WEBVTT 0:00:02.720000 --> 0:00:07.380000 Hi, welcome to this video on configuring virtual network pairing. 0:00:07.380000 --> 0:00:11.520000 In other videos, I've talked about the architecture and topologies that 0:00:11.520000 --> 0:00:15.360000 you use with Azure Virtual Networking, and now we're going to go into 0:00:15.360000 --> 0:00:19.500000 one way to connect those, and that is Virtual Network pairing. 0:00:19.500000 --> 0:00:23.340000 What we're going to talk about is really what you set up with Virtual 0:00:23.340000 --> 0:00:27.060000 Network pairing, and then I'm going to demonstrate Virtual Network pairing. 0:00:27.060000 --> 0:00:32.160000 So this will be probably, if I'll go as well, one of my shorter videos. 0:00:32.160000 --> 0:00:33.860000 So let's talk about this. 0:00:33.860000 --> 0:00:35.440000 What is Virtual Network pairing? 0:00:35.440000 --> 0:00:39.100000 Well, Virtual Network pairing, of course, is just as a quick reminder 0:00:39.100000 --> 0:00:44.420000 where you connect to Virtual Networks. 0:00:44.420000 --> 0:00:48.060000 All right, and I set up a pairing relationship, and then any of the virtual 0:00:48.060000 --> 0:00:55.480000 machines that are in either of the virtual networks on either side can 0:00:55.480000 --> 0:00:56.900000 communicate with each other. 0:00:56.900000 --> 0:00:59.420000 Pretty standard, pretty basic stuff. 0:00:59.420000 --> 0:01:01.640000 Now, how do you set this up? 0:01:01.640000 --> 0:01:06.900000 What I have here is a nice little screen grab of a virtual network pairing 0:01:06.900000 --> 0:01:09.240000 configuration from the portal. 0:01:09.240000 --> 0:01:12.220000 I think it's a great way to kind of go through what you're going to set 0:01:12.220000 --> 0:01:17.160000 up. Now, you have some fairly standard things that you would set up. 0:01:17.160000 --> 0:01:20.400000 First of all, of course, you have to have a name, you have to have the 0:01:20.400000 --> 0:01:24.440000 Virtual Network deployment model, which is almost always going to be resource 0:01:24.440000 --> 0:01:30.000000 manager. Now, another thing that you have is this I know my resource ID. 0:01:30.000000 --> 0:01:35.180000 Now, when I demonstrate this, when I show you the rest of this interface 0:01:35.180000 --> 0:01:38.720000 and what you can set up, the assumption is that both of these are in the 0:01:38.720000 --> 0:01:39.740000 same subscription. 0:01:39.740000 --> 0:01:43.920000 If you have got both of my Virtual Networks in the same subscription, 0:01:43.920000 --> 0:01:45.740000 then I can just choose them. 0:01:45.740000 --> 0:01:49.680000 Actually, even if I'm going between subscriptions, but as long as they're 0:01:49.680000 --> 0:01:55.680000 within the same default or primary Azure AD tenant that I have access 0:01:55.680000 --> 0:01:57.700000 to, I can just select them. 0:01:57.700000 --> 0:02:02.500000 But if I don't have that for some reason, or if I'm going across subscriptions 0:02:02.500000 --> 0:02:06.360000 in a way that I can't just drop it down, then all I need to do is know 0:02:06.360000 --> 0:02:08.060000 the resource ID of the other side. 0:02:08.060000 --> 0:02:14.840000 What that means is that your pairing relationships can go across subscriptions. 0:02:14.840000 --> 0:02:19.780000 So you're not bound by subscription, you're also not bound by region. 0:02:19.780000 --> 0:02:21.840000 So it's a very flexible approach. 0:02:21.840000 --> 0:02:24.460000 Anyways, those are some key things. 