Azure VNET-VPN-ExpressRoute and Peering

 Azure VNET:  

  • Azure VNET is used to create a virtual network for all the resources in your cloud environment.  

  • We can also create each VNET for a group of resources. 

  • Inside every VNET we have to create subnets for grouping the resources. And there should be at least one subnet should be attached to VNET. (If we don’t mention anything Azure will by default create a “default” subnet with in the same CIDR block of VNET. 

Peering:  


  • Whatever the resources created in different VNETs cannot communicate directly, to make them communicate with Private IPS internally, we have to peer those VNETs. 

  • VNET peering can be happen with in the same subscription and also can be done cross subscription also. 

  • To create a Peering connection, in VNET option we have peering option, inside that we have to Give a name for peering and choose to which subscription and to which VNET we need to peer. 

  • Once the peering come into connected state in both the VNETs, we can be able to access the resources with Private Ips from both VNETs. 


VNET to VNET peering:  


  • VNET to VNET peering is same as like connecting Azure VNET to OnPrem sites. It also requires VPN gateway for connection. 

This peering can be done among VNETs in 

  1. Same or different regions 

  1. Same or different subscriptions.  

  1. Same or different deployment models. 

*** we have two types of deployment models one is classic, and another is Resource manager. 

Resources created way back were created with Classic deployment model and resources created recent times are created with Resource manager *** 


VPN:  


  • VPN connections are used to establish connection from our OnPrem servers to servers or resources in Azure. 

  • VPN is secure way of connecting and data will be transferred in public channel with security.  

  • This VPN can be created in two ways 

  1. Point to Site VPN 

  1. Site to Site VPN 

  • To create a VPN, first we need to create a Virtual Network Gateway, then inside that gateway, we have option to create VPN. In The VPN details we have to give cert, to protect our Data.  

  • This cert we have to create or use an existing cert, to Create cert we can use letsencrypt command. Download the command and create the cert. 


Site-to-Site VPN: 


  • In this mode VPN gateway will be connected to OnPrem site in active-standby mode with one Public IP (Here one active connection and one standby connection will be there, if any failure in active connection standby connection will work) 

VPN gateway can also be connected in active-active mode to OnPrem site, so that there will be two active connections will be there and it is a recommended way and effective way of data transfer.  

  • This S2S VPN requires a Public IP attached on OnPrem site side and also a VPN device is required on OnPrem site side. 

  • This S2S VPN type is called as many to many. (Connection from all azure resource to a OnPrem site for all employees)  

  • We can also create more OnPrem sites connections to one VPN gateway, but in this method, we have to use Route based VPN gateway (dynamic gateway).  

  • We cannot use multiple VPN gateways from one VNET to different OnPrem sites, because a single VNET will accept only one VPN gateway creation in it.  


 Point-to-Site VPN: 


  • This method of VPN is used to connect from Azure resources to a client or a few numbers of clients. 

  • This VPN type doesn’t require a VPN device or any Public IP on client side.  

*** P2S connections can be used with S2S connections through the same VPN gateway, as long as all the configuration requirements for both connections are compatible.  

*** In point-to-site, you have to connect to the network you want to access manually. Usually, if you log-off or restart the workstation it loses connection, and you have to reconnect every time. It's common to use this type of VPN when we are working remotely, and we need to access our company assets. The channel is bi-directional, but it's 1-to-many. 

*** Site-to-site is used when you want to connect two networks and keep the communication up all the time. It's also bi-directional, but it's many-to-many and stays up no matter if your server/workstation is running or not because the connection is established through a network gateway and not from the computer operating system. 

 

** Azure to OnPrem connection can be done two ways, 

  1. VPN connection 

  1. Express route. 


Express Route: 


  • Express route is not a secure way of connection, the data will be sent in Private channel without security. 

  • And it’s used for high or huge data transfer.  

  • It is very fast way of data transferring.  

