Introduction
This article provides steps for how to create an Azure-based hub virtual network (VNet) with subnets and address space from scratch, as well as how to configure a virtual network peering. This is to allow for the virtual networks to communicate with each other securely and privately.
Scenario
A hypothetical Web Application requires network isolation and segmentation in a network for secure and private communication. The virtual networks and subnets will be created in the following steps.
Segmentation is the act of dividing the virtual network into smaller physical or logical components. This is to increase security and data protection.
Step 1: Create hub and virtual networks and subnets
I. Creating the virtual networks
- Open a browser and navigate to the Azure portal and login.
- To create a Virtual Network, click the hamburger icon at the top left
hand side corner of the portal.
- In the displayed pane, select Virtual Networks.
- In the “Virtual Networks” portal pane, select + Create.
- At the Resource group label select "create new" to create a new
resource group. Give the resource group a name and click Ok. Keep in
mind that this is the "parent directory" for the virtual networks to be
created.
- Also, give a name to the virtual network at the "virtual network name"
label.
- Select a Region from the dropdown list at the Region label. In this
case, I selected East US.
- Next, Select the IP Addresses tab at the top of the page.
II. Create subnets for the first Virtual Network.
- At the dropdown menu displayed above the address space box on the
displayed page, check that the dropdown is set to Add IPv4 address
space
- In the address space box, change Subnet address range to 10.1.0.0/16 (This is usually the default IP address so you may not need to change it in this instance).
- locate a pen icon at the bottom corner, in the address space box (next
to the garbage can icon). Click on this icon to edit the default Subnet name.
- Change Subnet name to frontend
- Also, change Subnet address range to 10.1.0.0/24 using the size label. Leave all other settings as their defaults.
Click Add to close the Edit Subnet pane. This
completes the creation of the first Subnet.
The next step is to create the second subnet. As you can see, the
frontend subnet is listed in the box. We need to create another
subnet in this virtual network. Again, locate the pen
icon at the bottom (next to the garbage can icon). Click on this icon to
add another Subnet.
Also, change the subnet name to backend, then change the
Subnet address range to 10.1.0.0/24.
Again, leave all other settings as their defaults. Click Add to close the edit subnet pane.
Select Review + Create to validate the configurations and Create to create the first virtual network.
III. Creating the second virtual networks
- Creating the second virtual network is similar to creating the first virtual network.
- click the hamburger icon at the top left-hand side corner of the Azure portal.
- Again, in the displayed pane, select “Virtual Networks”.
- In the “Virtual Networks” portal pane, select “+ Create”.
- At the Resource group label select from the drop-down menu the first Resource group that was created.
- Also, give a name to the virtual network at the "virtual network name" label. Here the name I supplied was Hub-vnet.
- Select a similar Region from the dropdown like the first virtual network
list at the Region label. In the previous virtual network, I selected
East US.
- Next, Select the IP Addresses tab at the top of the page.
- set the IPv4 address space to 10.1.0.0/16
IV. Create a subnet for the second Virtual Network.
- In the address space box, locate a pen icon at the bottom (next to the garbage can icon).
- Click on this icon to edit the default Subnet name.
At the flyout pane, change subnet purpose to Azure Firewall from
the Default settings.
Change Subnet name label to AzureFirewallSubnet
Also, change Subnet address range to 10.1.0.0/26.
Leave all other settings as their defaults.
select the save button to Close the edit Subnet pane. This
completes the creation of the Subnet for the second virtual network.
Select Review + Create to validate the settings.
After validation is complete select the Create button to create the
second virtual network and watch the process complete deployment.
Step 2: Setup a peer relationship between the virtual networks
- Once the deployment is complete for the second virtual network, navigate back to the portal. In the search bar type resource groups and select Resource Groups from the results.
- Select the required Resource group in the main pane and confirm that
both virtual networks have been deployed.
- Setting up a peer relationship between the two virtual networks aims to allow traffic to flow in both directions between the app-vnet and hub-vnet virtual networks.
- In the Portal and the resource group view, Select the first virtual
network created from the table. In my case it was the app-vnet
virtual network.
- On the app-vnet overview page select settings the left-hand
sidebar of the portal.
- Scroll down and select peerings to add peering.
- In the app-vnet peerings pane, Select + Add.
Fill out under the Remote virtual network summary heading supply a
name for Peering link name with app-vnet-to-hub.
.Select the first virtual network from the drop-down.
Scroll the page down to the Local virtual network summary heading.
Fill out the Peering link name with hub-to-app-vnet.
Leave all other settings as their defaults. Select Add to create the
virtual network peering.
You should see a notification at the top right of the page that says
Adding virtual network peering
Once the process completes, and after the configuration updates,
this validates that the Peering status is set to Connected.
(you may have to refresh the page to see the updated status)
Conclusion.
This article explains how to provide network isolation and segmentation for a web application, in an Azure virtual network with subnets with address space. We have learned the following:
- Creating virtual networks
- Creating subnets within the virtual networks, and
- Configuring virtual networking peering which means allowing two or more virtual networks to connect and appear as one for connectivity purposes.
It's been great sharing my journey into cloud engineering and I hope to see you soon on the other articles.
Cover Image by Alina Grubnyak on Unsplash
Top comments (0)