Azure VNET peering v/s NSG exception

0
votes

I am new to azure and trying to understand the concept behind VNet peering Infrastructure design diagram

  1. I Have two VM First in East US and another in East Asia

    By the design of AZURE, i should not be able to access any data between these VM as AZURE does not allow communication between two different VNET and to allow the communication, one may use VNET Peering !!, Correct ?

But when i add a firewall exception from VM 1 to VM 2 i am able to access the data OR when i create a VNET Peering the same happens, Can someone please share me the difference of both and what is the requirement of VNET Peering when the same can be achieved by adding firewall exception

1
azurevnet

1 Answers

0
votes

By default when you configure a peering it has full access between vnet's. You can use nsg (network security group) to block specific traffic.

A peering connection means that you are going to have connection between vnet's from private ip, for example vnet-a 10.0.0.0/16 can only access vnet-b 192.168.0.0/16 if it has a peering connection, because those ip's (address space) are privates. When you say firewall exception, you probably configured your private ip in your nsg, it is correct, you must specify your private ip to have access from internet, not your public ip, it is how Azure has designed nsg rules. For a example, your VM's public ip is 201.200.200.15, and private ip is 10.0.0.4, in order to allow this VM to be accesible from internet, you must put your private ip 10.0.0.4 in your nsg rules, not your public ip.

From Azure portal, go to both VM blades and check public and private IP, without a peering connection you won't be able to connect each other using private IP, but using public IP you can without peering.