AZ-104 Azure Administrator - Q1: Enable VM communication across VNets without bandwidth limits
Q1] You have two virtual machines, vm1, and vm2, deployed in two different virtual networks, vnet1, and vnet2, in two different Azure regions.
Below are the VNets with other information like their address space and location details.
You need to ensure that vm1 and vm2 can communicate with each other. Which of the following solutions would you implement if you need high bandwidth connectivity without any limits?
Move vnet2 and its dependent resources to East US
Configure a VNet peering connection between vnet1 and vnet2
Deploy a virtual network gateway in either of the networks and establish the connection
Deploy a virtual network gateway in both networks and establish the connection
Explanation:
Short Answer for Revision:
Even the highest available gateway SKU?imposes bandwidth limits which may be restrictive for the higher-sized VMs. Options C and D are incorrect.
A VNet peering link itself doesn't impose any bandwidth restriction. Option B?is the correct answer.
VMs in two virtual networks in the same region and subscription automatically cannot communicate with each other. You still need to connect the underlying VNets. Option A is incorrect.
Detailed Answer:
You can connect the given two virtual networks with VNet peering links. Go to the Peerings section in one of the virtual networks, vnet1, and add a peering connection to the other VNet.
This creates two peering links, one from this network, vnet1, and the other from the remote network, vnet2.
Now, let’s log in to the two VMs deployed in those two virtual networks to test if we can ping each other.
Note: You need to enable ICMP through the Windows firewall on both VMs before you can ping each other with the below PowerShell command.
领英推荐
New-NetFirewallRule –DisplayName "Allow ICMPv4-In" –Protocol ICMPv4
So, option B is one of the possible solutions, but let’s not conclude without testing the other options.
Options C and D talk about connecting the two virtual networks using a VNet-to-VNet connection. This connection type requires deploying a virtual network gateway in each virtual network and connecting the gateways for establishing the connection.
Reference Link: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal
So, option C is incorrect since you need to deploy the gateway in both networks.
To verify if we can get the two VMs to talk to each other by implementing the solution in option D, I already created two virtual network gateways in gateway subnets in the two virtual networks where the VMs are deployed. If you are following along, note that the deployment of each gateway can take more than 20 minutes, depending on the chosen gateway SKU.
Connecting these two gateways ensure that the two VNets will be connected. While creating a connection,
a.????Select the Connection type as VNet-to-VNet
b.???The First virtual network gateway is automatically selected. Choose the Second virtual network gateway.
c.??????Enter any set of password-like characters for the Shared key.
Leave all other defaults and create the connection. Unlike VNet peering, you have to create this connection from the other gateway too. While doing so, ensure to enter the same Shared key, else the connection will not work.
Now, if we log in again to the two VMs, we can verify that the two VMs can ping each other (Refer to the Related lecture video).
Although we can establish network connectivity between the two VMs, the bandwidth of the VNet-to-VNet connection is limited by the gateway SKU.
Even if you choose the highest available SKU, there is a limitation of 10Gbps on the gateway. So, this can be limiting if you use higher-sized VM SKUs whose maximum possible network bandwidth is more than 30 or 40 Gbps.
With VNet peering, the network throughput is limited based on only the virtual machines' permitted bandwidth. Since there is no bandwidth limitation imposed directly by the VNet peering, option B is the correct answer.
GitHub Repo Link: Enable VM communication across VNets without bandwidth limits
Knowledge Area: Configure and manage virtual networking
Video Explanation: https://www.youtube.com/watch?v=djQRVamiqL0&t=6031s
This question is part of my Practice Test course: https://ravikirans.com/udemy/test/az-104
Please comment if you would like to see more questions from the AZ-104 exam.