0:02:24.460000 --> 0:02:30.160000 The next things that you would set up are, of course, how you're going 0:02:30.160000 --> 0:02:33.160000 to configure. And there's two key configurations here. 0:02:33.160000 --> 0:02:37.380000 One is whether or not you're going to allow Virtual Network traffic, which 0:02:37.380000 --> 0:02:39.500000 really is just a way of shutting it down. 0:02:39.500000 --> 0:02:48.300000 Now, you'll notice that in this case, both of these, let's go back one, 0:02:48.300000 --> 0:02:53.260000 in this case, both of these are set up. 0:02:53.260000 --> 0:03:01.320000 When you go through the Virtual Network peering wizard, if you will, or 0:03:01.320000 --> 0:03:05.720000 just a little dialog box here, you're actually setting up both peering. 0:03:05.720000 --> 0:03:10.260000 It's the one between the source to the target, but also from the target 0:03:10.260000 --> 0:03:12.900000 to the source. And this is just saying that you're going to allow traffic 0:03:12.900000 --> 0:03:16.320000 across both of those, which is typically what you're going to do. 0:03:16.320000 --> 0:03:21.200000 Next, same idea is whether or not you're going to allow forwarded traffic. 0:03:21.200000 --> 0:03:25.080000 By default, if I have traffic that is forwarded, let's say to the hub, 0:03:25.080000 --> 0:03:30.660000 then it's not going to be forwarded over to the spoke, if I have a hub 0:03:30.660000 --> 0:03:34.320000 and spoke. So in other words, if I were to draw this out just really quickly, 0:03:34.320000 --> 0:03:39.620000 I've got here are three different networks. 0:03:39.620000 --> 0:03:42.040000 I've got connections between them. 0:03:42.040000 --> 0:03:49.180000 And unless I allow this, let's say, then I would not be able to forward 0:03:49.180000 --> 0:03:50.460000 traffic between those. 0:03:50.460000 --> 0:03:52.860000 That's really all that is. 0:03:52.860000 --> 0:03:54.820000 And you only need to do that. 0:03:54.820000 --> 0:03:57.440000 And it's really nice here because it's written out. 0:03:57.440000 --> 0:04:01.380000 So allow forwarded traffic from the remote Virtual Network to hub net. 0:04:01.380000 --> 0:04:05.240000 So if I expect the remote Virtual Network to forward traffic to route 0:04:05.240000 --> 0:04:06.580000 traffic, I would set that. 0:04:06.580000 --> 0:04:11.000000 But typically, you can see kind of because this is hub, that's probably 0:04:11.000000 --> 0:04:13.820000 where I'm going to be forwarding traffic from, I would want to turn that 0:04:13.820000 --> 0:04:17.140000 one on. But you do have that ability to do this separately. 0:04:17.140000 --> 0:04:22.820000 And another very key capability is right down here, which is configure 0:04:22.820000 --> 0:04:24.680000 gateway transit settings. 0:04:24.680000 --> 0:04:28.320000 If you want to allow gateway transit, and that is only going to be applicable, 0:04:28.320000 --> 0:04:35.380000 if you have a VPN gateway established in the primary or in the source 0:04:35.380000 --> 0:04:39.200000 Virtual Network, then you can check that and that will automatically set 0:04:39.200000 --> 0:04:44.400000 up a path that is going to allow traffic that's coming from your connected, 0:04:44.400000 --> 0:04:46.280000 your peer virtual network. 0:04:46.280000 --> 0:04:49.800000 It's going to be able to traverse directly into the other side, typically 0:04:49.800000 --> 0:04:53.520000 the on-prem side of your VPN gateway. 0:04:53.520000 --> 0:04:54.780000 And so those are the settings. 