Introduction
As part of my Azure Administrator certification journey, I completed Lab 05 - Implement Intersite Connectivity, which focused on enabling communication between virtual networks in Azure. This lab introduced me to virtual network peering, testing connections between resources in different networks, and configuring custom routes. Interconnecting virtual networks is an essential skill in multi-network architectures, and this lab helped me understand how to create secure and scalable communication between virtual networks in Azure.
Lab Overview
In this lab, I configured virtual network peering to allow communication between two virtual networks in Azure: CoreServicesVnet and ManufacturingVnet. Additionally, I learned how to create a custom route to control network traffic and used Azure Network Watcher to monitor connectivity.
This lab provides a hands-on approach to connecting isolated networks and managing the routing and monitoring of traffic between them.
Skills Practiced:
✅ Creating virtual networks and virtual machines
✅ Implementing virtual network peering
✅ Using Azure Network Watcher to test connections
✅ Configuring custom routes for network traffic control
✅ Testing connectivity using Azure PowerShell
Task 1: Create a Core Services Virtual Machine and Virtual Network
The first task involved creating a virtual network and a virtual machine (VM) in the Core Services network. Here’s what I did:
1️⃣ Signed into the Azure portal – Azure Portal.
2️⃣ Created a new virtual machine CoreServicesVM in a virtual network CoreServicesVnet with the IP address space 10.0.0.0/16 and a subnet Core (10.0.0.0/24).
3️⃣ Deployed the virtual machine with Windows Server 2019 and configured the networking settings accordingly.
📌 Insight:
It’s essential to plan the IP address space when creating a virtual network. Using non-overlapping address ranges for each network is critical to avoid routing conflicts in multi-network setups.
Task 2: Create a Manufacturing Services Virtual Machine and Virtual Network
Next, I created the ManufacturingVM in a different virtual network. Here’s what I did:
1️⃣ Created a second virtual network ManufacturingVnet with a different address space 172.16.0.0/16.
2️⃣ Created a subnet Manufacturing (172.16.0.0/24) within this network.
3️⃣ Deployed a new virtual machine, ManufacturingVM, in this network with the same configuration as the previous VM.
📌 Insight:
When designing networks, it’s important to keep scalability in mind. Azure allows you to create multiple VNets with different address spaces, and those spaces can be connected using virtual network peering.
Task 3: Use Network Watcher to Test the Connection Between Virtual Machines
At this point, the two virtual machines were deployed, but they couldn’t communicate because they were in different virtual networks. Here’s what I did to test the connection:
1️⃣ Opened Network Watcher in the Azure portal.
2️⃣ Selected Connection troubleshoot and tested connectivity from CoreServicesVM to ManufacturingVM using TCP port 3389 (RDP).
3️⃣ The initial test showed that the connection was unreachable, which was expected since the networks were not yet peered.
📌 Insight:
Network Watcher is an essential tool for diagnosing network connectivity issues in Azure. It helps identify whether traffic is blocked or if the issue is with routing or firewall settings.
Task 4: Configure Virtual Network Peerings Between Virtual Networks
To enable communication between the two networks, I configured virtual network peering. Here’s what I did:
1️⃣ In the CoreServicesVnet, I added a new peering link named CoreServicesVnet-to-ManufacturingVnet and allowed traffic to flow between the networks.
2️⃣ I also created the reverse peering from ManufacturingVnet to CoreServicesVnet.
3️⃣ After the peering was configured, I verified the status of the peering in both VNets and confirmed the Connected status.
📌 Insight:
Virtual network peering allows virtual networks to communicate over the Microsoft backbone infrastructure, making the two VNets appear as one for connectivity purposes. This is useful for scenarios where you need to segment networks but still require secure communication between them.
Task 5: Use Azure PowerShell to Test the Connection Between Virtual Machines
I tested the VM connection again, this time using Azure PowerShell. Here’s what I did:
1️⃣ I recorded the private IP address of CoreServicesVM.
2️⃣ In the ManufacturingVM, I used the RunCommand feature to run a PowerShell script that tested connectivity using Test-NetConnection with the private IP of CoreServicesVM.
3️⃣ The test showed that the connection was successful, confirming that the networks were now properly peered and communicating.
📌 Insight:
Using PowerShell is a quick and flexible way to test network connectivity and troubleshoot any issues. It’s also useful for automating tasks and performing checks on multiple resources at once.
Task 6: Create a Custom Route
The final task involved creating a custom route to direct traffic through a network virtual appliance (NVA) in the Core Services subnet. Here’s what I did:
1️⃣ Created a new subnet perimeter in the CoreServicesVnet (10.0.1.0/24).
2️⃣ Created a custom route table rt-CoreServices and added a route that directs traffic from the perimeter subnet to the NVA (10.0.1.7).
3️⃣ Associated the route table with the Core subnet.
📌 Insight:
Custom routes allow you to control the flow of traffic between subnets, VNets, and external networks. This is especially useful when you need to route traffic through a specific appliance, such as a firewall or other security devices.
Key Learnings
1️⃣ Virtual Network Peering
Virtual network peering allows seamless communication between different VNets, which are treated as one for connectivity purposes. It’s essential to configure both directions of the peering to enable full communication between the networks.
2️⃣ Network Security Groups (NSGs)
NSGs control the flow of traffic to and from Azure resources. By setting inbound and outbound security rules, you can restrict or allow traffic based on specific conditions, such as the source, destination, port, and protocol.
3️⃣ Network Watcher
Network Watcher provides diagnostic tools like Connection troubleshoot, Packet capture, and NSG flow logs to help monitor, diagnose, and analyze network traffic in Azure.
4️⃣ Custom Routes
Custom routes let you control traffic flow, including directing traffic through network appliances like firewalls or monitoring devices. This is important for advanced network setups where you need more granular control over traffic.
5️⃣ Azure PowerShell
Azure PowerShell is a powerful tool for automating tasks, including testing network connectivity. Using PowerShell commands like Test-NetConnection provides a simple way to check the health of network resources.
Conclusion
This lab helped me understand the critical concept of intersite connectivity in Azure. Virtual network peering allows multiple networks to communicate securely, while network security groups and custom routes help ensure secure and controlled traffic flow. With tools like Azure PowerShell and Network Watcher, diagnosing and managing network connectivity becomes much easier. This knowledge is essential for any Azure Administrator managing complex, multi-network architectures.
🚀 Stay tuned for my next blog post on Lab 06 - Implement Traffic Management!
🔗 Follow my journey as I continue mastering Azure Administration! 🚀
Top comments (0)