The Fuerte Files 👽

Hub and Spoke Architecture in Azure

Photo by Ewa Stepkowska on Unsplash

Hub and Spoke Architecture in Azure

🔨Architect the time it takes🔨

Alex Hernandez's photo
Alex Hernandez
·

2 min read

Hub and Spoke

1. Deploying 2 Virtual Networks with 2 Subnets Each

I have a Bicep file I made a while back for deploying a virtual network, and I've modified it to deploy 2 subnets with the virtual network.

I deployed the file twice and filled in the values each time to get the following results:

  • vnet-alpha (Deployment 1)

    • Address space: 10.0.0.0/16

    • Location: East US

    • Subnets

      • subnet-a

        • 10.0.1.0/24

      • subnet-b

        • 10.0.2.0/24

  • vnet-beta (Deployment 2)

    • Address space: 192.168.0.0/16

    • Location: West US

    • Subnets

      • subnet-c

        • 192.168.1.0/24

      • subnet-d

        • 192.168.2.0/24

VNet Alpha serves as our hub, while the other virtual network will be our spoke. We will add a virtual machine to each VNet (you could add one in each subnet too), but first we should create our virtual network peering.

Here is the Bicep file I wrote to deploy the virtual networks and subnets:

@description('VNet Location')
param vnetLocation string

@description('VNet address prefix')
param vnetAddressPrefix string

@description('Subnet 1 address prefix')
param subnet01AddressPrefix string

@description('Subnet 2 address prefix')
param subnet02AddressPrefix string

@description('Subnet 1 name')
param subnet01name string

@description('Subnet 2 name')
param subnet02name string

@description('Virtual network name')
param vnetName string

resource virtualNetwork 'Microsoft.Network/virtualNetworks@2022-01-01' = {
  name: vnetName
  location: vnetLocation
  properties: {
    addressSpace: {
      addressPrefixes: [
        vnetAddressPrefix
      ]
    }

    subnets: [
      {
        name: subnet01name
        properties: {
          addressPrefix: subnet01AddressPrefix
        }
      }
      {
        name: subnet02name
        properties: {
          addressPrefix: subnet02AddressPrefix
        }
      }
    ]
  }

  resource subnet01 'subnets' existing = {
    name: subnet01name
  }

  resource subnet02 'subnets' existing = {
    name: subnet02name
  }
}

output subnet01ResourceId string = virtualNetwork::subnet01.id
output subnet02ResourceId string = virtualNetwork::subnet02.id

2. Create the VMs and the Virtual Network Peering

Create at least 2 virtual machines - one in each virtual network.

You could opt for a VPN Gateway, but that would require a bit more set up than necessary, and introduces some bandwidth restrictions. Creating a peered connection between our two VNets is easy.

image.png

In VNet Alpha, I added a peering connection to VNet Beta which will allow the two networks to communicate.

If you deploy the VMs before adding the peering connection, you will notice that the two VMs cannot ping each other. If you add the peering connection and restart the two VMs, you find that they can now communicate, and your hub and spoke is ready!

Now my pings from a VM on VNet Beta to a VM on VNet Alpha are going through:

image.png

And vice versa:

image.png

To add more spokes (VNets), you only need to make sure those VNets are peered with the hub.

🔨

AzureCloud#IaCARMMicrosoft