VNet-VNet example
VNet-VNet connections use VPN gateways to send encrypted traffic between Azure virtual networks. Advantages include:
- Cluster domain name is directly accessible without a NAT.
- VNets from different subscriptions don't need to be associated with the same Active Directory tenant.
Cons include:
- Bandwidth is limited. See the virtual network gateway planning table.
- Configuration is complicated.
- There's an associated cost. See the virtual network gateway planning table.
Example
This example shows how to connect using VNet-VNet connections.
To use this method, you need to create Azure VPN gateways in each connected virtual network.
Note
VPN gateway creation can take up to 45 minutes.
Assume that your cluster is on a subscription called development
and is being accessed from a Linux client VM on another subscription called test
. It has the following properties:
- Cluster:
- Subscription:
development
- Cluster ID:
p-mckwlbakq5
- Account ID:
brcxzr08qr7rbei1
- Organization's domain name:
biganimal.io
- Subscription:
- Linux client VM called
vm-client
:- Subscription:
test
- Resource group:
rg-client
- Virtual network:
vnet-client
- Virtual network subnet:
snet-client
- Subscription:
Prerequisites
To walk through an example in your own environment, you need:
Your cluster URL. You can find the URL in the Connect tab of your cluster instance in the BigAnimal portal.
The IP address of your cluster. You can find the IP address of your cluster using the following command:
A Postgresql client, such as psql, installed on your client VM.
Step 1: Create a VPN gateway for the cluster's virtual network
In the Azure portal, search for
Virtual network gateways
. Locate Virtual network gateways in the search results and select it.On the Virtual network gateways page, select + Create.
On the Create virtual network gateway page, create the VPN gateway for the cluster's resource virtual network
vnet-japaneast
. Name the VPN gatewayvpng-biganimal
.
Note
The VPN gateway creates a dedicated subnet to accommodate its gateway VMs. Ensure that your cluster's virtual network address space has enough IP range for the subnet to prevent errors in the virtual network. For more information, see Add a subnet.
Step 2: Create a VPN gateway for the client VM virtual network
In the same way, create the gateway for your client VM virtual network vnet-client
. Name the client VPN gateway vpng-client
.
Step 3: Add a gateway connection between the two VPN gateways
Use the Azure CLI or PowerShell to add a VPN gateway connection from vpng-biganimal
:
Note
The Azure portal allows you to create VPN gateway connections only between virtual networks belonging to the same subscription.
Get the VPN gateway ID of
vpng-client
.From the BigAnimal subscription:
From the client VM's subscription:
From the BigAnimal subscription, create a connection from
vpng-biganimal
tovpng-client
:Note the value for
--shared-key
. It is a PSK for pairing authentication from both sides needed in the next step.From the client VM's subscription, create another connection from
vpng-client
tovpng-ebdcloud
:
Step 4: Verify the connection
After a few minutes, verify the gateway connection status from either virtual networks with the following command:
Verify the connectivity to the cluster:
- On this page
- Example
Could this page be better? Report a problem or suggest an addition!