Implementing VNET Peering and Service Chaining in Azure

This article is going to deal with Azure Virtual Network Peering. VNET peering is a concept of combining two different networks from the same or different regions of Azure to become a single network for having an authenticated and secured access for resources. When we use VNET peering, the concept of creating VPN Gateways to connect different Azure Networks is not required since VNET Peering does the same thing for you in a cheaper and easier way.

 

Demo Scenario:

This lab is about the deployment of two Virtual Networks upon which a Virtual Machine will be deployed on one VNET and two virtual machines will be deployed upon another VNET in South India Datacenter. The deployment of resources will be carried out using ARM Templates. After the deployment is done, the VNETs will be peered for accessing the Virtual Machine that is of a different Virtual Network. To make this happen, we will also be deploying Routing Tables in Azure.

 

Prerequisites:

  1. An Azure Subscription.
  2. Knowledge on ARM Templates.
  3. Basic Understanding of Networking.
  4. ARM Templates – Download the scripts required for doing the following demo from the below-given link.

 

ARM Templates:

https://codesizzlertech-my.sharepoint.com/:f:/g/personal/kishorechowdary_codesizzler_info/EsUu1VXezp9Io_vfN7bIQzIBYyHBOCHx5Ru0yWL6hSKjYA?e=4mTJjr

 

Demo 1: Deploying two VMs on one VNET using ARM Templates

Go to + Create a resource and search for Template deployment in the search box. You will get the Template deployment blade. In there click on the Create button.

 

In there, click on Build your own template in the editor option.

 

Now, click on Load file option in the top.

 

Then, select the file named 1 Creating two VMs up on Single VNET from the set of files that you downloaded in the beginning and click Open.

 

Once you click on Open, the JSON script in that template will get uploaded into the portal. Then, click on the Save button.

 

Now, click on Edit parameters option to edit the input parameters for deployment.

 

Again, click on the Load file option and to upload parameters file.

 

This time select 2 Parameters file from the downloaded files and click on Open.

 

After the script gets loaded, click on the Save button.

 

In the deployment blade, create a new resource group like shown below. Make sure to agree on the Terms and Conditions in the bottom and click on Purchase.

 

Demo 2: Deploying a VM on a VNET using ARM Templates

Go to + Create a resource and search for Template deployment in the search box. You will get the Template deployment blade. In there click on the Create button.

 

In there, click on Build your own template in the editor option.

 

Now, click on Load file option in the top.

 

Then, select the file named 3 Creating VM up on a Single VNET from the set of files that you downloaded in the beginning and click Open.

 

Once you click on Open, the JSON script in that template will get uploaded into the portal. Then, click on the Save button.

 

Now, click on Edit parameters option to edit the input parameters for deployment.

 

Again, click on the Load file option and to upload parameters file.

 

This time select 2 Parameters file from the downloaded files and click on Open.

 

After the script gets loaded, click on the Save button.

 

In the deployment blade, create a new resource group like shown below. Make sure to agree on the Terms and Conditions in the bottom and click on Purchase.

 

Demo 3: Configuring VNET Peering

Once after the two VNETs are deployed in the previous two demos, you can start to peer the VENTs. Open the resource group that you created for the first two VMs and open the VNET named az1000401-vnet1.

 

Navigate to the Peerings menu blade of that VNET and click on + Add button.

 

Give a valid name and choose the Peer details as shown below. For Virtual network choose the VNET named az1000402-vnet2 which you created in demo 2. Allow the Virtual network access and disable rest of the settings and click Ok.

 

You can note that peering got initialized in the VNET.

 

You have to repeat the same process in VM2. Go the resource group you created in demo 2 and open the VNET named az-1000402-vnet2.

 

Navigate to the Peerings blade of the VNET and click on + Add button to configure peering with another VNET.

 

Give a valid name and choose the Peer details as shown below. For Virtual network choose the VNET named az1000401-vnet1 which you created in demo 2. Allow the Virtual network access and disable rest of the settings and click Ok.

 

You can note that peering got initialized in the VNET.

 

Demo 4: Configuring IP Forwarding and Creating Routing Table

Go to virtual machines menu and find the VM named az1000401-vm2 for enabling IP Forwarding.

 

Go to the Networking blade and click on the NIC named az1000401-nic2 as shown below.

 

Go to the IP configurations menu blade of the NIC and click on Enabled option for IP forwarding and click on Save button.

 

Now, let us create a routing table for routing the traffic. To do so, go to + Create a resource and search for Routing table and click on Create.

 

Give a name for the routing table and choose a subscription and resource group. Make sure to choose the location as South India, Disable Virtual network gateway propagation and click on Create.

 

Open the routing table after it gets deployed and navigate to its Routes blade and click on + Add button.

 

Give a name to the route and give its address prefix as 10.104.0.0/16 which is the address range of VNET az1000401-vnet1. For Next hop, type select Virtual appliance and to the Next hop address set the IP address as 10.104.1.4 which is the IP address of the NIC of az1000401-vm2 and click on Ok.

 

In a while, you will be able to find the Newly added route.

 

Now, go to Subnets blade of the route table and click on the + Associate option.

 

In there select the Virtual Network az1000402-vnet2 and the subnet Subnet0 and click on Ok.

 

Now, we have associated the routing table along with the route to the VNET.

 

Demo 5: Configuring Routing in Azure VM az1000401-vm2

Navigate to VMs menu and open the VM az1000401-vm2 to make RDP connection with it.

 

In the overview page of the VM, click on Connect option and click on Download RDP file button and open it.

 

In the RDP connection, dialog box click on Connect button.

 

Enter the User name and password of the VM as shown below if you used the ARM Templates as it is without modifying username and password in it. If modified, enter your own username and password and click on Ok.

 

Click on Yes when prompted with a certificate like this.

 

After logging to the VM, wait for a while so that the Local Server Manager will get opened by itself. In there, click on Add roles and features to add the Remote Access role.

 

In the following window hit Next without making any changes.

 

Again, click on Next.

 

Again, click on Next for one more time.

 

Now enable the Remote Access check box in the roles and click on Next.

 

Once again click on Next.

 

 

In the Role Services click on Routing check box.

 

When prompted with features, click on Add Features.

 

Click on Next again and follow the rest of the steps as shown below.

 

 

 

 

 

After your installation gets succeeded, click on the warning that gets displayed in top and click on Open the Getting Started Wizard.

 

After clicking in there, you can find the warning sign gone.

 

Now, let us configure and enable routing and remote access. To do so, go to Tools and click on Routing and Remote Access option.

 

In the Routing and Remote Access console right click on the server that is displayed and choose Configure and Enable Routing and Remote Access.

 

In the setup wizard, click on Next.

 

Choose Custom configuration and click on Next.

 

Now select LAN routing and click on Next button.

 

Finally, click on Finish.

 

After hitting on Finish, you will get a Routing and Remote Access dialog box. In there click on Start service button to start the service.

 

You must get a message displayed as shown below. If you don’t get, check the previous steps once again.

 

Now, let us go to the Local Server Manager and open Firewall settings. To do so, go to Tools and choose Windows Firewall with Advanced Security.

 

In the firewall window, go to Inbound Rules and enable File and Printer Sharing (Echo Request – ICMPV4-In) rule by clicking on the Enable Rule option.

 

Demo 5: Validating Service Chaining

Navigate to the VM menu once again and make RDP access to the VM az1000401-vm1 and open the local server manager and repeat the same steps that you did earlier for enabling the Firewall rule. To do so, go to Tools and choose Windows Firewall with Advanced Security.

 

In the firewall window, go to Inbound Rules and enable File and Printer Sharing (Echo Request – ICMPV4-In) rule by clicking on the Enable Rule option.

 

Demo 7: Testing the Service Chaining between Peered Networks

We have all set with the VNET Peering and configuration of VMs to allow connections via routes. Let us test the Peering now by making RDP to the VM az1000402-vm3 and open PowerShell and run the below-given command. In the command, the IP address 10.104.0.4 is the IP address of the NIC of az1000401-vm1. On successful execution of the command, it is clear that we have routed the request between two networks.

Test-NetConnection -ComputerName 10.104.0.4 -TraceRoute

 

Here we have implemented the concept of VNET Peering and Service Chaining in Azure for routing the user traffic between two different networks in Azure.