0:04:54.780000 --> 0:04:57.580000 And that may seem a little bit confusing, hopefully not. 0:04:57.580000 --> 0:05:00.640000 But let's go ahead and take a look at this. 0:05:00.640000 --> 0:05:04.940000 All right, I'm going to go in to my demonstration architecture. 0:05:04.940000 --> 0:05:08.900000 And my demonstration architecture, I've got two virtual networks. 0:05:08.900000 --> 0:05:13.380000 I've got one virtual network that just has two Windows servers. 0:05:13.380000 --> 0:05:18.980000 These are just Windows Server 2016, Data Center Edition. 0:05:18.980000 --> 0:05:23.500000 And then I've got the web server, which has a couple of Linux servers 0:05:23.500000 --> 0:05:25.260000 running a very simple web server. 0:05:25.260000 --> 0:05:28.260000 I've got a monitor server, which we're not using here in a router, which 0:05:28.260000 --> 0:05:31.540000 I'm also not using in this example. 0:05:31.540000 --> 0:05:36.900000 All I want to do for this example is to configure that pairing connection 0:05:36.900000 --> 0:05:39.120000 and then to test it out. 0:05:39.120000 --> 0:05:42.200000 Let's go ahead and let's take a look at this. 0:05:42.200000 --> 0:05:54.240000 What I have right here is my Azure Monitor Network Watcher Topology for 0:05:54.240000 --> 0:05:57.640000 these networks. Now it might look like there's a line drawn between those, 0:05:57.640000 --> 0:05:58.900000 but there really isn't. 0:05:58.900000 --> 0:06:01.780000 That's just that they're sharing the same network security group. 0:06:01.780000 --> 0:06:03.860000 So I really have a hard line here. 0:06:03.860000 --> 0:06:09.140000 Over here on the web server, I've got a number of different components 0:06:09.140000 --> 0:06:13.500000 and different subnets, not really critical. 0:06:13.500000 --> 0:06:17.640000 What is critical is that I want to be able to get from this Windows server 0:06:17.640000 --> 0:06:20.860000 or this Windows server over to this web server. 0:06:20.860000 --> 0:06:25.800000 And to do that, I'm going to set up a pairing relationship. 0:06:25.800000 --> 0:06:30.720000 I'm going to go in and it doesn't really matter which side I start from 0:06:30.720000 --> 0:06:33.860000 because I'm going to set them both up at the same time. 0:06:33.860000 --> 0:06:38.380000 I'm going to go to PeeRings and I am going to add a pairing. 0:06:38.380000 --> 0:06:43.140000 I'm going to set up a week, a pairing now it goes from you web server 0:06:43.140000 --> 0:06:45.800000 vnet to the remote virtual vnet. 0:06:45.800000 --> 0:06:51.340000 And this is going to be web to win is what I'm going to call it. 0:06:51.340000 --> 0:06:55.660000 And I'm going to pick a virtual network that I'm going to connect to. 0:06:55.660000 --> 0:07:01.740000 Now I have to give that connection, that pairing connection, a name, and 0:07:01.740000 --> 0:07:04.880000 that'll be win to web. 0:07:04.880000 --> 0:07:07.200000 And I'm just going to configure what do I want. 0:07:07.200000 --> 0:07:11.620000 I'm going to allow virtual network traffic from web server vnet to win 0:07:11.620000 --> 0:07:13.140000 server vnet. Absolutely. 0:07:13.140000 --> 0:07:17.880000 And also virtual network access from win server vnet to web server vnet. 0:07:17.880000 --> 0:07:20.940000 I am not doing anything with for to traffic. 0:07:20.940000 --> 0:07:22.680000 So I don't need to set that up. 0:07:22.680000 --> 0:07:25.420000 But I might end up for being traffic. 0:07:25.420000 --> 0:07:28.960000 And if I do, I know that it's going to come, let's say from web server 0:07:28.960000 --> 0:07:32.000000 vnet into win server vnet. 0:07:32.000000 --> 0:07:34.500000 And I don't have any gateways. 