Query on mandated vnet peering when using internal IPs in backend pools

Mease, Darren Thomas 86 Reputation points


In the component basics section of documentation [1], it notes "If you use internal IPs as backend pool members, you must use virtual network peering or a VPN gateway. Virtual network peering is supported and beneficial for load-balancing traffic in other virtual networks.
In the Terraform Quickstart example [2], however, in the main.tf example, the private IP in the backend subnet is in a subnet that is in the same Virtual Network as the AG front end subnet, and no peering is used.

So, is peering mandated, or simply recommended/best practise?

Many thanks,

[1] https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-components
[2] https://learn.microsoft.com/en-us/azure/developer/terraform/deploy-application-gateway-v2?toc=%2Fazure%2Fapplication-gateway%2Ftoc.json&bc=%2Fazure%2Fapplication-gateway%2Fbreadcrumb%2Ftoc.json

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
948 questions
0 comments No comments
{count} votes

Accepted answer
  1. Rafael da Rocha 5,076 Reputation points

    From my understanding, the "Internal IPs" mentioned in the documentation refers to the following:

    (...)As a result, the members of the backend pools can be across clusters, across datacenters, or outside Azure, as long as there's IP connectivity.(...)

    If the backend pool is in the same VNet, no need.

0 additional answers

Sort by: Most helpful