![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 53%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,167 questions
Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you would like to know the best practices for migration of your VNets to a Hub Spoke architecture.
This should be your go to resource : Hub-spoke network topology in Azure
This depends on the following factors.
- Do you have a VNet Gateway on the Hub VNet?
- Do you want the spokes to communicate with each other?
The only design challenge you might face is that Spoke to Spoke communications via Hub won't work.
- You will be required to either use an Azure Firewall or NVA in the Hub Vnet and send Spoke to Spoke traffic via this.
- This can be achieved by using Route tables
- This should come in handy Using Azure Firewall as a Network Virtual Appliance (NVA)
- Also refer : Communication through NVA
In case you have a VNET Gateway, make sure you enable Gateway Transit in the Peer VNets.
Wrt downtime, it completely depends on your existing architecture.
In any case, you have to recreate the peering.
Please note that deletion or creation of peering does not require a downtime from Platform side
Case 1 : All the existing VNets that are interconnected via peering
- In this case, you will be required to first delete the Peerings.
- Then create a new peering to Hub VNet
- And configure UDRs for Spoke to Spoke connectivity.
- This step can be done iteratively, migration one VNet per downtime and and validating the environment
- Or completely (in case you want all the VNets to talk with each other at all times) , but would require a good downtime window
Case 2 : There are no existing Peerings.
- This should be a straight forward configuration.
- This can be done iteratively and requires little to less downtime.
Kindly let us know if the above helps or you need further assistance on this issue.
Thanks,
Kapil
Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.