3_Creating Hub‐and‐Spoke VNets with Subnets & Gateways - Nirvan-Pandey/Azure_DOC GitHub Wiki

3_1: Overview

The Hub-and-Spoke network topology in Azure is a commonly used architecture for managing and securing network resources efficiently. The Hub acts as a central connectivity point, while the Spokes are virtual networks (VNets) connected to the Hub via VNet peering.

This guide outlines how to create:

  • Hub VNet

  • Spoke VNets

  • Subnets (Including Gateway Subnet)

3_2: Architechture

Below is the network diagram of planned Azure Architecture.

image

3_3: Steps to Create a Hub-and-Spoke Network

1. Create the Hub VNet

1. Go to All Services -->Networking --> Virtual Networks → Click Create

image

  • Region: Select your preferred region(East_US)

  • Subscription & Resource Group: Choose existing(Hub_RG) or create a new one

  • Creating Subnet for Hub.(Hub_VNet)

image

Click Next

2. Security

Keeping all default and click Next

image

3. IP Addresses

  • Choose IP Range.

image

  • Add a Subnet, Click on edit option

image

  • Editing the subnet.

Making space for Gateway subnets to be used. (10.0.0.0/24 has 256 IPs, I have used for Hub subnet 10.0.0.0/25 - Only 128 IP addresses are used)

image

  • Making it Public

By default, the subnet is public. To make it a private subnet, you have to enable the private subnet. Click Save.

image

image

image

4. Tags

Keeping it default and click next.

image

5. Review and create.

image

image

image

6. Hub Vnet and subnet is created.

image

image

7. Creating Gateway Subnet in HUB Vnet.

image

image

Now Hub Vnet has Hub public subnet and Gateway subnet.

image

2. Create the Spoke VNet

Similarly, we will create Spoke Vnet and its subnets.

1. Creating Spoke VNet

image

image

image

image

image

image

image

image

image

image

2. Creating Subnets

  • Application Subnet

While creating VNet, it gives one default subnet which we will delete to make subnets.

image

Alloting 128 IPs for this and making it private.

image

  • Database Subnet

Alloting 64 IPs for this and making it private.

image

  • Web Subnet

Keeping it Public for internet access.

image

  • All Subnets are created.

image

3_4: Conclusion

In this guide, we successfully designed and deployed a Hub-and-Spoke network topology in Azure, ensuring efficient network segmentation and secure connectivity.

  • Hub VNet was created to act as the central point for network traffic, hosting a Gateway Subnet to facilitate secure communication between on-premises and cloud resources.
  • Spoke VNets were established with dedicated subnets for applications, databases, and web services, ensuring controlled access and optimized performance.
  • Private and public subnets were configured based on security needs, restricting or allowing internet access where required.

This architecture enables better traffic management, improved security, and seamless scalability for cloud-based workloads, making it a best-practice approach for enterprise network infrastructure in Azure. 🚀