Exercise - Design and implement IP addressing for Azure virtual networks
Now, you're ready to create and deploy some virtual networks with the IP addresses based on your design.
In this unit, you deploy three virtual networks and subnets to support resources in those virtual networks.
Note
This exercise is optional. If you want to complete this exercise, you'll need to create an Azure subscription before you begin. If you don't have an Azure account or you don't want to create one at this time, you can read through the instructions so you understand the information that's being presented.
Note
You need to use a resource group to complete the steps in this exercise. You can use a resource group that you already created, or you can create a new resource group specifically for this exercise. If you choose to create a new resource group, that will make it easier to clean up any resources that you create as you complete the exercise. If you don't have an existing resource group or you want to create a new one specifically for this exercise, you can follow the steps in Use the Azure portal and Azure Resource Manager to manage resource groups to create a resource group by using the Azure portal, or you can follow the steps in Manage Azure resource groups by using Azure CLI to create a resource group by using the the Azure CLI.
Note
Throughout this exercise, replace myResourceGroupName in the examples with the name of an existing resource group, or the name of the resource group that you created for this exercise.
The CoreServicesVnet virtual network is deployed in the US West region. This virtual network has the largest number of resources. It has connectivity to on-premises networks through a VPN connection. This network has web services, databases, and other systems that are key to business operations. Shared services, such as domain controllers and Domain Name System (DNS), are located here as well. A large amount of growth is anticipated, so a large address space is necessary for this virtual network.
The ManufacturingVnet virtual network is deployed in the North Europe region, near the location of your organization's manufacturing facilities. This virtual network contains systems for the manufacturing facilities' operations. The organization is anticipating a large number of internal connected devices from which their systems retrieve data (such as temperature) and need an IP address space for expansion.
The ResearchVnet virtual network is deployed in the West India region, near the location of the organization's research and development team that uses this virtual network. The team has a small, stable set of resources with no expectation of future growth. The team needs a few IP addresses for a few virtual machines for their work.
You create the following resources:
| Virtual network | Region | Virtual network address space | Subnet | Subnet address space |
|---|---|---|---|---|
| CoreServicesVnet | West US | 10.20.0.0/16 | - | - |
| GatewaySubnet | 10.20.0.0/27 | |||
| SharedServicesSubnet | 10.20.10.0/24 | |||
| DatabaseSubnet | 10.20.20.0/24 | |||
| PublicWebServiceSubnet | 10.20.30.0/24 | |||
| ManufacturingVnet | North Europe | 10.30.0.0/16 | - | - |
| ManufacturingSystemSubnet | 10.30.10.0/24 | |||
| SensorSubnet1 | 10.30.20.0/24 | |||
| SensorSubnet2 | 10.30.21.0/24 | |||
| SensorSubnet3 | 10.30.22.0/24 | |||
| ResearchVnet | West India | 10.40.40.0/24 | - | - |
| ResearchSystemSubnet | 10.40.40.0/24 | |||
These virtual networks and subnets are structured in a way that accommodates existing resources, yet allows for projected growth. To lay the foundation for our networking infrastructure, let's create these virtual networks and subnets.
Create the CoreServicesVnet virtual network
In Azure Cloud Shell, run the following command to create the CoreServicesVnet virtual network:
az network vnet create \ --resource-group "myResourceGroupName" \ --name CoreServicesVnet \ --address-prefixes 10.20.0.0/16 \ --location westusNote
Replace myResourceGroupName with the name of your resource group.
