Introduction to Virtual Network (VNet) Peering in Azure
VNet peering (or virtual network peering) enables you to connect virtual networks. A VNet peering connection between virtual networks enables you to route traffic between them privately through IPv4 addresses. Virtual machines in the peered VNets can communicate with each other as if they are within the same network.
VNet Peering Types
1. Regional VNet Peering — Connecting VNets within the same Azure region.
2. Global VNet Peering — Connecting VNets across Azure regions.
VNet Peering Key points
- Ability for resources in one virtual network to communicate with resources in a different virtual network.
- No public Internet, gateways, or encryption is required in the communication between the virtual networks.
- Network traffic between peered virtual networks is private. Traffic between the virtual networks is kept on the Microsoft backbone network.
- A low-latency, high-bandwidth connection between resources in one virtual network with resources in a different virtual network.
- You can create a peering between two virtual networks. The networks can belong to the same subscription, different deployment models in the same subscription, or different subscriptions.
- Cost and time savings by centralizing services that can be shared by multiple resources residing in different VNet.
- No downtime to resources in either virtual network when creating the peering, or after the peering is created.
VNet Peering Limitations and Constraints
- Virtual Networks peering connection cannot be created between VNets that have matching or overlapping CIDR blocks.
- VNet peering does not support transitive peering relationships.
If A is peered with B, B is peered with C, A is not peered with C.
- Resources in one virtual network can’t communicate with the front-end IP address of a Basic Internal Load Balancer (ILB) in a globally peered virtual network.
- Some services that use a Basic load balancer don’t work over global virtual network peering.
- We can’t add address ranges to, or delete address ranges from a virtual network’s address space once a virtual network is peered with another virtual network.
- There is a nominal charge for ingress and egress traffic that utilizes a virtual network peering.
VNet Peering Use Cases
Virtual network peering can be a great way to enable network connectivity between services that are in different virtual networks. Because it’s easy to implement and deploy, and it works well across regions and subscriptions, virtual network peering should be your first choice when you need to integrate Azure virtual networks.
Peering might not be your best option if you have existing VPN or ExpressRoute connections or services behind Azure Basic Load Balancers that would be accessed from a peered virtual network.
Alternatives to VNet Peering
- VPN Gateways
- ExpressRoute Circuit