none
communication between different subnets in a Vnet? RRS feed

  • Question

  • I created several resource groups with different Vnets with each vnet being a different subnet.

    noticed that vnets cannot overlap with their IP ranges.

    I am wondering how these vnets can communicate with each other,...  ping, RDP- 3389, SQL -1433?

    A)   10.0.1.0/24  vnet-A    US East

    B)   10.0.2.0/24  vnet-B    US East

    Does the NSG rules need to be added to allow communication between these two subnets?

    Is it best just to allow all traffic?

    What happens if a NSG is not used (not associated with the IaaS) for the IaaS in each subnet?

    What if the NSG rules were all deleted ( NSG with no rules ),... what would happen to the communication?



    dsk




    Monday, September 23, 2019 1:11 AM

Answers

  • Unlike On-Premises, communications are allowed between subnets in a VNET by default. If you have 20 subnets withing a VNET, then all 20 subnets can communicate with each other by default. You don't need to add any NSG or Route table to achieve this. 

    Does the NSG rules need to be added to allow communication between these two subnets?

    No. You don't need to create NSG explicitly 

    Is it best just to allow all traffic?

    Its upto you. If you want to allow communication between Subnets, then you can go for it. Or add NSG to deny traffic and allow traffic to specific subnets which you need communication.

    What happens if a NSG is not used (not associated with the IaaS) for the IaaS in each subnet?

    No NSG means, all ports are open and no restriction. Again, NSG can be applied to subnet as well as NIC. Even if you don't have NSG at the subnet, you can still protect your VM by applying NSG to the NIC.



    What if the NSG rules were all deleted ( NSG with no rules ),... what would happen to the communication?

    There are default rules in NSG which cannot be deleted. So those rules are applied when you don't have any manual rules applied. 

    Regards, 

    Msrini

    Monday, September 23, 2019 5:08 AM
    Moderator

All replies

  • Unlike On-Premises, communications are allowed between subnets in a VNET by default. If you have 20 subnets withing a VNET, then all 20 subnets can communicate with each other by default. You don't need to add any NSG or Route table to achieve this. 

    Does the NSG rules need to be added to allow communication between these two subnets?

    No. You don't need to create NSG explicitly 

    Is it best just to allow all traffic?

    Its upto you. If you want to allow communication between Subnets, then you can go for it. Or add NSG to deny traffic and allow traffic to specific subnets which you need communication.

    What happens if a NSG is not used (not associated with the IaaS) for the IaaS in each subnet?

    No NSG means, all ports are open and no restriction. Again, NSG can be applied to subnet as well as NIC. Even if you don't have NSG at the subnet, you can still protect your VM by applying NSG to the NIC.



    What if the NSG rules were all deleted ( NSG with no rules ),... what would happen to the communication?

    There are default rules in NSG which cannot be deleted. So those rules are applied when you don't have any manual rules applied. 

    Regards, 

    Msrini

    Monday, September 23, 2019 5:08 AM
    Moderator
  • Can a subnet in one availability zone communicate with another subnet in a different availability zone.

    The above availability zones are in the same vnet.

    What if the availability zones are in different vnet?  I am thinking you would need peering between the vnets in order for the subnets in the two vnets to communicate and would this communication be automatic without any other additional configurations?

    note - I recall that you stated that any subnet in a availability zone by default can communicate with other subnets as long as they in the same vnet?


    dsk

    Monday, September 23, 2019 8:37 PM
  • As long as the VMs are in same VNET you can communicate with the VM by default. No matter it is in different availability set or Zones. 

    Yes you need peering to communicate to the VMs in the different VNETs. 

    Regards, 

    Msrini

    Tuesday, September 24, 2019 4:50 AM
    Moderator