Create a Hub-and-Spoke Topology on Azure with Peering and Virtual Network Gateways
Рет қаралды 31,256
Күн бұрын
@brushenas 5 жыл бұрын
The best video tutorial I have seen so far regarding Vnet Peering. Thank you so much
@vijaykumbhar1362 3 жыл бұрын
Awesome, information about Hub-Spoke topology, great work!
@shatabdidey3056 5 жыл бұрын
No doubt , that he explained the Vnet peering very well..
@VJayRana 2 жыл бұрын
Thank you so much, I got some issues fixed by understanding this fundamental tutorial. I like the way you explained.
@AAhmed_Alii 4 ай бұрын
Excellent tutorial!
@yogeshwartripathi9018 3 жыл бұрын
You are champ, keep making video on advance level for each azure network componenet
@nickpandev4830 3 жыл бұрын
Thank you for this video Sir ! it was very helpful to understand how Hub and Spoke topology works for me
@adeelbinkhalid4052 4 жыл бұрын
13:02 - Is there a reason you enabled Allow forwarded traffic from spoke1 to hub-vnet? My understanding is that you can leave it disabled because spoke1 will not receive any traffic that needs to be forwarded to hub-vnet. Any usecase you can specify for this scenario? thanks.
@Atmosera- 4 жыл бұрын
If you were doing a transient network where spoke 1 was a sub hub network with spokes off it it. This topology is common in more complex setups.
@adeelbinkhalid4052 4 жыл бұрын
@@Atmosera- Makes sense. Thanks for your reply. Very simplified and easy to understand tutorial. Job well done :)
@alinaqvi385 2 жыл бұрын
Very good. Thank you.
@tallgeese1 4 жыл бұрын
On premises; be that as it may, thank you for this informative presentation.
@CarloL525 4 жыл бұрын
Explained so well!!
@jptelschow 3 жыл бұрын
Great, another sub !
@Atmosera- 3 жыл бұрын
Glad you liked it! :)
@chenliang5263 4 жыл бұрын
Great video! How that would change if I threw firewall into the mix?
@Atmosera- 4 жыл бұрын
Depends on where you want to put the firewall, but I'm assuming you want a network virtual appliance on the edge? If that is the case you can still use peerings, but you would need to manually manage the routes from the peers to have a default route to your firewall. You can do that with route tables in Azure. docs.microsoft.com/en-us/azure/virtual-network/tutorial-create-route-table-portal
@chenliang5263 4 жыл бұрын
@@Atmosera- Would I need two route tables in this case? One to direct traffic from the hub subnet to a NVA firewall, and the other between the gateway and a NVA firewall.
@Atmosera- 4 жыл бұрын
@@chenliang5263 No, just a single one that could be used on all your subnets. Basically, set the default route (0.0.0.0/0) to the private IP of your NVA.
@chenliang5263 4 жыл бұрын
@@Atmosera- Cool. I will try it out. Thanks.
@saravanansankaranarayanan8898 2 жыл бұрын
Good one
@jd270992 3 жыл бұрын
Amazing tutorial
@Timmy-Hi5 2 жыл бұрын
Great tutorial, and now the question :) once you have this setup how you would publish web app running on a VM hosted in Spoke Vnet. If you possibly have some best practice link or doc, Much appreciated. :)
@Atmosera- 2 жыл бұрын
You can install apps on VM's much the same way that you would do it on an on premises VM, for instance scripting a remote install of an MSI using PowerShell or something like that. powershellexplained.com/2017-04-22-Powershell-installing-remote-software/
@Timmy-Hi5 2 жыл бұрын
@@Atmosera- this is fantastic 😁, and I have found few tutorials, but wanted second opinion from Super professional 🚀❤️🇬🇧,🍺🍻
@shihab0 2 жыл бұрын
do you have any video about hub to hub peering so that vnets on each hub can connect each other through hubs?
@Atmosera- 2 жыл бұрын
It follows the same procedure. You'll probably need UDR's thought to make the routes work and the networks transient.
@mindfreaksaad 2 жыл бұрын
Thanks Boss
@shihab0 2 жыл бұрын
very well explained. I tried the hub and spoke for vnet to vnet connection through the hub. but did not work - microsoft advised that vnet are non transitive - we have to use Azure firewall or NVA.
@Atmosera- 2 жыл бұрын
You can also use UDR's to do the same thing. They are not designed to be transitive for VNET to VNET, but VPN/ER to VNET they are.
@shihab0 2 жыл бұрын
@@Atmosera- thanks - brilliant ..using UDR pointing to Hub Gateway worked
@rawattechnologies 2 жыл бұрын
Can we configure express route and site to site connect connection on same vpn gateway ?
@Atmosera- 2 жыл бұрын
no. I think you need a separate one.
@ashpai2005 3 жыл бұрын
I have a HUB vnet created with Virtual Network gateway, and two spoke vnets with a VM in each of them. The HUB Vnet is peered to both the spoke vnets. Both spoke vnets are using the remote virtual network gateway of HUB. VM from spoke1 is not able to ping VM from spoke2 , even though the gateway transit is seen as enabled on the HUB peerings. What might be the cause?
@Atmosera- 3 жыл бұрын
That is by design. You need a network appliance or Azure Firewall in the hub to ensure that those routes can happen.
