Hub and Spoke Architecture on Azure
Mục Lục
Hub and Spoke Architecture on Azure
The Hub and Spoke network architecture are fairly simple. There is Hub virtual network that acts as a central point connecting many other spoke virtual networks. Spoke virtual networks are used to share isolated workloads.
Below is a typical Hub and Spoke network on Azure:
In this article, we will walk through the steps necessary for a secured Hub and Spoke network interface with user-defined routes.
Step 1: Create 3 Virtual Networks
First set up the HUB virtual network. In this VNet, we will attach a virtual network gateway later.
Secondly, construct the first Spoke virtual network in the same resource group.
Lastly, create the second Spoke virtual network. Make sure none of the VNets are sharing the CIDR address ranges.
Step 2: Create Virtual Network Gateway
Configure the virtual network gateway on Hub VNet. Select the region, resource group, and VNet. Create a new public IP. Rest is set to default.
Step 3: Connect networks via peering
Virtual network peering enables you to connect virtual networks. A VNet peering connection between virtual networks enables you to route traffic between them privately through IPv4 addresses. Here, we are peering both Spoke networks to the Hub. Go to VNet page and select peering on left column > Add peering.
Peering sets up 2 links, one from the present network to destination network and the other from destination network to present network.
For Spoke to hub network, you’ll have to configure both.
In the Spoke network section, select remote virtual networks gateway or Route server. On the same page for the Hub network section select use this virtual network gateways.
Configure this for both Spoke networks just like below:
Step 4: Create User defined routes
User-defined routes let us design custom network routes. We create the route tables and user routes needed for Spoke to Spoke communication.
Search and go to the Route table. Create a new route. Set propagate gateway routes to No. Do this for both Spoke networks.
Now, we define User Route. In the address prefix, insert the default subnet address of Spoke 2 network. In the hop type, select Virtual appliance, and in the hop address insert the internal IP address of the virtual network gateway.
Repeat the steps for Spoke 2 network. Make sure to insert the default subnet address of Spoke 1 network in address prefix.
Now we link these routes to the subnets of Spoke virtual networks. Edit the subnets and select the respective Route table. Click save.
Step 5: Test the connection
To test the connectivity between the Spoke VNets, we will provision windows basic virtual machines and conduct a ping test.
Create a VM in each of the Spoke virtual networks.
Now connect to the Spoke 1 VM via RDP. On the machine, open powershell and run the following command to allow ICMP.
New-NetFirewallRule -DisplayName "Allow ping " -Protocol ICMPv4
Connect and run the same command on the other VM too.
Ping the private IP address of Spoke 1 VM via shell of Spoke 2 VM.
Our VMs are successfully able to communicate now.
Thanks.
![Toni Kroos là ai? [ sự thật về tiểu sử đầy đủ Toni Kroos ]](https://evbn.org/wp-content/uploads/New-Project-6635-1671934592.jpg)
