Migrate existing Virtual Networks to Hub and Spoke Virtual Networks

Cherry 20 Reputation points
2023-03-16T09:40:35.4866667+00:00

Dear Experts,

We have an existing Azure infra environment with VMs running, we would like to migrate the existing VNets to Hub and Spoke topology as part of the Landing zone best practice setup.

May I know how this transformation can be achieved and what kind of backup and restore methodologies I need to adopt for rollback?

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
1,269 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. KapilAnanth-MSFT 11,141 Reputation points Microsoft Employee
    2023-03-16T11:07:08.9633333+00:00

    @Cherry

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    I understand that you would like to know the best practices for migration of your VNets to a Hub Spoke architecture.

    This should be your go to resource : Hub-spoke network topology in Azure

    This depends on the following factors.

    • Do you have a VNet Gateway on the Hub VNet?
    • Do you want the spokes to communicate with each other?

    The only design challenge you might face is that Spoke to Spoke communications via Hub won't work.

    In case you have a VNET Gateway, make sure you enable Gateway Transit in the Peer VNets.

    Wrt downtime, it completely depends on your existing architecture.

    In any case, you have to recreate the peering.

    Please note that deletion or creation of peering does not require a downtime from Platform side

    Case 1 : All the existing VNets that are interconnected via peering

    • In this case, you will be required to first delete the Peerings.
    • Then create a new peering to Hub VNet
    • And configure UDRs for Spoke to Spoke connectivity.
    • This step can be done iteratively, migration one VNet per downtime and and validating the environment
    • Or completely (in case you want all the VNets to talk with each other at all times) , but would require a good downtime window

    Case 2 : There are no existing Peerings.

    • This should be a straight forward configuration.
    • This can be done iteratively and requires little to less downtime.

    Kindly let us know if the above helps or you need further assistance on this issue.

    Thanks,

    Kapil

    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.