In this new 360 in 360 video I walk through Azure Virtual Network peering including enabling peers to talk to each other, enabling connectivity to other connected networks and key permission considerations.
90% of my azure knowledge comes from Savill's videos - I'm a big fan. Every video has the perfect balance between knowledge content and length of video - i.e. the concept reaches my brain before my ADHD takes me to my next task. He has a way of explaining that just just resonates with my learning style!
After i watch his videos I look at the Microsoft docs and think " can Microsoft make this dude the head of their azure doc dept. He does a way better job at explaining how things actually work and not just big marketing terms thrown around or half ass examples that are not helpful".
John, I've been watching your videos for few months. Really impressed by your knowledge and efforts! Appreciate it so much, please keep on the good stuff! We are expanding our Azure presence and you videos are super helpful. BTW, this is my first comment ever on youtube :-)
That’s awesome to hear and I’m honored to be your first comment! I’m about to launch a free azure master class on the channel so hopefully that will help! Good luck!
This is very crisp and clear. I always learn a lot from your videos. I am a great fan of your Azure courses on Pluralsight learning portal too. Thanks!
I have watched many of your excellent Pluralsight courses but I must say that I somehow prefer the style of your videos on RU-vid where you make use of the electronic whiteboard. I think that it gives the video a more natural and interactive flow as opposed to the staleness of the Powerpoint presentation. Personally, I find you are a really good teacher, I have learned a lot through your courses and videos. Thank you very much.
Great video. Well explained. Make sure when testing ICMP is enabled in the firewall. I was testing and for about 10 mins I was trying to work out why pinging the destination server was not working still. DOH! As soon as I enabled all started working. I have been following John for years. Even is the day with nt4faq. Also watch all your videos on Pluralsight. 👍
Nice video thanks John useful video. Keep up the good work :) AZ-700 now for me but 305 after. Looking forward to watching more of these RU-vid vids as well as your content for 304 on Pluralsight
I wanted to let you know that the URL in your video is missing an 'L" but love your content and been following your Azure journey thank you and please continue to make these great videos
Wow, this video made me understand so much more in 10 minutes than an hour reading the documentations. Say I have a hub and spoke architecture, I have one spoke with Data Factory connected to an Azure VM and the other spoke with a database I want to connect to connected to the VNet via a private endpoint, If I allow traffic forwarding at every peering, do I need to setup anything else so that my VM can connect to the latter spoke?
Yes. As I said it’s not transitive. You would need something in the hub to do the forwarding. My azure firewall deep dive video and my az700 go into detail on this
Hi John, great video as usual. I have a question please; If I have two vnets that are peered and a VM in a subnet in each, and each VM has both a vNIC with an internal IP and a Public IP. If I RDP from VM1 to VM2, by default which connection would it use? The internal IP allocated from the subnet over the peering to the other internal IP, or would it use the PIP-PIP communication? Thank you.
TY. Do you see a use case for hub-spoke model for adding a DC (AD DS) in cloud? . We are looking to move on-premises workloads to the cloud and perhaps hub a viable setup for extending AD DS to cloud along with added security layer perhaps NSG - PIM or Bastion . just curious what are some customers typical setup
Excellent video explanation Do have one question, if one was trying to get az VM to the local home network. What service would one get? Considering having something like a OpenVpn Already configured for home. Furthermore according to cost would it be worth having it?
not fully understanding the question. peering is only between vnets in azure. if you want to connect a vnet to on-premises in a non enterprise way then you could use a site-to-site VPN or if it was just from one Azure Vm to on-premises you could use a point-to-site but would need to be careful of the routing to not disconnect you.
You still need peering to connect the networks then can have nva in hub to enable transitive spoke communication and other services. Nvas can not connect to multiple vnets
In a hub-spoke scenario, using either gateway or firewall in the hub with gateway transit enabled, is it required that the spokes don’t have any overlapping IP spaces with each other? If that’s not required, then how can the traffic flow from one spoke to another if the source and destination IPs happen to be the same?
Hello Johan, It's really very informative. I have a query. Consider there is one HUB and 3 spoke VNets. What can we do to block the traffic from Spoke1 on Spoke2?
Hi John, under what circumstances would I need to create NSGs between peered VNETs? If I enable the web service on a VM in the first VNet without having an NSG allowing inbound HTTP, would another VM in a peered VNet be able to access that web service?
peered vnets become part of virtual network for rules so should have unrestricted access but you may want to actually restrict certain flows where you would use NSG.
Trying to connect /peer Hub in US east to tokyo region .Do we need to have express route premium as Tokyo is out of the geopolitical boundary? Also can we connect the same without express route if we have site-site VPN in both regions (US east and Japan. Thanks.
This is nothing to do with expressroute if you just want to connect the two vnets with private peering. You can use gateway transit across regions if you want to use expressroute gateway of the hub. I’m not understanding your vpn question, sorry.
@@NTFAQGuy Thanks for the response John. I enjoy all your vedios .very informative. VPN question is not that much of a relevance. My requirement is to peer HUB in US-east and Hub in Tokyo so that spokes in US east can reach to Tokyo spokes and vice-versa. We have decided to get ER in both regions, the question is for the above functionality do we need ER premium or standard is good enough.?
Great explanation John. It helps in my confusion of az-303 exam prep. Could you also explain when to use VPN Gateway or Sub gateway, how is it different from VPN peering? Not sure if you already covered in some other videos - if yes - could you share link please?
hello, suppose I have a Vnet A peered to Vnet B. On the other hand NSG rule on Vnet A has outbound denied to Vnet B. Would the connection still work? Does Peering ( on MS Backbone ) override my NSG rules? thanks
Hi John, thanks for this video. After peering two vnets successfully I'm still not able to call services by private IPs from an AKS to the other. Even if I try to call it from an ExternalName service where the name is resolved by an azure DNS. This works only with the public IP of the other Aks LB. Which are the further pernissions I should need after the peering is made? Maybe something about the firewall? Thanks!
AKS has different network models and DNS options. I would check you have common DNS resolution using the internal names (e.g. same private DNS zone) and make sure are using internal load balancers for the services.
@@NTFAQGuy could you please suggest me some docs or video dedicated to this? The use-case is to call an aks service by private network from another aks service on a second vnet
site to site VPN connects over encrypted tunnel and is throttled based on the capability of the VPN gateway. peering runs as raw performance of the VMs. Covered in detail in the networking module of azure master class.