0:07:34.500000 --> 0:07:37.000000 So allowing gateway transit doesn't matter. 0:07:37.000000 --> 0:07:39.340000 And that's all I need to do. 0:07:39.340000 --> 0:07:43.540000 All right. And so that'll take a moment once that's done, then I'm going 0:07:43.540000 --> 0:07:46.360000 to go back and test out connectivity. 0:07:46.360000 --> 0:07:56.460000 All right, it looks like my pierings are connected. 0:07:56.460000 --> 0:08:01.280000 And I can go. So you know, this is appearing from my web server and go 0:08:01.280000 --> 0:08:04.160000 over to my win server. 0:08:04.160000 --> 0:08:06.700000 And I see that is also connected. 0:08:06.700000 --> 0:08:08.160000 So that looks good. 0:08:08.160000 --> 0:08:11.440000 So I'm going to go back to my network watcher. 0:08:11.440000 --> 0:08:13.380000 And let's see if we can connect. 0:08:13.380000 --> 0:08:15.300000 Now we'll do a few things. 0:08:15.300000 --> 0:08:18.880000 I'm going to go to web server one quickly. 0:08:18.880000 --> 0:08:23.080000 And see that it's a private IP address is 10 dot 0 dot 0 dot 5. 0:08:23.080000 --> 0:08:24.840000 In fact, I can even copy that. 0:08:24.840000 --> 0:08:27.300000 I'm not sure I'll be able to keep it in the copy. 0:08:27.300000 --> 0:08:32.500000 Now what I want to do is actually connect over to one of my Windows servers. 0:08:32.500000 --> 0:08:39.200000 Oh, and by the way, if I refresh this, still refresh on the page, it should 0:08:39.200000 --> 0:08:41.640000 now show that connection. 0:08:41.640000 --> 0:08:45.500000 Once I actually pull it up. 0:08:45.500000 --> 0:08:51.660000 All right. So now you can see a line drawn between my two virtual networks. 0:08:51.660000 --> 0:08:53.920000 And that's telling me that that connection is there. 0:08:53.920000 --> 0:08:58.220000 In the meantime, I'm going to pop over to my Windows machine. 0:08:58.220000 --> 0:08:59.800000 And I'm going to connect to that. 0:08:59.800000 --> 0:09:03.040000 I actually set up a bastion. 0:09:03.040000 --> 0:09:10.560000 So I'm going to use that because it's really cool. 0:09:10.560000 --> 0:09:14.720000 Connect up to that. 0:09:14.720000 --> 0:09:18.280000 And that's going to give me a web based interface over to that server. 0:09:18.280000 --> 0:09:20.760000 So now connected to that server. 0:09:20.760000 --> 0:09:35.620000 And want to make sure that I can actually, I think I set and then go ahead 0:09:35.620000 --> 0:09:39.500000 and go into my browser. 0:09:39.500000 --> 0:09:47.400000 It's going to yell at me about the fact that enhanced is not on. 0:09:47.400000 --> 0:10:04.160000 And it's not going to let me as it is every time I do a demo with these 0:10:04.160000 --> 0:10:09.780000 pages. And that is how you set up your peering relationship. 0:10:09.780000 --> 0:10:12.920000 Keep in mind that when you set up a peering relationship, it's really 0:10:12.920000 --> 0:10:15.040000 two peering relationships. 0:10:15.040000 --> 0:10:19.560000 It's just that the portal, for example, makes it a little bit easier because 0:10:19.560000 --> 0:10:21.880000 I can set them both up at the same time. 0:10:21.880000 --> 0:10:23.960000 Also, just keep in mind what the options are. 0:10:23.960000 --> 0:10:26.220000 There's not a whole host of options. 0:10:26.220000 --> 0:10:28.900000 Keep in mind the fact that you can control whether or not traffic is going 0:10:28.900000 --> 0:10:33.940000 through. Little more subtle is that forwarded traffic option and also 0:10:33.940000 --> 0:10:35.120000 the gateway transit.