Christof VG

You don't need to come out of your comfort zone, if automation is in it!

Azure Virtual Datacenter - Part 2 - Virtual Networks

Read time: 5 minutes
Execution time: 10 minutes

Series overview

Introduction

In the previous post, we designed the Azure Virtual Datacenter using the Hub-and-Spoke model. Now, it is time to get our hands dirty and start with the fun part! In this post, we will create the virtual networks that create the base

Azure Networking

In this part we will create the foundation of the Azure Virtual Datacenter, the Virtual Networks. In these Virtual Networks, we will create subnets. These networks are separated network segments with different network addresses within the same Virtual Network “supernet”. Within the same Virtual Network, we don’t need to configure any routing. Software Defined Networking takes care of the routing. We will add User-Defined Routing later, but for now we use the default routing of the Azure software defined networking.

In our demo, we will create a Virtual Network with the prefix 10.1.0.0/16 in which we will create 4 subnets:

  • GatewaySubnet (this name is mandatory): 10.1.0.0/27
  • Internal firewall subnet (trusted): 10.1.0.32/27
  • External firewall subnet (untrusted): 10.1.0.64/27
  • Management Subnet (management): 10.1.0.96/27

Network Security Group

A network security group is also needed to enable public load balancing. It is also made part of the template.

Two spoke Virtual Networks will be created, with a subnet that has the same size as the Virtual Network.

  • spokesubnet: 10.x.0.0/24

An on-premise Virtual Network is created with a Gateway Subnet for the Site-to-Site VPN and a subnet for performing tests.

  • GatewaySubnet: 10.0.0.0/24
  • Onpremsubnet: 10.0.1.0/24

Deployment

We will create the networks using ARM templates. This method is idempotent, so it doesn’t matter how many times you deploy the template, the result will always be the same. Here an overview of what we will deploy in this part:

The templates can be found on my GitHub: https://github.com/christofvg/AzureVDC

To deploy the templates in azure, release pipelines can be used, but for now, PowerShell will be used. Since an Azure Virtual Datacenter Deployment is rather an advanced topic and I assume a brief knowledge on connecting to Azure using PowerShell and selecting the right subscription.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# Login to Azure
Login-AzureRmAccount
# Create the virtual network resource group
New-AzureRmResourceGroup -Name "rg-hub-network" -Location "WestEurope"
# Create the on-premise network resource group
New-AzureRmResourceGroup -Name "rg-onprem-network" -Location "WestEurope"
# Create the spoke 1 network resource group
New-AzureRmResourceGroup -Name "rg-spoke1-network" -Location "WestEurope"
# Create the spoke 2 network resource group
New-AzureRmResourceGroup -Name "rg-spoke2-network" -Location "WestEurope"
# Deploy the hub virtual network
New-AzureRmResourceGroupDeployment -ResourceGroupName "rg-hub-network" `
-TemplateFile <path to the Hub network azuredeploy.json file> `
-TemplateParameterFile <path to the Hub network azuredeploy.parameters.json file> `
-Verbose
# Deploy the on-premise virtual network
New-AzureRmResourceGroupDeployment -ResourceGroupName "rg-hub-network" `
-TemplateFile <path to the Onprem azuredeploy.json file> `
-TemplateParameterFile <path to the Onprem azuredeploy.parameters.json file> `
-Verbose
# Deploy the spoke 1 virtual network
New-AzureRmResourceGroupDeployment -ResourceGroupName "rg-hub-network" `
-TemplateFile <path to the Spoke 1 azuredeploy.json file> `
-TemplateParameterFile <path to the Spoke 1 azuredeploy.parameters.json file> `
-Verbose
# Deploy the Spoke 2 virtual network
New-AzureRmResourceGroupDeployment -ResourceGroupName "rg-hub-network" `
-TemplateFile <path to the Spoke 2 azuredeploy.json file> `
-TemplateParameterFile <path to the Spoke 2 azuredeploy.parameters.json file> `
-Verbose

Conclusion

In this part, we layed the foundation of the lab, which is deployed in minutes. In the next part, we will deploy the firewalls, the load balancers for the firewalls and the management virtual machine for the firewalls.