Introduction to Virtual Network Peering

Azure Virtual Network (VNet) peering enables you to connect Azure Virtual Networks together, on a one-to-one basis, from any location in Azure. Once VNet peering is established, networks that have peered can communicate with each other as if they were on the same network. The traffic between virtual networks is routed through the Azure backbone infrastructure, and does not traverse the public internet.

Note: Virtual network peering is a relationship between two virtual networks that enables you to connect them. Traffic between the virtual networks is routed through the Azure backbone. It's not a gateway or encryption.

Key Benefits of VNet Peering

Low Latency and High Bandwidth: Traffic between peered VNets stays on the Azure backbone, minimizing latency and maximizing bandwidth.
Seamless Communication: Resources in one VNet can communicate with resources in another VNet as if they were in the same network.
No Downtime: VNet peering can be set up and removed without any downtime for the virtual networks or the resources within them.
Cross-Subscription and Cross-Region: You can peer VNets across different Azure subscriptions and across different Azure regions.
Simplified Network Management: Reduces the need for complex gateway configurations for inter-VNet connectivity.

How VNet Peering Works

When you establish peering between two VNets, you create a link that allows them to communicate privately. This communication is facilitated by the Azure backbone network.

Peer-to-Peer Connection: Each VNet must explicitly be configured to peer with the other. It's not a transitive relationship (e.g., if VNet A is peered with VNet B, and VNet B is peered with VNet C, VNet A cannot communicate with VNet C directly through peering).
Address Space: The address spaces of peered VNets must not overlap. If they do, the peering will fail.
Gateway Transit: You can configure peering to allow a remote VNet to use the VPN gateway of a local VNet for accessing on-premises networks.

Scenarios for VNet Peering

1. Intra-Subscription Peering

Connecting VNets within the same Azure subscription. This is common for segmenting applications or environments (e.g., dev, test, prod) within a single subscription.

2. Global VNet Peering

Connecting VNets across different Azure regions. This is ideal for disaster recovery scenarios, global application deployments, or sharing resources across regions.

3. Cross-Subscription Peering

Connecting VNets that belong to different Azure subscriptions. This is useful for organizations with multiple subscriptions for different departments or projects, enabling them to share network resources.

4. Hub-and-Spoke Network Topology

VNet peering is a fundamental component in implementing a hub-and-spoke network topology. In this model, a central "hub" VNet contains shared services (like firewalls, VPN gateways), and "spoke" VNets are connected to the hub. Spoke VNets can communicate with each other through the hub, enabling centralized control and management.

Considerations for VNet Peering

Address Space Overlap: Ensure that the IP address spaces of peered VNets do not overlap.
Bandwidth and Latency: While VNet peering offers high bandwidth and low latency, always consider the needs of your application.
Firewall Rules: Network Security Groups (NSGs) and Azure Firewall rules still apply to traffic between peered VNets. Ensure they are configured correctly to allow necessary communication.
Transitive Routing: Peering is not transitive. You must configure direct peering between any two VNets that need to communicate.

Important: Before configuring peering, carefully plan your VNet address spaces to avoid overlaps.

Next Steps

Now that you understand the fundamentals of Azure Virtual Network peering, you can proceed to learn how to configure it: