Configure Azure Virtual Network Peering for Hub and Spoke Topology

Connectivity between VNet1 and VNet3 through VNet2

Prev Question Next Question

Question

You have an Azure subscription that contains three virtual networks named VNet1, VNet2, and VNet3. VNet2 contains a virtual appliance named VM2 that operates as a router.

You are configuring the virtual networks in a hub and spoke topology that uses VNet2 as the hub network.

You plan to configure peering between VNet1 and VNet2 and between VNet2 and VNet3.

You need to provide connectivity between VNet1 and VNet3 through VNet2.

Which two configurations should you perform? Each correct answer presents part of the solution.

NOTE: Each correct selection is worth one point.

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

CE

Allow gateway transit: Check this box if you have a virtual network gateway attached to this virtual network and want to allow traffic from the peered virtual network to flow through the gateway.

The peered virtual network must have the Use remote gateways checkbox checked when setting up the peering from the other virtual network to this virtual network.

https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering#requirements-and-constraints

To provide connectivity between VNet1 and VNet3 through VNet2, you need to configure peering between VNet1 and VNet2, and between VNet2 and VNet3. Additionally, you need to enable certain settings on the peering connections and configure routing.

Here are the two configurations that you should perform:

  1. On the peering connections, allow forwarded traffic: When you configure peering between VNets in Azure, by default, the peered networks can only communicate with each other using their own IP addresses. To enable communication between subnets in different VNets, you need to allow forwarded traffic on the peering connections. To allow forwarded traffic on the peering connections, you can follow these steps:
  • Go to the Azure portal and navigate to the Networking section.
  • Select the virtual network (VNet) that you want to configure peering for (in this case, VNet1 and VNet3).
  • Under Settings, select Peerings.
  • Select the peering connection between VNet1 and VNet2, and between VNet2 and VNet3.
  • Under Settings, toggle the Allow forwarded traffic option to Yes.
  1. Create route tables and assign the table to subnets: To route traffic between VNets in a hub and spoke topology, you need to configure routing. Specifically, you need to create a route table for each spoke VNet (in this case, VNet1 and VNet3), and then configure the route table to send traffic destined for the other spoke VNet (VNet3 and VNet1, respectively) to the hub VNet (VNet2). To create route tables and assign them to subnets, you can follow these steps:
  • Go to the Azure portal and navigate to the Networking section.
  • Select the virtual network (VNet) that you want to configure routing for (in this case, VNet1 and VNet3).
  • Under Settings, select Route tables.
  • Create a new route table for the VNet (e.g., VNet1-Route-Table and VNet3-Route-Table).
  • Add a route to the route table that directs traffic destined for the other spoke VNet (e.g., VNet3 and VNet1, respectively) to the hub VNet (VNet2).
  • Assign the route table to the appropriate subnet in the VNet.

Note that you do not need to create a route table for the hub VNet (VNet2), since it already contains the virtual appliance (VM2) that acts as a router between the VNets.

Therefore, the correct answers are A and D:

  • On the peering connections, allow forwarded traffic.
  • Create route tables and assign the table to subnets.

Prev Question Next Question