Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the internet, and on-premises networks. VNet is similar to a traditional network that you’d operate in your own data center, but brings with it additional benefits of Azure’s infrastructure such as scale, availability, and isolation.
What is subnet ?
A subnet is a set of IP addresses under a VNET. We can separate our VNET address space into smaller subnet with difference range called address prefix for security or organize purpose.
When you set up a virtual network, you specify the topology, including the available address spaces and subnets. Select address ranges that don’t overlap if the virtual network is connected to other virtual networks or on-premises networks. The IP addresses are private and can’t be accessed from the Internet. Azure treats any address range as part of the private virtual network IP address space. The address range is only reachable within the virtual network, within interconnected virtual networks, and from your on-premises location.
In this article, we’re going to learn how to create an Azure Virtual Network with basic configuration and how to connect 2 difference VNET together.
Prerequisites
To have permission on Azure Network feature, you must have an Azure account/Service Principal with Network Contributor role and Contributor role on the working subscription and:
- Azure CLI installed on your working machine. See How to install Azure CLI on Ubuntu 22.04
How to create an Azure Virtual Network?
To start working with Azure resource through the Azure CLI, let’s login to your Azure account and set working subscription
# login to azure az login -t <your Azure AD ID> az account set -s <your working subscription> # then create a resource group for our vnet az group create --name cli-vnet-1 --location northeurope
1. Create VNET with subnet
We’re going to create a VNET with address space as 10.80.0.0/16 which contains 2 subnets like
VNET Address Space: 10.80.0.0/16
subnet_1: 10.80.1.0/24
You can also create another VNET with smaller or larger address if you want. Now it’s time to create one:
# create a VNET with address space
az network vnet create \
--resource-group cli-vnet-1 --name cli-vnet-1 \
--address-prefix 10.80.0.0/16 \
--subnet-name subnet_1 --subnet-prefix 10.80.1.0/24
2. Add a subnet to an existing VNET
In some cases, when your existing subnet has no space enough for your resource, you need to add a new subnet in your VNET. This new subnet should has addresses belong to your VNET address spaces and should not overlapped with another subnet.
Now create another subnet called subnet_2 with the subnet prefix 10.80.2.0/28
# add new subnet to your existing VNET
az network vnet subnet create \
--address-prefixes 10.80.2.0/28 \
--name subnet_2 \
--resource-group cli-vnet-1 \
--vnet-name cli-vnet-1
3. Show Azure VNET details
After couple of minutes, you can retrieve your Azure VNET which was created earlier by az command:
# get your VNET details az network vnet show --name cli-vnet-1 --resource-group cli-vnet-1
{
"addressSpace": {
"addressPrefixes": [
"10.80.0.0/16"
]
},
"flowTimeoutInMinutes": null,
"id": "/subscriptions/c3f3aa63-3fdc-402f-9b03-30fe0a3df3ef/resourceGroups/cli-vnet-1/providers/Microsoft.Network/virtualNetworks/cli-vnet-1",
"ipAllocations": null,
"location": "northeurope",
"name": "cli-vnet-1",
"provisioningState": "Succeeded",
"resourceGroup": "cli-vnet-1",
"subnets": [
{
"addressPrefix": "10.80.1.0/24",
"name": "subnet_1",
"privateEndpointNetworkPolicies": "Disabled",
"privateEndpoints": null,
"privateLinkServiceNetworkPolicies": "Enabled",
"provisioningState": "Succeeded",
"type": "Microsoft.Network/virtualNetworks/subnets"
},
{
"addressPrefix": "10.80.2.0/28",
"name": "subnet_2",
"provisioningState": "Succeeded",
"purpose": null,
"resourceGroup": "cli-vnet-1",
"type": "Microsoft.Network/virtualNetworks/subnets"
}
],
"tags": {},
"type": "Microsoft.Network/virtualNetworks",
"virtualNetworkPeerings": []
}
Connect Azure Virtual Networks
You can extend your network by connecting your Azure Virtual Networks together. Azure provides method called VNET peering which help us easily connect them to one large.
Virtual network peering enables you to seamlessly connect two or more Virtual Networks in Azure. The virtual networks appear as one for connectivity purposes. The traffic between virtual machines in peered virtual networks uses the Microsoft backbone infrastructure. Like traffic between virtual machines in the same network, traffic is routed through Microsoft’s private network only.
Now let’s do the same thing like we did above and create another VNET called cli-vnet-2 in region westeurope with address space 10.40.0.0/16. We also need to create another subnet called subnet_3 with address prefix as 10.40.1.0/24. Now after that, we have 2 VNET like:
| VNET | Address Space | Subnet |
cli-vnet-1 | 10.80.0.0/16 | subnet_1(10.80.1.0/24)subnet_2(10.80.2.0/28) |
cli-vnet-2 | 10.40.0.0/16 | subnet_3(10.40.1.0/24) |
1. Create VNETs peering
# get cli-vnet-2 and cli-vnet-1 Id
vnet2Id=$(az network vnet show --name cli-vnet-2 -g cli-vnet-2 --query id -o tsv)
vnet1Id=$(az network vnet show --name cli-vnet-1 -g cli-vnet-1 --query id -o tsv)
# create a peering on VNET1 which is connected to remote VNET2
az network vnet peering create --name peering-to-cli-vnet-2 \
--remote-vnet $vnet2Id \
--resource-group cli-vnet-1 \
--vnet-name cli-vnet-1
# create a peering on VNET2 which is connected to remote VNET1
az network vnet peering create --name peering-to-cli-vnet-1 \
--remote-vnet $vnet1Id \
--resource-group cli-vnet-2 \
--vnet-name cli-vnet-2
2. Verify VNETs peerings
After peerings was created successfully, you can now see them in Azure Portal:
Now 2 Azure Virtual Networks are now connected together.
Leave a Reply