Peer Less, Sync More
In August of 2021, Microsoft announced a preview Azure feature that many of us in the community who manage infrastructure have been asking about for years: the ability to add or remove address space to peered virtual networks without the removal of peering.
Join me as I go over why this feature is such a big deal from an Azure cloud infrastructure/management prospective and why you should use it to avoid the inconveniences that come with removing peering. I’ll also share how to use this feature, which will include some small snippets of code as well as how to use it within the Azure portal.
Benefits of this Feature
So, what’s the big deal? Why should you care about this? Well, anyone who is managing infrastructure could tell you removal of peering just to add address space feels awful. Since removal of peering means a subscription is completely without network connectivity, many workplaces would require this work be done in some sort of maintenance window. These windows usually aren’t in the friendliest hours for developers as they are aiming for minimum business impact. While these tasks can easily be automated, there’s always the chance something like this could fail for numerous reasons, potentially leaving a subscription in a disconnected peering state which nobody wants to go through.
Lucky for us, the new virtual network address sync feature lets users add or remove address space from a peered virtual network without having to remove peering eliminating these scenarios all together.
Before we get started on using the feature, I wanted to note in this example that I am using a hub/spoke model for this.
How to Use This Feature
All right. Finally, it’s time for us to go over how to use this feature. Let’s start off by enabling the feature in both of the subscriptions you plan on peering virtual networks. But before that, make sure you have at least version 4.11.0 of Az.Network PowerShell module, unless you plan on using the Azure portal (which I will go over after this.)
Register Resource ProviderSet-AzContext "hub-subscriptionid/spoke-subscriptionid"if ((Get-AzProviderFeature -ProviderNamespace Microsoft.Network -ListAvailable | Where-Object featureName -eq "AllowUpdateAddressSpaceInPeeredVnets").RegistrationState -eq "NotRegistered") {Register-AzProviderFeature -ProviderNamespace Microsoft.Network -FeatureName AllowUpdateAddressSpaceInPeeredVnets}
Now let’s add some address space to the spoke virtual network.
Add address space to virtual network$addressSpace = "new-address-space"$vNetSpoke = Get-AzVirtualNetwork -name "vNet-spoke-name" -ResourceGroupName "vNet-spoke-rg-name"$vNetSpoke.AddressSpace.AddressPrefixes.Add($addressSpace )Set-AzVirtualNetwork -VirtualNetwork $vNetSpoke
Now that we’ve added address space to the spoke virtual network you, I want to go over the PeeringSyncLevel property that is on the virtual networking peering itself. Since we just added address space to the spoke, the PeeringSyncLevel property will have the value RemoteNotInSync and the hub virtual network will a value of LocalNotInSync. Notice that these are pointing to the same virtual network which is the virtual network that will need its peering synced in order for the address space to be available for use with network connectivity.
Sync PeeringSet-AzContext "hub-subscriptionid"$peeringStatus = Get-AzVirtualNetworkPeering -VirtualNetworkName 'hub-vNet' -ResourceGroupName 'hub-vNet-rg' | Where { $_.PeeringSyncLevel -eq 'LocalNotInSync'}#note $peeringStatus will return multiple objects if multiple spokes address were updated
if ($null -ne $peeringStatus) {foreach($peering in $peeringStatus) {Sync-AzVirtualNetworkPeering -Name $peering.Name -VirtualNetworkName $peering.VirtualNetworkName -ResourceGroupName $peering.ResourceGroupName}
}
Note: For this example, we added space to the spoke. If you add address space to the hub you would swap references of the hub and spoke in the examples given.
Steps to Follow for Azure Portal
Now for those that would like to do this via the Azure portal, here are the steps you would follow.
Next add your new address space to the virtual network
After adding your address space, go over to the virtual network Peerings tab and you will see a warning saying that a remote sync is required in the peering status column.
Check the box next to the peering that is not in sync and click the sync button.
Give it a few seconds and the status will now be updated.
So, to summarize what we’ve gone over, there’s now no reason to remove peering when you need to do any changes to your virtual networks address space and potentially cause down time on your Azure hosted services. With the virtual network sync feature you can conveniently add or remove address space to a peered virtual network from both powershell and the Azure portal with a few simple steps.
