I'm working on an Azure setup that involves four VNETs: Hub, Dev, Prod, and QC. I've got an NVA set up in the hub, and there's peering between each spoke VNET and the hub. Each spoke VNET has a routing table that points to the NVA's IP address for all traffic (using a 0.0.0.0/0 next hop). My question is about routing traffic from the Prod VNET to the QC VNET. Do I need to create a peering connection between the Prod and QC VNets to enable this? If so, what settings should I enable or disable to ensure all traffic is routed through the NVA?
4 Answers
It sounds like you're well on your way! Just a tip — if you're using peering, remember to set it up in a way that routes everything through your hub NVA. Avoid direct peering because then your 0.0.0.0 route might not work as intended. Always check your peering settings as well!
Your configuration looks spot on. Peering between your spokes is a no-go. Keeping it hub-and-spoke ensures that all your traffic routes through the NVA. If you're seeing some hiccups, ensure your NVA firewall is setup correctly to handle this traffic.
No need to worry about peering the spokes! You’ve got the right hub-and-spoke model going on. If you do see any weird behavior, just double-check your route table and make sure the NVA is configured to accept traffic correctly. And keep an eye on that first address of your subnet—it can affect outbound traffic!
You actually don't need to create peering between the Prod and QC VNets with your current setup. The way you've configured it, the traffic will flow through the NVA without needing a direct peering between the spoke VNets. If you were to peer them together, that could bypass the NVA entirely, which you want to avoid.
Related Questions
How To Get Your Domain Unblocked From Facebook
How To Find A String In a Directory of Files Using Linux