Back to Main AZ-104 Hub
MS Learn Module 5 Practical

Intersite Connectivity

Connect isolated virtual networks across regions using Azure VNet Peering to establish a secure, global network backbone.

Concept Refresher: By default, resources in two different Virtual Networks cannot communicate, even if they are in the same subscription. VNet Peering routes traffic between them securely through Microsoft's private backbone infrastructure. Important: The IP address spaces of peered VNets must never overlap!

Exercise 1: Create a Spoke Virtual Network

Assuming you already created `Core-VNet` (10.1.0.0/16) in the previous networking module, we now need a second VNet to connect to it.

  1. Sign in to the Azure portal.
  2. In the search bar, type Virtual networks and select it. Click + Create.
  3. Basics Tab: Select your Subscription and Resource Group. Name the VNet Spoke-VNet. Choose a different region than your Core-VNet (e.g., West US).
  4. IP Addresses Tab: You must change the default address space to prevent overlap. Delete the default space and add 10.2.0.0/16.
  5. Add a subnet named Workloads with the address range 10.2.0.0/24.
  6. Click Review + create, wait for validation, and click Create.

Exercise 2: Configure Global VNet Peering

We will now link the Core-VNet in the East US to the Spoke-VNet in the West US.

  1. Navigate to your existing Core-VNet resource.
  2. On the left-hand menu, under Settings, select Peerings.
  3. Click + Add.
  4. Under This virtual network:
    • Peering link name: Core-to-Spoke
    • Traffic to remote virtual network: Allow
    • Traffic forwarded from remote virtual network: Block (unless acting as a hub router)
  5. Under Remote virtual network:
    • Peering link name: Spoke-to-Core
    • Virtual network: Select your Spoke-VNet from the dropdown.
    • Traffic to remote virtual network: Allow
  6. Click Add. Azure automatically provisions the peering connection in both directions simultaneously.

Exercise 3: Verify the Peering Connection

Ensure the connection successfully established and understand how to test it.

  1. Wait approximately 1-2 minutes after clicking Add.
  2. In the Core-VNet Peerings menu, refresh the page. Check the Peering status column. It should read Connected.
  3. Navigate to the Spoke-VNet resource, check its Peerings menu, and verify it also says Connected.
Verification: If you were to deploy a Virtual Machine into Core-VNet (10.1.0.4) and another into Spoke-VNet (10.2.0.4), you could log into one and successfully ping 10.2.0.4 directly over the private IP space.
Follow on LinkedIn