| title | description | services | documentationcenter | author | tags | ms.assetid | ms.service | ms.devlang | ms.topic | ms.tgt_pltfrm | ms.workload | ms.date | ms.author | ms.custom |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Connect virtual networks with VNet peering - Azure CLI |
In this article, you learn how to connect virtual networks with virtual network peering, using the Azure CLI. |
virtual-network |
virtual-network |
mbender-ms |
azure-resource-manager |
virtual-network |
azurecli |
how-to |
virtual-network |
infrastructure |
03/13/2018 |
mbender |
devx-track-azurecli |
You can connect virtual networks to each other with virtual network peering. Once virtual networks are peered, resources in both virtual networks are able to communicate with each other, with the same latency and bandwidth as if the resources were in the same virtual network. In this article, you learn how to:
- Create two virtual networks
- Connect two virtual networks with a virtual network peering
- Deploy a virtual machine (VM) into each virtual network
- Communicate between VMs
[!INCLUDE quickstarts-free-trial-note]
[!INCLUDE azure-cli-prepare-your-environment.md]
- This article requires version 2.0.28 or later of the Azure CLI. If using Azure Cloud Shell, the latest version is already installed.
Before creating a virtual network, you have to create a resource group for the virtual network, and all other resources created in this article. Create a resource group with az group create. The following example creates a resource group named myResourceGroup in the eastus location.
az group create --name myResourceGroup --location eastus
Create a virtual network with az network vnet create. The following example creates a virtual network named myVirtualNetwork1 with the address prefix 10.0.0.0/16.
az network vnet create \
--name myVirtualNetwork1 \
--resource-group myResourceGroup \
--address-prefixes 10.0.0.0/16 \
--subnet-name Subnet1 \
--subnet-prefix 10.0.0.0/24
Create a virtual network named myVirtualNetwork2 with the address prefix 10.1.0.0/16:
az network vnet create \
--name myVirtualNetwork2 \
--resource-group myResourceGroup \
--address-prefixes 10.1.0.0/16 \
--subnet-name Subnet1 \
--subnet-prefix 10.1.0.0/24
Peerings are established between virtual network IDs, so you must first get the ID of each virtual network with az network vnet show and store the ID in a variable.
# Get the id for myVirtualNetwork1.
vNet1Id=$(az network vnet show \
--resource-group myResourceGroup \
--name myVirtualNetwork1 \
--query id --out tsv)
# Get the id for myVirtualNetwork2.
vNet2Id=$(az network vnet show \
--resource-group myResourceGroup \
--name myVirtualNetwork2 \
--query id \
--out tsv)
Create a peering from myVirtualNetwork1 to myVirtualNetwork2 with az network vnet peering create. If the --allow-vnet-access parameter is not specified, a peering is established, but no communication can flow through it.
az network vnet peering create \
--name myVirtualNetwork1-myVirtualNetwork2 \
--resource-group myResourceGroup \
--vnet-name myVirtualNetwork1 \
--remote-vnet $vNet2Id \
--allow-vnet-access
In the output returned after the previous command executes, you see that the peeringState is Initiated. The peering remains in the Initiated state until you create the peering from myVirtualNetwork2 to myVirtualNetwork1. Create a peering from myVirtualNetwork2 to myVirtualNetwork1.
az network vnet peering create \
--name myVirtualNetwork2-myVirtualNetwork1 \
--resource-group myResourceGroup \
--vnet-name myVirtualNetwork2 \
--remote-vnet $vNet1Id \
--allow-vnet-access
In the output returned after the previous command executes, you see that the peeringState is Connected. Azure also changed the peering state of the myVirtualNetwork1-myVirtualNetwork2 peering to Connected. Confirm that the peering state for the myVirtualNetwork1-myVirtualNetwork2 peering changed to Connected with az network vnet peering show.
az network vnet peering show \
--name myVirtualNetwork1-myVirtualNetwork2 \
--resource-group myResourceGroup \
--vnet-name myVirtualNetwork1 \
--query peeringState
Resources in one virtual network cannot communicate with resources in the other virtual network until the peeringState for the peerings in both virtual networks is Connected.
Create a VM in each virtual network so that you can communicate between them in a later step.
Create a VM with az vm create. The following example creates a VM named myVm1 in the myVirtualNetwork1 virtual network. If SSH keys do not already exist in a default key location, the command creates them. To use a specific set of keys, use the --ssh-key-value option. The --no-wait option creates the VM in the background, so you can continue to the next step.
az vm create \
--resource-group myResourceGroup \
--name myVm1 \
--image UbuntuLTS \
--vnet-name myVirtualNetwork1 \
--subnet Subnet1 \
--generate-ssh-keys \
--no-wait
Create a VM in the myVirtualNetwork2 virtual network.
az vm create \
--resource-group myResourceGroup \
--name myVm2 \
--image UbuntuLTS \
--vnet-name myVirtualNetwork2 \
--subnet Subnet1 \
--generate-ssh-keys
The VM takes a few minutes to create. After the VM is created, the Azure CLI shows information similar to the following example:
{
"fqdns": "",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachines/myVm2",
"location": "eastus",
"macAddress": "00-0D-3A-23-9A-49",
"powerState": "VM running",
"privateIpAddress": "10.1.0.4",
"publicIpAddress": "13.90.242.231",
"resourceGroup": "myResourceGroup"
}
Take note of the publicIpAddress. This address is used to access the VM from the internet in a later step.
[!INCLUDE ephemeral-ip-note.md]
Use the following command to create an SSH session with the myVm2 VM. Replace <publicIpAddress> with the public IP address of your VM. In the previous example, the public IP address is 13.90.242.231.
ssh <publicIpAddress>Ping the VM in myVirtualNetwork1.
ping 10.0.0.4 -c 4You receive four replies.
Close the SSH session to the myVm2 VM.
When no longer needed, use az group delete to remove the resource group and all of the resources it contains.
az group delete --name myResourceGroup --yes
In this article, you learned how to connect two networks in the same Azure region, with virtual network peering. You can also peer virtual networks in different supported regions and in different Azure subscriptions, as well as create hub and spoke network designs with peering. To learn more about virtual network peering, see Virtual network peering overview and Manage virtual network peerings.
You can connect your own computer to a virtual network through a VPN, and interact with resources in a virtual network, or in peered virtual networks. For reusable scripts to complete many of the tasks covered in the virtual network articles, see script samples.