  • In Express Route connection, we will attach a “ExpressRoute gateway” to the VNET in azure and then the connection will be given from OnPrem server.


Site-to-Site configuration:  


  • To create a S2S connection, first we need to create a VPN gateway, once it is created, we have to create local network gateway. 

  • In the local network gateway, we need to pass our VPN device IP from OnPrem site and also, we need to Pass IP range details which will access this VPN from OnPrem one by One in Address Space Range details. 

  • Once this is done, we need to create “Connection” in VPN gateway, we have option of connection. 

  • In Connection detail, we need to pass Our Local N/W gateway name and VPN gateway Name and a “Shared Key” (which is used for authentication).  

  • Now depending on the requirement, we can configure our required VPN device on OnPrem site and connect it to Azure.  

  

 

Comments

Post a Comment

Popular posts from this blog

🔍 Why You Only See a Private IP Inside an AWS EC2 Instance — Even If It Has a Public IP

Why You Only See a Private IP Inside an AWS EC2 Instance 🤔 The Mystery: Where Did My Public IP Go? Let’s say you’ve just launched an EC2 instance in AWS. You assign it a public IP address like 54.201.112.34 , and you successfully SSH into it: ssh ec2-user@54.201.112.34 Once inside, you run: ip addr But instead of seeing the public IP, you get something like: inet 10.0.1.42/24 brd 10.0.1.255 scope global eth0 So… where’s the public IP? 🧠 What’s Actually Happening Behind the Scenes Every EC2 instance gets a private IP from the VPC subnet. If you assign a public IP (or Elastic IP), AWS performs a 1:1 NAT mapping externally — not inside the instance. The OS inside the instance never sees the public IP. TL;DR: The public IP is mapped outside the instance by AWS NAT. The instance is only aware of its private IP. 🌐 Visual Flow (Conceptual) YOU (Public Internet) | | Connects to Public IP: 54.201.112.34 | [ AWS NAT Gateway ] | Tra...
Read more

A Day in the Life of a DevOps Engineer – Roles & Responsibilities

  Introduction In the fast-paced world of software development and IT operations , the role of a DevOps Engineer is crucial in bridging the gap between development (Dev) and operations (Ops). DevOps professionals streamline workflows, automate processes, and ensure seamless deployment and monitoring of applications. In this blog post, we will cover: ✅ Who is a DevOps Engineer? ✅ Key Roles & Responsibilities ✅ A Typical Day in the Life of a DevOps Engineer ✅ Essential DevOps Tools & Technologies ✅ Skills Required for a DevOps Engineer ✅ Conclusion Let’s dive in! 🚀 Who is a DevOps Engineer? A DevOps Engineer is responsible for: 🔹 Automating software development, testing, and deployment pipelines 🔹 Ensuring infrastructure is scalable and reliable 🔹 Managing cloud environments and CI/CD pipelines 🔹 Monitoring and improving system performance 🔹 Collaborating with developers, testers, and operations teams DevOps engineers reduce the time-to-market by maki...
Read more

Docker and Its Usage in DevOps – A Complete Guide

  Introduction In modern software development, containerization has revolutionized the way applications are built, shipped, and deployed. Docker is the most widely used containerization tool that allows developers to package applications with all dependencies into a lightweight, portable container . This blog will cover: ✅ What is Docker? ✅ Why use Docker in DevOps? ✅ How to install Docker? ✅ Basic Docker commands ✅ Using Docker in CI/CD Pipelines ✅ Deploying Docker Containers with Kubernetes Let’s dive in! 🚀 What is Docker? Docker is an open-source platform that enables developers to build, deploy, and run applications in isolated environments called containers . These containers encapsulate application code, dependencies, and runtime environment into a single package, ensuring consistent behavior across different systems. Why Use Docker in DevOps? ✅ Portability: Write once, run anywhere – Docker containers run the same way on any system. ✅ Scalability: Easily s...
Read more