Edit

Share via

Quickstart: Create a mesh network topology with Azure Virtual Network Manager - Azure portal

  • Article

Get started with Azure Virtual Network Manager by using the Azure portal to manage connectivity for all your virtual networks.

In this quickstart, you deploy three virtual networks and use Azure Virtual Network Manager to create a mesh network topology. Then you verify that the connectivity configuration was applied.

Diagram of resources deployed for a mesh virtual network topology with Azure virtual network manager.

Prerequisites

Create a Virtual Network Manager instance

Deploy a Virtual Network Manager instance with the defined scope and access that you need. You can create a Virtual Network Manager instance by using the Azure portal, Azure PowerShell, or Azure CLI. This article shows you how to create a Virtual Network Manager instance by using the Azure portal.

  1. Sign in to the Azure portal.

  2. Select + Create a resource and search for Network Manager. Then select Network Manager > Create to begin setting up Virtual Network Manager.

  3. On the Basics tab, enter or select the following information, and then select Review + create.

    Screenshot of basic information for creating a network manager.

    Setting Value
    Subscription Select the subscription where you want to deploy Virtual Network Manager.
    Resource group Select Create new and enter resource-group.
    Name Enter network-manager.
    Region Enter westus2 or a region of your choosing. Virtual Network Manager can manage virtual networks in any region. The selected region is where the Virtual Network Manager instance will be deployed.
    Description (Optional) Provide a description about this Virtual Network Manager instance and the task it's managing.
    Features Select Connectivity and Security Admin from the dropdown list.
    Connectivity enables the creation of a full mesh or hub-and-spoke network topology between virtual networks within the scope.
    Security Admin enables the creation of global network security rules.

  4. Select the Management scope tab or Next: Management scope to continue.

  5. On the Management scope tab, select + Add.

  6. In the Add scopes pane, select the subscription where you want to deploy Virtual Network Manager, and choose Select.

  7. Select Review + create and Create to deploy the Virtual Network Manager instance.

Create virtual networks

Create three virtual networks by using the portal. Each virtual network has a networkType tag that's used for dynamic membership. If you have existing virtual networks for your mesh configuration, add the tags listed in the table to your virtual networks and skip to the next section.

  1. From the Home screen, select + Create a resource and search for Virtual networks. Then select Create to begin configuring a virtual network.

  2. On the Basics tab, enter or select the following information.

    Setting Value
    Subscription Select the subscription where you want to deploy this virtual network.
    Resource group Select resource-group.
    Virtual network name Enter vnet-000.
    Region Select (US) West 2.

  3. Select the IP addresses tab.

  4. On the IP addresses tab, configure the following network address spaces.

    Setting Value
    IPv4 address space 10.0.0.0/16
    Subnet name default
    Subnet address space 10.0.0.0/24

  5. Select the Tags tab. Enter the following tag information and select Review + Create.

    Setting Value
    Name NetworkType
    Value Production
    Resource Select Virtual network.

  6. After your configuration passes validation, select Create to deploy the virtual network.

  7. Repeat the preceding steps to create more virtual networks with the following information:

    Setting Value
    Subscription Select the same subscription that you selected in step 2.
    Resource group Select resource-group.
    Name Enter vnet-01 and vnet-02 for the other virtual networks.
    Region Select (US) West 2.
    vnet-01 IP addresses IPv4 address space: 10.1.0.0/16
    Subnet name: default
    Subnet address space: 10.1.0.0/24
    vnet-01 Tags Name: NetworkType
    Value: Production
    Resource: Virtual network.
    vnet-02 IP addresses IPv4 address space: 10.2.0.0/16
    Subnet name: default
    Subnet address space: 10.2.0.0/24
    vnet-02 Tags Name: NetworkType
    Value: Production
    Resource: Virtual network.

