the VNETs.

Now go back to the Local Networks tab in the azure portal and edit the networks which you have added before.

Remember the dummy values we set like 1.1.1.1 and 2.2.2.2 for one of the field? Now we need to update those dummy values with the gateway IP address.

Make sure you update these values with correct Gateway address which got created in previous step for the VNET.

i.e. in India VNET On-Prem local network you should enter gateway address of India VNET and in US VNET On-Prem local network you should enter gateway address of US VNET.

Once you are done, it should look something like this,

networks

Now the last step – we need to execute some PowerShell scripts to establish the connection.

Before you go ahead and execute below commands, you will need to obtain network key of your VNET and you can do it using azure portal. Click on dashboard tab of VNET i.e. India VNET and select manage key option from the menus.

key

Set-AzureVNetGatewayKey -VNetName "indiavnet" -LocalNetworkSiteName "India VNET OnPrem" -SharedKeyIndiaVNETKEY
And
Set-AzureVNetGatewayKey -VNetName "us vnet" -LocalNetworkSiteName "US VNET On Prem" -SharedKeyIndiaVNETKEY

In PowerShell console, it looks something like this,

console

Note that you are signing both networks with same key.

Once you are done with this, you will be able to see both networks connected and same will be shown in the azure portal.

gateway

Now to validate this, you can simply create and host two virtual machines, keeping both in separate virtual networks which we have created. Once the VMs are up and running, log on to those VMs and try to ping internal IP addresses of a VM in other VNET, VMs should be able to see and ping each other.

Key take away or learning,

  • VNET to VNET connectivity requires Azure VPN Gateways with dynamic routing, static routing gateways are not supported.

  • All the traffic going through VNET to VNET is managed by Azure.
Read more articles on Azure: