Lab 05: Implement Intersite Connectivity
Connectivity between different vNets using peering and custom routes and Network Watcher for troubleshooting.
Scenario: Your organization has segmented its IT infrastructure. Core services (like DNS) are in one VNet, and manufacturing systems are in another. You need to enable secure communication between these VNets.
Interactive Lab Simulations:
Global Virtual Network Peering: Connect two Azure virtual networks and test VM connections.
Monitoring vNets: Use Azure Network Watcher, flow logs, NSG diagnostics, and packet capture.
Intersite Connectivity: Create a virtual network infrastructure, configure peerings, and test connections.
Key Concepts:
VNet Peering: Connects two Azure VNets, Traffic uses the Microsoft backbone.
User-Defined Routes (UDRs): Custom routes that override Azure's default system routes.
Network Watcher: A suite of tools for monitoring and diagnosing network issues in Azure.
Virtual Network Appliance (NVA): A virtual machine that performs network functions, such as a firewall or router. (This lab sets up the route for an NVA, but doesn't deploy the NVA itself.)
Job skills
Task 1: Create a virtual machine in a virtual network.
Task 2: Create a virtual machine in a different virtual network.
Task 3: Use Network Watcher to test the connection between virtual machines.
Task 4: Configure virtual network peerings between different virtual networks.
Task 5: Use Azure PowerShell to test the connection between virtual machines.
Task 6: Create a custom route.
Task 1: Create Core Services VM and VNet
Sign In: Log in to the Azure portal (https://portal.azure.com) and Create a VM:
Virtual machine name:
CoreServicesVMPublic inbound ports:
NoneVirtual network: Click "Create new."
Name:
CoreServicesVnetAddress range:
10.0.0.0/16Subnet Name:
CoreSubnet address range:
10.0.0.0/24
Monitoring:
- Boot diagnostics:
Disable
- Boot diagnostics:
Task 2: Create Manufacturing VM and VNet
Create VM:
Virtual machine name:
ManufacturingVMPublic inbound ports:
NoneVirtual network: Click "Create new."
Name:
ManufacturingVnetAddress range:
172.16.0.0/16Subnet Name:
ManufacturingSubnet address range:
172.16.0.0/24
Monitoring:
- Boot diagnostics:
Disable
- Boot diagnostics:
Task 3: Test Connectivity (Network Watcher)
Open Network Watcher: Search for and select "Network Watcher."
Connection Troubleshoot:under "Network diagnostic tools," select "Connection troubleshoot."
Source:
Source type:
Virtual machineVirtual machine:
CoreServicesVM
Destination:
Destination type:
Virtual machineVirtual machine:
ManufacturingVM
Configuration:
Preferred IP Version:
BothProtocol:
TCPDestination port:
3389Source port: (Leave blank)
Use default Diagnostic tests.
Click "Run diagnostic tests."
Observe Results: a
Connectivity teststatus ofUnreachableas the VNets are not yet connected.
Task 4: Configure VNet Peering
Open CoreServicesVnet: In the portal, search for and select
CoreServicesVnet.Create Peering:
Under "Settings," select "Peerings" and Click "+ Add."
This virtual network:
Peering link name:
CoreServicesVnet-to-ManufacturingVnetAllow ManufacturingVnet to access CoreServicesVnet:
selected (default)Allow ManufacturingVnet to receive forwarded traffic from CoreServicesVnet:
selected
Remote virtual network:
Virtual network deployment model:
Resource ManagerI know my resource ID:
UncheckedPeering Link Name:
ManufacturingVnet-to-CoreServicesVnetVirtual Network: Select
ManufacturingVnet (az104-rg5)Allow CoreServicesVnet to access the peered virtual network:
selected (default)Allow CoreservicesVnet to receive forwarded traffic from the peered virtual network:
selected
Click "Add."
Verify Peering (Both VNets):
In
CoreServicesVnet-> "Peerings," ensure the status ofCoreServicesVnet-to-ManufacturingVnetisConnected. Refresh if needed.Go to
ManufacturingVnet-> "Peerings," and ensure the status ofManufacturingVnet-to-CoreServicesVnetisConnected. Refresh if needed.
Task 5: Test Connectivity (PowerShell) - (5 minutes)
Get CoreServicesVM Private IP:
Go to the
CoreServicesVMresource.On the "Overview" blade, note the
Private IP address.
Run Command on ManufacturingVM:
Go to the
ManufacturingVMresource.Under "Operations," select "Run command."
Choose "RunPowerShellScript."
Enter the following command, replacing
<CoreServicesVM private IP address>with the actual IP:PowerShell
Test-NetConnection <CoreServicesVM private IP address> -port 3389Click "Run."
Observe Results: The command will take a few minutes. This time, the
TcpTestSucceededresult should beTrue, indicating successful connectivity over the VNet peering.
Task 6: Create a Custom Route
Add Perimeter Subnet:
Go to
CoreServicesVnet.Under "Settings," select "Subnets."
Click "+ Subnet."
Name:
perimeterSubnet address range:
10.0.1.0/24Click "Save."
Create Route Table:
Search for and select "Route tables" and click "Create."
Name:
rt-CoreServicesPropagate gateway routes:
No
Create Route:
In the route table (
rt-CoreServices), under "Settings," select "Routes." and click "+ Add."Route name:
PerimetertoCoreDestination type:
IP AddressesDestination IP addresses/CIDR ranges:
10.0.0.0/16(This is theCoreServicesVnetaddress space)Next hop type:
Virtual applianceNext hop address:
10.0.1.7(This is a placeholder for a future NVA's IP address)
Associate Route with Subnet:
In the route table (
rt-CoreServices), under "Settings," select "Subnets."Click "+ Associate."
Virtual network:
CoreServicesVnetSubnet:
Core
Click "OK."