@ashpai2005 3 жыл бұрын
@@Atmosera- found a blog that shows how to do it with UDR, sharing here for reference blog.kloud.com.au/2018/08/10/hub-spoke-communication-using-vnet-peering-and-user-defined-routes/#:~:text=As%20we%20know%2C%20vNet%20peering,were%20not%20allowed%20to%20do.
@ashpai2005 3 жыл бұрын
@@Atmosera- Many thanks for your prompt response and the informative video.
@uyildiz 4 жыл бұрын
Why not you don't use "use remote gateway" option on spokes peerings?
@Atmosera- 4 жыл бұрын
You wouldn't use that if you don't want the traffic on your spoke Vnet's to traverse your hub Vnet and go over your VPN.
@enzoderozereuil1334 2 жыл бұрын
Hello, Thank you for this tutorial, it's awesome ! However, I got a Policy-Based VPN (Virtual network Gateway) and the resources in my Spoke vnet cannot communicate with me on-premises resources is there any missing piece ?
@Atmosera- 2 жыл бұрын
Check your routes to makes sure they are locally set up and vice versa. That's a common culprit
@enzoderozereuil1334 2 жыл бұрын
@@Atmosera- Thank you, so I need to add somes routes from my on-prem environment to my Azure ressources. And add also make sure I have some routes from my Azure envrironment to my on-prem ressources Is there a ressource I have to deploy to add routes on my Azure environment ?
@MarcosSilvamltecno 4 жыл бұрын
Incredible video, i liked more one sub, great.
@sukhwinder101 5 жыл бұрын
awesome video
@mihirpatel3754 4 жыл бұрын
Great video. I have a similar setup and my onperm VMs can ping and rdp to the VMs in the hub and spoke vnets, BUT I can't ping or rdp back from these vnets back to the onperm VMs. Am I missing a step?
@Atmosera- 4 жыл бұрын
Make sure "use remote gateway" is checked on on the peering and also make sure that the on prem VPN can handle the routed packets from Azure.
@TravelIndiaSolo 3 жыл бұрын
Awesome video! I could successfully create VNet peeing and they're showing connected. I'm facing a problem while accessing a resource from on-prem. One of my VNet is setup with site to site VPN with on-prem and I can access on-prem resources from that VM, however, when I create a resource in another Vnet(within the same region) and setup Vnet peering, the resource in the 2nd Vnet couldn't access on-prem resource. What could be the problem? Please help!
@Atmosera- 3 жыл бұрын
Make sure you have gateway transit checked and use remote gateway checked.
@TravelIndiaSolo 3 жыл бұрын
@@Atmosera- thanks for responding. Gateway transit and remote gateway are enabled.
@Atmosera- 3 жыл бұрын
@@TravelIndiaSolo Make sure your on prem routers recognize the routes coming in from Azure.
@bazatul1 4 жыл бұрын
What i do not understand is how do you connect the VPN gateway ip pool (10.3.0.0/24 i think it was in the video) to the Vnet hub. I have done something similar to this but i cannot ping from my VPN connected PC onto the VM1 (created on subnet in hub vnet).
@Atmosera- 4 жыл бұрын
It might be a routing issue. Check the routes on your local machine (route print in windows) and see if there is a route for the 10.3.0.0/24 subnet.
@marikupatadze1947 4 жыл бұрын
Super!
@ppetrix 4 жыл бұрын
I have 1 vnet with my vm's. I have 1 vpn gateway basic connected to 10 sites. Can I create another vpn gateway basic (more cheap) to connect more sites. I upgraded the basic to performance but is to expensive, from 25$/month to 300$/month :(. Thank you for your video.
@Atmosera- 4 жыл бұрын
A VPN gateway of any SKU can only connect to one VNet. You can peer that same VNet however with multiple other VNets. I can't remember what the upper threshold is, but it's pretty generous.
@xinyutu 2 жыл бұрын
After this setup, can 2 spoke network talk to each other? Guess no?
@Atmosera- 2 жыл бұрын
Yes. Best practices is to use the hub as a transient network. You'll have to set up UDR's to make it happen though.
@vbachris Жыл бұрын
i had to look at further documentation because you lost me on what 'gateway' was used to transmit communication between the spokes via the hub. the magic answer is that VPN gateway can ALSO act as an inter-spoke gateway, not only for VPN off-prem. the magic connecting peered spokes to each other via the hub is a gateway AND this gateway can be a firewall, routing-tables, OR a VPN Gateway.
@loki9267 3 жыл бұрын
undoubtedly the best.You deserve a click on subscribe and bell.
@manishalankala1622 3 жыл бұрын
Query : Vnet peering considering Hub spoke Model 1. if subcription are different 2.If resource groups of Hub and spoke are different 3. if regions are also different can this be achieved
@Atmosera- 3 жыл бұрын
It can work, but in general, you'd want to establish a new hub VNet for each region to no incur cross-region charges and use external point of presence load balancing like Traffic Manager. Alternatively, you can use Azure Front Door.
Jason Derulo
Рет қаралды 14 МЛН
Cloud Academy - All in One
Рет қаралды 27 М.
Adam Marczak - Azure for Everyone
Рет қаралды 609 М.