The course is part of these learning paths
Azure Network Connectivity and Name Resolution
Learn how to configure Microsoft Azure connectivity and name resolution with this expertly instructed course from Cloud Academy.
In this course, you will learn two different ways to connect virtual networks together. The course starts by teaching you how to set up peering between virtual networks and then moves on to showing you how to connect two VNets using a virtual network gateway. Once you have mastered network connections, you will learn how to use Azure DNS to configure custom domain names for the resources in your VNets. Finally, we will move on to learning how to set up both public and private DNS zones.
This course is essential for those looking to train enterprise teams since, by default, Azure virtual networks are isolated from each other and only have a rudimentary form of name resolution. To build useful networks in Azure, you will need to connect these virtual networks together. To make them easier to manage, you will need to implement custom name resolution.
This course is made up 7 lectures with an introduction and conclusion to aid in reviewing what you have learned throughout the course.
Configure Azure virtual network peering
Create a virtual network gateway and use it to connect two VNets
Configure Azure DNS to handle name resolution
Those looking to become Azure cloud architects
Those preparing for Microsoft’s AZ-100 or AZ-102 exam
- Basic knowledge of Azure virtual networks
- The GitHub repository for this course is at https://github.com/cloudacademy/azure-networks-and-dns
Before Microsoft released virtual network peering, the main method of connecting two VNets together was to use virtual network gateways. This method isn't needed nearly as much now since VNet peering is a lot easier, but there are still circumstances when it can be useful. One example is when you want to connect VNets that are in different subscriptions and that are associated with different Active Directory tenants. You can't connect those with peering. Another example is if you want to load balance between two regions. Although peering works across regions, there's a restriction on load balancers. Resources in a peered VNet can only communicate with the front-end IP address of an internal load balancer if it's in the same region. So to load balance across regions, you have to use virtual network gateways. The connection still goes over the Azure backbone rather than the internet though.
Now I'll show you how to create a VNet-to-VNet connection. I'll warn you that it can take 45 minutes or more to create a gateway. So if you're going to follow along on your own Azure account, keep that in mind. A virtual network gateway needs to be deployed in its own subnet, so let's create one. Go into your first VNet, and select Subnets from the Settings menu. Then click add Gateway subnet. It helpfully names it GatewaySubnet for you. This specific name is actually required in order for Azure to recognize it as the gateway subnet. For the address range, you won't need 251 IP addresses. Microsoft recommends using either 27 or 28 for the length of the subnet mask, so change the suffix to 28. This still gives you 11 usable addresses. Then click OK. Now add a gateway subnet to the second VNet as well. All right, now we're going to create a gateway. In the Search bar, type gateway. Then select Virtual network gateways. Click Add. Call it gw1. We're not using ExpressRoute, so leave the gateway type as VPN. Leave the VPN type as Route-based. For the SKU, which is the pricing tier, since this is just a test, change it to Basic. Click Virtual network, and select your first VNet. You have to assign a public IP address to the gateway, so type a name for it. I'll call it gw1pip. Then click Create. Now add a gateway in the second VNet. I'll fast-forward.
All right, both gateways have been deployed. Now we can create the connections between them. Go to the first gateway. Select Connections from the Settings menu, and click Add. Type a name for the connection, such as vnet1-vnet2. Leave the connection type as VNet-to-VNet. It already set this gateway as the first virtual network gateway. Click on the second one, and choose gw2. Now it wants a shared key to encrypt the connection. This is kind of weird. Where are you supposed to get the key from? Well, normally VPN gateways are used to connect to VPN devices at an on-premises location. So in that case, you'd get the key from the VPN device. But in this case, we're connecting to another VPN gateway, so we have to make up our own key. It can be anything as long as it's just letters and numbers. If you were doing this for a production system, then you'd want to use a good key. But since this is just a demo, I'm going to use abc.
Then click OK. Now we have to create a connection in the other direction as well. This time I'll call it vnet2-vnet1. We have to put the same key here that we put in the first connection. It takes a little while before they're fully connected, so I'll fast-forward again. You might need to refresh your browser. When the connections have succeeded, their status will change to Connected. To verify that traffic is flowing between them, click on a connection and look at the Data in and Data out numbers. They should be above zero, which they are. And that's it for virtual network gateways.
About the Author
Guy launched his first training website in 1995 and he's been helping people learn IT technologies ever since. He has been a sysadmin, instructor, sales engineer, IT manager, and entrepreneur. In his most recent venture, he founded and led a cloud-based training infrastructure company that provided virtual labs for some of the largest software vendors in the world. Guy’s passion is making complex technology easy to understand. His activities outside of work have included riding an elephant and skydiving (although not at the same time).