Hi, You can navigate to the virtual machine's NIC and select the effective route to get the routing table of that Virtual Machine. With vnet peering transitive didn't work. That is if vnet A is peered with vnet b and vnet b is peered with vnet c, vnet a and vnet c are not connected.
How do you find the path from one spoke vnet in one hub to a spoke vnet in another?
I am a traditional network guy used to routing tables to identify traffic paths. In Azure I am not clear on how to find a specific traffic path. And I think the design I've walked into may not be optimal. Consider an Azure setup with two hubs and a legacy hub and spokes off the hubs.
VM HostA1 is connected to vNet SpokeA1 which peers with vNet Hub-A.
vNet SpokeA1 peers also with vNet AzureSwitch (think it's a legacy vnet)
Hub-A peers to Hub-B
Hub-A also peers with vNet AzureSwitch
VM HostB1 is connected to vNet Spoke B1 which peers with vNet Hub0B
vNet Spoke B1 also peers with vNet AzureSwitch
If I nMap scan HostB1 from HostA1 I get results. But it's not clear to me if the traffic is going due to the face that each spoke vNet is connected to AzureSwitch. Or is the scan working because the traffic flows SpokeA1 to Hub-A to Hub-B to Spoke B1 and on to HostB1.
How can I verify the traffic flow? If I run a traceroute the response is as if there were no routers between the two hosts.
Maybe there's a tool in Azure that would verify the effective path?
I think they created the two hubs to separate production and development. But it seems to me that could as easily have been done with one hub and letting the Azure firewall restrict the traffic as needed. And thoughts on this bit also apprecaited.
-
msrini-MSFT 9,286 Reputation points Microsoft Employee
2023-01-14T08:48:05.9233333+00:00