Tag Archives: Windows Azure

How to configure multiple virtual network connections in Azure

When using infrastructure as a service in Microsoft Azure you could earlier only have one virtual network, which would be like it’s own little isolated island. A while back Microsoft enabled for its customers to connect multiple virtual networks together, both in the same datacenter, same region, cross region and cross subscription. This enables a whole lot of new scenarios, for example building your own global datacenter on top of Azure infrastructure.

So how do you go about doing it? Well, you need to start with planning. I know it’s boring but if you don’t you could end up having to tear everything down just to rebuild it, doesn’t sound too much fun either.

What you need before starting:

An ip-plan
A VPN device with a public IPv4 address (not necessary, but will let you enable a hybrid cloud scenario)
PowerShell cmdlets for Azure installed and configured

My ip-plan looks like this:

Local network name Subnet
HomeNet 10.0.0.0/24
AzureNet-Local 10.0.1.0/24
USNet-Local 10.0.2.0/24
JNNet-Local 10.0.3.0/24

Of the networks above HomeNet is my physical network location. The other three networks exists only in Azure. What you must make sure when you plan is that no range overlap anywhere, no matter if it’s in Azure or at any physical locations.

 

Once you’ve planned that I have a separate table for my topology so I know which networks to connect. When starting off you won’t know your gateway ip, so don’t worry.

Virtual Network Subnet Gateway Local network
AzureNet 10.0.1.0/24 137.117.227.xxx HomeNet 10.0.0.0/24
USNet 10.0.2.0/24 168.61.160.xxx JNNet 10.0.3.0/24
JNNet 10.0.3.0/24 23.97.77.xxx USNet 10.0.2.0/24

 

Getting started

Starting off I already have one network called AzureNet (10.0.1.0/24) which is connected to my physical network Homenet (10.0.0.0/24). You can follow this guide even if you don’t have that, just repeat the process.

vlcsnap-2014-06-13-09h38m57s199

 

 

Let’s create a new virtual network first

In the portal, click New -> Network Services -> Virtual Network -> Custom Create

Name your network and select a location. South Central is in Brazil so I’ve named my network BRnet.

 

newnet01

 

 

Select (or enter) your DNS servers ip and name for local name resolution.

newnet02

 

 

Enter your address space. Make sure there’s no overlapping subnets anywhere. Very important!

newnet03

 

 

Repeat this process for all the virtual networks you need.

When all your virtual networks are created it’ll look like this. Note the different locations in my setup, placing my networks in Japan, USA and Amsterdam.

vlcsnap-2014-06-13-09h38m43s56

 

 

Local networks

When the virtual networks are done we’ll create local networks of the virtual networks. This is because to be able to connect the networks they need to be defined as “local” in Azure.

 

vlcsnap-2014-06-13-09h40m17s223

 

 

Name your network, and specify 1.2.3.4 as VPN device address.

vlcsnap-2014-06-13-09h40m28s87

 

 

Specify the address space that you’ve planned beforehand.

vlcsnap-2014-06-13-09h40m51s54

 

 

Repeat this for each virtual network, re-defining it as local.

When you’re done it’ll look like this

vlcsnap-2014-06-13-09h41m17s60

 

 

Switch back to your virtual networks in the portal and go into the configure tab. Check the “connect to the local network”-box and select the corresponding “local network” that you planned before. Click save at the bottom. Repeat this process for each virtual network connecting it to the designated “local” network.

vlcsnap-2014-06-13-09h42m01s246

 

 

Next step is to create the dynamic gateway. You get the message “The gateway was not created” in the portal. At the bottom click “Create gateway” and select “Dynamic”. Do this for all your virtual networks. It’ll take 10-25 minutes to finish for each gateway. Coffee time!

vlcsnap-2014-06-13-09h42m39s112

 

 

When they’re all done, note the gateway ip address in your table for all your networks/gateways.

vlcsnap-2014-06-13-09h39m08s45

 

 

Edit your local networks and add the gateway ip address for each network.Click on the network, click Edit and enter your gateway ip.

vlcsnap-2014-06-13-09h44m40s40

 

 

When all virtual networks and their corresponding local networks are created it’s XML-time. Get some more coffee!

Click the Export-button and save the file.

Open it in Notepad / Notepad++ (if you haven’t tried it you must)

In the XML you’ll find the section <LocalNetworkSites> which contains all the networks defined as local.