Now, let's create the subnets that we need for the planned resources in the virtual network:
az network vnet subnet create \ --resource-group "myResourceGroupName" \ --vnet-name CoreServicesVnet \ --name GatewaySubnet \ --address-prefixes 10.20.0.0/27 az network vnet subnet create \ --resource-group "myResourceGroupName" \ --vnet-name CoreServicesVnet \ --name SharedServicesSubnet \ --address-prefixes 10.20.10.0/24 az network vnet subnet create \ --resource-group "myResourceGroupName" \ --vnet-name CoreServicesVnet \ --name DatabaseSubnet \ --address-prefixes 10.20.20.0/24 az network vnet subnet create \ --resource-group "myResourceGroupName" \ --vnet-name CoreServicesVnet \ --name PublicWebServiceSubnet \ --address-prefixes 10.20.30.0/24Let's take a look at the resources created. Run this command to show all the subnets that we configured:
az network vnet subnet list \ --resource-group "myResourceGroupName" \ --vnet-name CoreServicesVnet \ --output tableYou should see the following subnets listed:
AddressPrefix Name PrivateEndpointNetworkPolicies PrivateLinkServiceNetworkPolicies ProvisioningState ResourceGroup --------------- ---------------------- -------------------------------- ----------------------------------- ------------------- ------------------------------------------- 10.20.0.0/27 GatewaySubnet Enabled Enabled Succeeded myResourceGroupName 10.20.10.0/24 SharedServicesSubnet Enabled Enabled Succeeded myResourceGroupName 10.20.20.0/24 DatabaseSubnet Enabled Enabled Succeeded myResourceGroupName 10.20.30.0/24 PublicWebServiceSubnet Enabled Enabled Succeeded myResourceGroupName
Create the ManufacturingVnet virtual network
In Cloud Shell, run the following command to create the ManufacturingVnet virtual network:
az network vnet create \ --resource-group "myResourceGroupName" \ --name ManufacturingVnet \ --address-prefixes 10.30.0.0/16 \ --location northeuropeNow, let's create the subnets that we need for the planned resources in the virtual network:
az network vnet subnet create \ --resource-group "myResourceGroupName" \ --vnet-name ManufacturingVnet \ --name ManufacturingSystemSubnet \ --address-prefixes 10.30.10.0/24 az network vnet subnet create \ --resource-group "myResourceGroupName" \ --vnet-name ManufacturingVnet \ --name SensorSubnet1 \ --address-prefixes 10.30.20.0/24 az network vnet subnet create \ --resource-group "myResourceGroupName" \ --vnet-name ManufacturingVnet \ --name SensorSubnet2 \ --address-prefixes 10.30.21.0/24 az network vnet subnet create \ --resource-group "myResourceGroupName" \ --vnet-name ManufacturingVnet \ --name SensorSubnet3 \ --address-prefixes 10.30.22.0/24Let's take a look at the resources created. Run this command to show all the subnets that we configured:
az network vnet subnet list \ --resource-group "myResourceGroupName" \ --vnet-name ManufacturingVnet \ --output tableYou should see the following subnets listed:
AddressPrefix Name PrivateEndpointNetworkPolicies PrivateLinkServiceNetworkPolicies ProvisioningState ResourceGroup --------------- ------------------------- -------------------------------- ----------------------------------- ------------------- ------------------------------------------- 10.30.10.0/24 ManufacturingSystemSubnet Enabled Enabled Succeeded myResourceGroupName 10.30.20.0/24 SensorSubnet1 Enabled Enabled Succeeded myResourceGroupName 10.30.21.0/24 SensorSubnet2 Enabled Enabled Succeeded myResourceGroupName 10.30.22.0/24 SensorSubnet3 Enabled Enabled Succeeded myResourceGroupName
Create the ResearchVnet virtual network
In Cloud Shell, run the following command to create the ResearchVnet virtual network:
az network vnet create \ --resource-group "myResourceGroupName" \ --name ResearchVnet \ --address-prefixes 10.40.40.0/24 \ --location westindiaNow, let's create the subnets that we need for the planned resources in the virtual network:
az network vnet subnet create \ --resource-group "myResourceGroupName" \ --vnet-name ResearchVnet \ --name ResearchSystemSubnet \ --address-prefixes 10.40.40.0/24Let's take a look at the final virtual network. Run this command to show all the subnets that we configured:
az network vnet subnet list \ --resource-group "myResourceGroupName" \ --vnet-name ResearchVnet \ --output tableYou should see the following subnets listed:
AddressPrefix Name PrivateEndpointNetworkPolicies PrivateLinkServiceNetworkPolicies ProvisioningState ResourceGroup --------------- -------------------- -------------------------------- ----------------------------------- ------------------- ------------------------------------------- 10.40.40.0/24 ResearchSystemSubnet Enabled Enabled Succeeded myResourceGroupName
With the virtual networks and subnets created, you have the infrastructure on which you can deploy resources.
You can further integrate these networks through virtual network peering and through Azure VPN Gateway to connect to on-premises networks. You can use network security groups to filter traffic and control access within and between virtual networks.