Part 3: Hub and Spoke Topology

Scenario: Building a demo or proof of concept to understand the technology, azure resources and configuration settings that involve Azure Virtual Networks, VNet Peerings, Virtual Network Gateway, and Site to Site VPN Connections. The architecture is to emulate a hybrid cloud topology with on-premises network emulated with an Azure VNETs in a hub and spoke network topology.

My Azure CLI script to build most of this network architecture can be found at https://github.com/RoyKimYYZ/azurehubandspokenetworkpoc/blob/main/create-hubandspokenetwork.azcli

Hub and Spoke VNet design

The Hub and Spoke Topology is a pattern of a central VNET and many VNets connected to it. But you typically wouldn’t have spoke VNets connected to each other or have a 2nd level of VNET connecting to the spoke VNets. If so, it would make managing the network complicated and in some cases unnecessary.

The Hub VNet is a centralized communication hub for network communication to serve the following purposes

1. Host network devices that are shared or core services among other workloads and devices in the network.
   Typical shared services placed in the hub VNet would be AD domain controllers, DNS servers, mail servers, print server and firewall appliances. This is so that virtual machines and servers in spoke
2. Support network isolation and segregation between other virtual networks.
3. A central point of ingress and egress communication to on-premises, other cloud networks and to the internet.
   

The hub and spoke model allows for extensibility and flexibility as your network architecture grows. Extend by adding additional spoke VNets connected to the Hub VNet.

Read further for the VNets, subnet and peering design in part 4.