For those who have deployed and maintained Hub and Spoke networks in Azure will know that the initial implantation and ongoing management of it can be very laborious as more spoke VNets and corresponding Subnets are added to the topology. Depending on the the routing requirements, maintaining the UDR (User Defined Routing) can further add more work to deploy and manage the configuration. Infrastructure as Code with either Terraform or Bicep helps, but there is still a significant amount of code to write and maintain. I remember working on a project in early 2023 when Azure Virtual Network Manager was still in preview and I made the mistake of asking them if they used the new service even though it was still in preview and the response I received during my presentation was: “We don’t use any preview services for production.” Needless to say I realized I probably shouldn’t have asked that question and that incident somehow stuck in my head.
Fast forward to late March 2023, Microsoft finally GA-ed the product (https://azure.microsoft.com/en-us/updates/general-availability-azure-virtual-network-manager-3/) and I’ve had the opportunity deployed at several environments but found it still lacking because while I can now easily add spokes, automate peering, implement Security admin rules, reduce the amount of Terraform code, there wasn’t a way to manage the UDRs.
Now that we’re in October 2024, Microsoft has released the ability to create UDRs with Azure Virtual Network Manager in public preview (https://learn.microsoft.com/en-us/azure/virtual-network-manager/how-to-create-user-defined-route).
This is certainly exciting news for organizations who have deployed Hub and Spoke networks and still managing the UDRs for either each or a set of subnets.
For this first post, I’d like to share the base Terraform code I use to deploy a Hub and Spoke network that automates peering between the networks and in my next post, I will demonstrated how to configure UDRs into the following topology:
The Terraform code can be found at the follow repo: https://github.com/terenceluk/terraform-azure-virtual-network-manager-hub-spoke/tree/main
Here is an outline of what is deployed:
- One (1) resource group to store all the resources
- One (1) hub virtual network with two (2) subnets
- Two (2) spoke virtual networks with two (2) subnets
- One (1) Azure Virtual Network Manager with the features:
- Connectivity
- Security Admin
- One (1) Network group
- One (1) Azure Policy to dynamically add members to the Network group if the virtual network name contains the word “spoke”
- Create a connectivity configuration for the Virtual Network Manager that will create a Hub and Spoke topology using the virtual networks configured
- Deploy the configuration
A few notes to mention:
- Direct connectivity is disabled (https://learn.microsoft.com/en-us/azure/virtual-network-manager/concept-connectivity-configuration#direct-connectivity)
- Hub as gateway is disabled (https://learn.microsoft.com/en-us/azure/virtual-network-manager/concept-connectivity-configuration#use-hub-as-a-gateway)
- The Azure Policy I created to dynamically add members to the Network group have other options other than the name and the options are:
- Name
- Id
- Tags
- Location
- Subscription Name
- Subscription Id
- Subscription Tags
- Resource Group Name
- Resource Group Id
The following are some screenshots of the UI for the deployment:
Hope this gives a easy to follow walkthrough of using Virtual Network Manager to automate the creation of VNet peerings between Hub and Spokes topologies. New spokes can be easily deployed by adding them to the Network group, which automate the creation of the peering. My next post will demonstrate how to configure UDRs.