Create a network group

Virtual Network Manager applies configurations to groups of virtual networks by placing them in network groups. To create a network group:

  1. Browse to your resource group, and select the network-manager resource.

  2. Under Settings, select Network groups. Then select + Create.

  3. On the Create a network group pane, then select Create:

    Setting Value
    Name Enter network-group.
    Description (Optional) Provide a description about this network group.
    Member type Select Virtual network from the dropdown menu.

  4. Confirm that the new network group is now listed on the Network groups pane.

Define membership for a connectivity configuration

After you create your network group, you add virtual networks as members. Choose one of the following options for your mesh membership configuration.

Add a membership manually

In this task, you manually add two virtual networks for your mesh configuration to your network group:

  1. From the list of network groups, select network-group. On the network-group pane, under Manually add members, select Add virtual networks.

  2. On the Manually add members pane, select vnet-00 and vnet-01, and then select Add.

  3. On the Network Group pane, select View group members. Confirm vnet-00 and vnet-01 are listed with a Source of Manually added. If no virtual networks are listed, select Refresh.

Create a configuration

Now that you created the network group and updated its membership with virtual networks, you create a mesh network topology configuration. Replace <subscription_id> with your subscription.

  1. Under Settings, select Configurations. Then select Create.

  2. Select Connectivity configuration from the dropdown menu to begin creating a connectivity configuration.

  3. On the Basics tab, enter the following information, and then select Next: Topology.

    Setting Value
    Name Enter connectivity-configuration.
    Description (Optional) Provide a description about this connectivity configuration.

  4. On the Topology tab, select the Mesh topology, and leave the Enable mesh connectivity across regions checkbox unselected. Cross-region connectivity isn't required for this setup, because all the virtual networks are in the same region.

  5. Under Network groups, select Add > Add network group.

  6. On the Add network groups window, select network-group, and then choose Select to add the network group to the configuration.

  7. Select the Visualization tab to view the topology of the configuration. This tab shows a visual representation of the network group that you added to the configuration.

    Screenshot of previewing a topology for network group connectivity configuration.

  8. Select Next: Review + Create > Create to create the configuration.

  9. After the deployment finishes, select Refresh. The new connectivity configuration appears on the Configurations pane.

    Screenshot of a connectivity configuration list.

Deploy the connectivity configuration

To apply your configurations to your environment, you need to commit the configuration by deployment. Deploy the configuration to the (US) West 2 region where the virtual networks are deployed:

  1. Under Settings, select Deployments. Then select Deploy configurations and Connectivity configuration from the dropdown.

  2. On the Deploy a configuration window, select the following settings, and then select Next.

    Setting Value
    Connectivity configurations Select connectivity-configuration under Connectivity - Mesh in the dropdown menu.
    Target regions Select (US) West 2 as the deployment region.

  3. Select Next and Deploy to complete the deployment.

  4. Confirm that the deployment appears in the list for the selected region. The deployment of the configuration can take a few minutes to finish.

    Screenshot of a configuration deployment that shows a status of succeeded.

Verify configuration deployment

Use the Network Manager section for each virtual network to verify that you deployed your configuration:

  1. Go to the vnet-00 virtual network.

  2. Under Settings, select Network Manager.

  3. On the Connectivity Configurations tab, verify that connectivity-configuration appears in the list.

    Screenshot of a connectivity configuration listed for a virtual network.

  4. Repeat the previous steps on vnet-01.

Clean up resources

If you no longer need Azure Virtual Network Manager and the resources in this quickstart, you can remove them by following these steps:

  1. To delete the resource group and all the resources it contains, select resource-group in the Azure portal and select Delete resource group. Confirm that you want to delete by entering resource-group in the text box, and then select Delete.
  2. To delete the Azure Policy assignment, go to the Policy section in the Azure portal, select Assignments, and then select azure-policy. Select Delete to remove the policy definition.
  3. In the Policy section, select Definitions and then select azure-policy. Select Delete to remove the policy definition.

Next steps

Block network traffic with Azure Virtual Network Manager