<LocalNetworkSites>
<LocalNetworkSite name="AzureNet-Local">
<AddressSpace>
<AddressPrefix>10.0.1.0/24</AddressPrefix>
</AddressSpace>
<VPNGatewayAddress>137.117.227.238</VPNGatewayAddress>
</LocalNetworkSite>
<LocalNetworkSite name="HomeNet">
<AddressSpace>
<AddressPrefix>10.0.0.0/24</AddressPrefix>
</AddressSpace>
<VPNGatewayAddress>178.78.193.167</VPNGatewayAddress>
</LocalNetworkSite>
<LocalNetworkSite name="JNNet-Local">
<AddressSpace>
<AddressPrefix>10.0.3.0/24</AddressPrefix>
</AddressSpace>
<VPNGatewayAddress>23.97.65.15</VPNGatewayAddress>
</LocalNetworkSite>
<LocalNetworkSite name="USNet-Local">
<AddressSpace>
<AddressPrefix>10.0.2.0/24</AddressPrefix>
</AddressSpace>
<VPNGatewayAddress>168.61.160.90</VPNGatewayAddress>
</LocalNetworkSite>
</LocalNetworkSites>

If you look further down in the XML you’ll find the section <VirtualNetworkSites>. This contains subsections for each virtual network site <VirtualNetworkSite>, and in that section in turn you’ll see where to define the connections to each network.

 

<ConnectionsToLocalNetwork>
<LocalNetworkSiteRef name="HomeNet">
<Connection type="IPsec" />
</LocalNetworkSiteRef>
<LocalNetworkSiteRef name="JNNet-Local">
<Connection type="IPsec" />
</LocalNetworkSiteRef>
<LocalNetworkSiteRef name="USNet-Local">
<Connection type="IPsec" />
</LocalNetworkSiteRef>
</ConnectionsToLocalNetwork>

So for each virtual network you’ll need to copy and paste each local network as above.

If you look at my complete XML I’ve marked those sections in red.

