多个订阅中的Azure VNET对等
[英]Azure VNET peering in multiple subscription
问题描述
I have 8 Azure subscriptions, and I want all VNET in each subscription to communicate with each other and any one of them act as hub for all so that I may apply firewall all in that with the gateway. 
我有8个Azure订阅,我希望每个订阅中的所有VNET都可以相互通信,并且它们中的任何一个都充当所有集线器的角色,以便我可以在网关中应用防火墙。
All deployment is in same region and same Azure directory. 所有部署都在相同的区域和相同的Azure目录中。
I have created VNET peering between all VNET as it's implicit so it becomes like mess network now. 我已经在所有VNET之间创建了VNET对等关系,因为它是隐式的,因此现在变得像是混乱网络。
Is there any other possible way to do this? 还有其他可能的方法吗?
My main motive is that all VNET communicates with each other and same firewall rules over all subscriptions. 我的主要动机是所有VNET相互通信,并且对所有订阅使用相同的防火墙规则。
1 个解决方案
解决方案1
0 已采纳 2018-08-28 06:27:25
In this case, you can consider creating a hub-spoke-hub-spoke topology, where the first level of spokes also acts as hubs. 在这种情况下,您可以考虑创建一个轮毂辐形,轮毂辐形拓扑,其中第一级辐条也充当轮毂。 The following diagram shows this approach. 下图显示了这种方法。
The hub VNet, and each spoke VNet, can be implemented in different resource groups, and even different subscriptions, as long as they belong to the same Azure Active Directory (Azure AD) tenant in the same Azure region.
VNet peering connection is non-transitive. VNet对等连接是不可传递的。 If you have multiple spokes which needed to take to each other, you can consider using UDR s to force traffic destined to a spoke to be sent to an NVA acting as a router at the hub VNet. 如果您有多个需要相互连接的分支,则可以考虑使用UDR强制将发往分支的流量发送到集线器VNet上充当路由器的NVA。 This will allow the spokes to connect with each other. 这将使辐条彼此连接。 Also, you can use UDRs in the spoke to forward traffic to the hub with allow forwarded traffic enabled. 此外,您可以在启用允许转发流量的情况下 ,使用辐条中的UDR将流量转发到集线器。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.