Achieving Transitive routing between different region using V-net peering, Global Peering and Virtual Gateway

Sometime early last year Microsoft announced that Global peering is Generally available, that opened lot of possibilities.

One of the requirement that my client want to replace their existing VPN with Global Peering between UK West and UK South without using a Third party appliance to route the traffic.

The existing network looks like this,

FrontEndNetwork & Lab-Vnet are in UK West, DRNetwork is in UK South. Since they are in different region, there is a VPN between FrontEndNetwork and DRNetwork

There are 2 requirements,

  1. To replace VPN with Global Peering
  2. To make sure Lab-Vnet traffic to DRNetwork should be routed through FrontEndNetwork

The network should look like below.

There are few things that we need to achieve this goal.

1.Virtual Gateway subnet for FrontEndNetwork – That is subnet where all the traffic from Lab-Vnet to DRNetwork and viceversa should land.

2. Virtual Network Gateway for FrontEndNetwork – This is the ip address used by Lab-net and DRNetwork

3. Route Table, one for Lab-Vnet and One for DRNetwork

Before the implementation, i want to demonstrate the 2 vms on 2 different network doesn’t communicated with each other. The virtual machines are

  1. TestBackEnd – 192.1.0.4 from DRNetwork
  2. BackupServer – 10.0.0.4 from Lab-Vnet

Implementation,

Along with the 3 steps above, i’d like to show the peering between each network before we start creating other things.

Peering

Lab-vnet to FrontEndNetwork, from Lab-vent virtual network

DRnetwork to FrontEndNetwork from DRNetwork virtual network

Note: I have chosen “Allow Gateway transit” for now, as we don’t have the Virtual Gateway subnet on FrontEndNetwork

FrontEndNetwork to Lab-vent from FrontEndNetwork Virtual network

FrontEndNetwork to DRNetwork from FrontEndNetwork Virtual network

Creation of Virtual Gateway subnet

  • Navigate to the FrontEndNetwork
  • Click Subnets under Settings
  • Click “Gateway Subnet” on the right
  • Fill the details as below. The gateway subnet for my lab is 10.1.1.0/24

Creation of Virtual Network Gateway for FrontEndNetwork

  • Create a new Virtual network and associate to the FrontEndNetwork
Note: I can’t choose FrontEntNetwork because i’ve already created one for that subnet but you should have option to choose the V-net, if not check the region to make sure virtual gateway and Vnet are in the same subnet

Creation of Route table

  • Search for Routing Table,
  • Create a new Route Table. I’ve filled the following information,
  • Go to TrafficToDrNetwork Route table, Click Configuration and fill in the following information
Note: i’ve filled the next hop address as 10.1.1.4, this is the gateway subnet address for FrontEndNetwork. Usually Azure assign the 4th address as the gateway address by default.

Assigning Route table to LAB-Vnet and DRNetwork

  1. Navigate to Virtual Network – LAB-Vnet
  2. Click on the subnet that you want to route the traffic to DRNetwork
  3. Click on the RouteTable -> Choose the RouteTable that you have created through steps described above. In my case, Lab-vnet should send 192.1.0.0/24 traffic to 10.1.1.14 (RouteToDR)

Assigning Route table to LAB-Vnet and DRNetwork

  1. Navigate to Virtual Network – DRNetwork
  2. Click on the subnet that you want to route the traffic to Lab-Vent
  3. Click on the RouteTable -> Choose the RouteTable that you have created through steps described above. In my case, Lab-vnet should send 192.1.0.0/24 traffic to 10.1.1.14 (RouteToProd)


Before you start testing, go back to Lab-vnet and DRNetwork, Make sure the peering with FronEndNetwork is “User Remote Gateway” is checked under “Configure remote gateway settings”. You dont have to do anything on FrontEndNetwork peering.

Once you have saved the settings, you should be able to ping. If you run the Tracert you can see that it is going through 10.1.1.4

VJ

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.