<NetworkConfiguration xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/ServiceHosting/2011/07/NetworkConfiguration">
<VirtualNetworkConfiguration>
<Dns>
<DnsServers>
<DnsServer name="cmdc01" IPAddress="192.168.1.4" />
<DnsServer name="cmdemodc01" IPAddress="192.168.1.10" />
<DnsServer name="DC01" IPAddress="10.0.0.10" />
<DnsServer name="DC02" IPAddress="10.0.1.4" />
</DnsServers>
</Dns>
<LocalNetworkSites>
<LocalNetworkSite name="AzureNet-Local">
<AddressSpace>
<AddressPrefix>10.0.1.0/24</AddressPrefix>
</AddressSpace>
<VPNGatewayAddress>137.117.227.238</VPNGatewayAddress>
</LocalNetworkSite>
<LocalNetworkSite name="HomeNet">
<AddressSpace>
<AddressPrefix>10.0.0.0/24</AddressPrefix>
</AddressSpace>
<VPNGatewayAddress>178.78.193.167</VPNGatewayAddress>
</LocalNetworkSite>
<LocalNetworkSite name="JNNet-Local">
<AddressSpace>
<AddressPrefix>10.0.3.0/24</AddressPrefix>
</AddressSpace>
<VPNGatewayAddress>23.97.65.15</VPNGatewayAddress>
</LocalNetworkSite>
<LocalNetworkSite name="USNet-Local">
<AddressSpace>
<AddressPrefix>10.0.2.0/24</AddressPrefix>
</AddressSpace>
<VPNGatewayAddress>168.61.160.90</VPNGatewayAddress>
</LocalNetworkSite>
</LocalNetworkSites>
<VirtualNetworkSites>
<VirtualNetworkSite name="AzureNet" AffinityGroup="AzureNet">
<AddressSpace>
<AddressPrefix>10.0.1.0/24</AddressPrefix>
</AddressSpace>
<Subnets>
<Subnet name="Subnet-1">
<AddressPrefix>10.0.1.0/27</AddressPrefix>
</Subnet>
<Subnet name="Contoso-Subnet">
<AddressPrefix>10.0.1.200/27</AddressPrefix>
</Subnet>
<Subnet name="GatewaySubnet">
<AddressPrefix>10.0.1.32/29</AddressPrefix>
</Subnet>
</Subnets>
<DnsServersRef>
<DnsServerRef name="DC01" />
<DnsServerRef name="DC02" />
</DnsServersRef>
<Gateway>
<ConnectionsToLocalNetwork>
<LocalNetworkSiteRef name="HomeNet">
<Connection type="IPsec" />
</LocalNetworkSiteRef>
<LocalNetworkSiteRef name="JNNet-Local">
<Connection type="IPsec" />
</LocalNetworkSiteRef>
<LocalNetworkSiteRef name="USNet-Local">
<Connection type="IPsec" />
</LocalNetworkSiteRef>
</ConnectionsToLocalNetwork>
</Gateway>
</VirtualNetworkSite>
<VirtualNetworkSite name="CMDemo" AffinityGroup="CMDemo-AFG">
<AddressSpace>
<AddressPrefix>192.168.1.0/24</AddressPrefix>
</AddressSpace>
<Subnets>
<Subnet name="Infra">
<AddressPrefix>192.168.1.0/26</AddressPrefix>
</Subnet>
<Subnet name="Mgmt">
<AddressPrefix>192.168.1.64/26</AddressPrefix>
</Subnet>
<Subnet name="Clients">
<AddressPrefix>192.168.1.128/27</AddressPrefix>
</Subnet>
</Subnets>
<DnsServersRef>
<DnsServerRef name="cmdc01" />
</DnsServersRef>
</VirtualNetworkSite>
<VirtualNetworkSite name="JnNet" AffinityGroup="JnNet-AFG">
<AddressSpace>
<AddressPrefix>10.0.3.0/24</AddressPrefix>
</AddressSpace>
<Subnets>
<Subnet name="Subnet-1">
<AddressPrefix>10.0.3.0/28</AddressPrefix>
</Subnet>
<Subnet name="Subnet-2">
<AddressPrefix>10.0.3.24/29</AddressPrefix>
</Subnet>
<Subnet name="Subnet-3">
<AddressPrefix>10.0.3.32/27</AddressPrefix>
</Subnet>
<Subnet name="GatewaySubnet">
<AddressPrefix>10.0.3.16/29</AddressPrefix>
</Subnet>
</Subnets>
<DnsServersRef>
<DnsServerRef name="DC01" />
</DnsServersRef>
<Gateway>
<ConnectionsToLocalNetwork>
<LocalNetworkSiteRef name="USNet-Local">
<Connection type="IPsec" />
</LocalNetworkSiteRef>
<LocalNetworkSiteRef name="AzureNet-Local">
<Connection type="IPsec" />
</LocalNetworkSiteRef>
</ConnectionsToLocalNetwork>
</Gateway>
</VirtualNetworkSite>
<VirtualNetworkSite name="UsNet" AffinityGroup="CentralUS-AG">
<AddressSpace>
<AddressPrefix>10.0.2.0/24</AddressPrefix>
</AddressSpace>
<Subnets>
<Subnet name="Subnet-1">
<AddressPrefix>10.0.2.0/28</AddressPrefix>
</Subnet>
<Subnet name="Subnet-2">
<AddressPrefix>10.0.2.24/29</AddressPrefix>
</Subnet>
<Subnet name="GatewaySubnet">
<AddressPrefix>10.0.2.16/29</AddressPrefix>
</Subnet>
</Subnets>
<DnsServersRef>
<DnsServerRef name="DC02" />
</DnsServersRef>
<Gateway>
<ConnectionsToLocalNetwork>
<LocalNetworkSiteRef name="JNNet-Local">
<Connection type="IPsec" />
</LocalNetworkSiteRef>
<LocalNetworkSiteRef name="AzureNet-Local">
<Connection type="IPsec" />
</LocalNetworkSiteRef>
</ConnectionsToLocalNetwork>
</Gateway>
</VirtualNetworkSite>
</VirtualNetworkSites>
</VirtualNetworkConfiguration>
</NetworkConfiguration>

Note that for each network there is a corresponding section of <ConnectionsToLocalNetwork>.

When you’re done save the file and then it’s time to import it!

import

 

 

Wait for your networks to configure. Then it’s PowerShell-time!

Fire up PowerShell with the Azure cmdlets.

Run the cmdlet “Set-AzureVNetGatewayKey -VNetName AzureNet -LocalNetworkSiteName JNNet-Local -SharedKey a1b2c3d4” for each virtual network setting the key for each local network.

