Redaguoti

Bendrinti naudojant


Create a hub and spoke topology in Azure - Portal

In this article, you learn how to create a hub and spoke network topology with Azure Virtual Network Manager. With this configuration, you select a virtual network to act as a hub and all spoke virtual networks have bi-directional peering with only the hub by default. You also can enable direct connectivity between spoke virtual networks and enable the spoke virtual networks to use the virtual network gateway in the hub.

Prerequisites

Create a network group

This section helps you create a network group containing the virtual networks you're using for the hub-and-spoke network topology.

Note

This how-to guide assumes you created a network manager instance using the quickstart guide.

  1. Browse to the rg-learn-eastus-001 resource group, and select the vnm-learn-eastus-001 network manager instance.

  2. Under Settings, select Network groups. Then select + Create.

    Screenshot of an empty list of network groups and the button for creating a network group.

  3. On the Create a network group pane, then select Create:

    Setting Value
    Name Enter ng-learn-prod-eastus-001.
    Description (Optional) Provide a description about this network group.
    Member type Select Virtual network from the dropdown menu.

    and select Create.

    Screenshot of the pane for creating a network group.

  4. Confirm that the new network group is now listed on the Network groups pane.

    Screenshot of a newly created network group on the pane that list network groups.

Define network group members

Azure Virtual Network manager allows you two methods for adding membership to a network group. You can manually add virtual networks or use Azure Policy to dynamically add virtual networks based on conditions. This how-to covers manually adding membership. For information on defining group membership with Azure Policy, see Define network group membership with Azure Policy.

Manually adding virtual networks

To manually add the desired virtual networks for your Mesh configuration to your Network Group, follow the steps below:

  1. From the list of network groups, select your network group and select Add virtual networks under Manually add members on the network group page.

    Screenshot of add a virtual network.

  2. On the Manually add members page, select all the virtual networks and select Add.

    Screenshot of add virtual networks to network group page.

  3. To review the network group membership manually added, select Group Members on the Network Group page under Settings.

    Screenshot that shows a list of group members.

Create a hub and spoke connectivity configuration

This section guides you through how to create a hub-and-spoke configuration with the network group you created in the previous section.

  1. Select Connectivity configuration from the drop-down menu to begin creating a connectivity configuration.

  2. On the Basics page, enter the following information, and select Next: Topology >.

    Setting Value
    Name Enter a name for this configuration.
    Description Optional Enter a description about what this configuration does.
  3. On the Topology tab, select the Hub and spoke topology.

    Screenshot of Add Topology screen for hub and spoke topology.

  4. Select Delete existing peerings checkbox if you want to remove all previously created virtual network peering between virtual networks in the network group defined in this configuration, and then select Select a hub.

  5. On the Select a hub page, Select a virtual network that acts as the hub virtual network and select Select.

    Screenshot of Select a hub list.

  6. Then select + Add network groups.

  7. On the Add network groups page, select the network groups you want to add to this configuration. Then select Add to save.

  8. The following three options appear next to the network group name under Spoke network groups:

    Screenshot of spoke network groups settings.

    • Direct connectivity: Select Enable peering within network group if you want to establish virtual network peering between virtual networks in the network group of the same region.
    • Global Mesh: Select Enable mesh connectivity across regions if you want to establish virtual network peering for all virtual networks in the network group across regions.
    • Gateway: Select Use hub as a gateway if you have a virtual network gateway in the hub virtual network that you want this network group to use to pass traffic to on-premises.

    Select the settings you want to enable for each network group.

  9. Finally, select Review + Create > Create to create the hub-and-spoke connectivity configuration.

Deploy the hub and spoke configuration

To have this configuration take effect in your environment, you need to deploy the configuration to the regions where your selected virtual networks are created.

  1. Select Deployments under Settings, then select Deploy a configuration.

  2. On the Deploy a configuration page, select the following settings:

    Screenshot of deploy a configuration page.

    Setting Value
    Configurations Select Include connectivity configurations in your goal state .
    Connectivity configurations Select the name of the configuration you created in the previous section.
    Target regions Select all the regions that apply to virtual networks you select for the configuration.
  3. Select Next and then select Deploy to complete the deployment.

  4. The deployment displays in the list for the selected region. The deployment of the configuration can take a few minutes to complete.

    Screenshot of configuration deployment in progress status.

Note

If you're currently using peering and want to manage topology and connectivity with Azure Virtual Network Manager, you can migrate without any downtime to your network. Virtual network manager instances are fully compatible with pre-existing hub and spoke topology deployment using peering. This means that you won't need to delete any existing peered connections between the spokes and the hub as the network manager will automatically detect and manage them.

Confirm configuration deployment

  1. See view applied configuration.

  2. To test direct connectivity between spokes, deploy a virtual machine into each spokes virtual network. Then initiate an ICMP request from one virtual machine to the other.

Next steps