So I’d run:

Set-AzureVNetGatewayKey -VNetName AzureNet -LocalNetworkSiteName JNNet-Local -SharedKey a1b2c3d4
Set-AzureVNetGatewayKey -VNetName AzureNet -LocalNetworkSiteName USNet-Local -SharedKey a1b2c3d4
Set-AzureVNetGatewayKey -VNetName AzureNet -LocalNetworkSiteName HomeNet -SharedKey a1b2c3d4
Set-AzureVNetGatewayKey -VNetName JNNet -LocalNetworkSiteName USNet-Local -SharedKey a1b2c3d4
Set-AzureVNetGatewayKey -VNetName JNNet -LocalNetworkSiteName AzureNet-Local -SharedKey a1b2c3d4

And so on, switching the virtual network and the local network according to your topology.

When you’re done with that it’s time to connect your networks:

Set-AzureVNetGateway -VNetName AzureNet -LocalNetworkSiteName JNNet -Connect

And as before, substitute the vnetnames and local network names.

Once done it’ll (hopefully) look like this:

vlcsnap-2014-06-13-09h46m22s38

 

 

How did you do? Let me know in the comments!

Can I restore my Active Directory in Windows Azure?

It seems like I get loads of questions about Windows Azure and the IAAS offering we’re running these days. The last one is about how to get into DSRM (Directory Services Restore Mode), if you’ve been running your AD for a while you remember the old F8 trick during boot but in Windows Azure there’s only RDP access, so no pressing F8 then… Well, there’s a solution for everything and our engineers thought of this too, long before Windows Azure.

One big prereq for this to work out. You must have set your DSRM password to something you remember 😉

Two ways of doing this:

1) Sync with the domain administrator password: http://technet.microsoft.com/en-us/library/jj713556.aspx

2) Set it manually: http://technet.microsoft.com/en-us/library/cc754363.aspx#BKMK_examples

Once that’s done you just use bcdedit to boot into DSRM the next boot, open up CMD and type:

1) bcdedit /set safeboot dsrepair
2) shutdown –r –t 0

Once it has rebooted you can logon to your server by using “hostnameadministrator” with your DSRM password.

When you’re done restoring your AD you’ll need to make sure it boots back to normal. Open up CMD and type:

bcdedit /deletevalue {current} safeboot

On the next boot it’ll boot into Windows normally and you’re hopefully all back to normal operations!

Making a linux VM running in Windows Azure auto-register in internal DNS.

Friday fun with other operating systems! Being a Windows guy with limited knowledge in Linux these things always burns a fuse it seems. Well, I have a customer spawning Linux vm:s in Windows Azure wanting these to automatically register their A-records in DNS just like Windows does. Well, seems there’s no easy way for this, but I’ve found a solution. Keep in mind that there might be an easier solution but for a Windows admin this at least works.

Prereqs for this to work:

  1. Your DNS-zone must accept unsecure updates.
  2. Your Linux machine must have its hostname updated with the FQDN.
  3. You must have a gateway to your internal network configured, not included in this article, no need to look for it. Look under “TV” for a guide on how to set that up.

Solution 1

Make sure your zone allows unsecure updates. Start DNS MMC, right-click your zone, select properties, edit your zone to allow Nonsecure and secure updates.

dns

 

 

 

 

 

 

 

Solution 2

Edit /etc/hostname and add your unqualified hostname:

ns-ub01

Edit /etc/hosts:

sudo vi /etc/hosts

Add an entry of your desired hostname by replacing ns-ub01.labs.nullsession.com ns-ub01 where ns-ub01.labs.nullsession.com is the fully qualified hostname and ns-ub01 is hostname.

127.0.1.1 ns-ub01.labs.nullsession.com ns-ub01

Test your configuration by opening a terminal and enter the below commands:
“hostname<enter”>: This should output ns-ub01

“hostname -f”: This should output ns-ub01.labs.nullsession.com

 

You could also update it with the command hostname servernamn.fqdn which updates it but only lasts until reboot.

 

The script:

#!/bin/bash

_HOST=$(hostname)
_IP=$(ifconfig eth0 | grep ‘inet addr:’ | cut -d: -f2 | awk ‘{ print $1}’)

nsupdate << EOF
server dnsservername.fqdn (dc01.labs.nullsession.com)
zone fqdn (labs.nullsession.com)
update delete $_HOST A
update add $_HOST 86400 A $_IP
send
EOF

 

The easiest way is to schedule the script with cron so that it runs periodically, this also updates the DNS in case the ip changes. The script is only tested on Ubuntu, but should at least get you started on other distros as well.