Unable to ping azure vm1 to azure vm2
I am trying to implement hub and spoke POC in azure playground. However all resources got implemented but I still can't ping vm1 to vm2 or vice versa. Below is the code. Please note that I have as pic I have allowed wild card in both vms nsg ports in inbound port. I have deployed vm1 in subnet1 and vm2 in subnet2
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "3.115.0"
}
tls = {
source = "hashicorp/tls"
version = "~>4.0"
}
}
}
provider "azurerm" {
features {}
skip_provider_registration = true
}
data "azurerm_resource_group" "myrg" {
name = "1-cace0afe-playground-sandbox"
}
# Hub VNet
resource "azurerm_virtual_network" "hub_vnet" {
name = "hub-vnet"
address_space = ["10.0.0.0/16"]
location = data.azurerm_resource_group.myrg.location
resource_group_name = data.azurerm_resource_group.myrg.name
}
# Spoke 1 VNet
resource "azurerm_virtual_network" "spoke1_vnet" {
name = "spoke1-vnet"
address_space = ["10.1.0.0/16"]
location = data.azurerm_resource_group.myrg.location
resource_group_name = data.azurerm_resource_group.myrg.name
}
# Spoke 2 VNet
resource "azurerm_virtual_network" "spoke2_vnet" {
name = "spoke2-vnet"
address_space = ["10.2.0.0/16"]
location = data.azurerm_resource_group.myrg.location
resource_group_name = data.azurerm_resource_group.myrg.name
}
# Hub Subnet
resource "azurerm_subnet" "hub_subnet" {
name = "hub-subnet"
resource_group_name = data.azurerm_resource_group.myrg.name
virtual_network_name = azurerm_virtual_network.hub_vnet.name
address_prefixes = ["10.0.1.0/24"]
}
# Spoke 1 Subnet
resource "azurerm_subnet" "spoke1_subnet" {
name = "spoke1-subnet"
resource_group_name = data.azurerm_resource_group.myrg.name
virtual_network_name = azurerm_virtual_network.spoke1_vnet.name
address_prefixes = ["10.1.1.0/24"]
}
# Spoke 2 Subnet
resource "azurerm_subnet" "spoke2_subnet" {
name = "spoke2-subnet"
resource_group_name = data.azurerm_resource_group.myrg.name
virtual_network_name = azurerm_virtual_network.spoke2_vnet.name
address_prefixes = ["10.2.1.0/24"]
}
resource "azurerm_virtual_network_peering" "hub_to_spoke1" {
name = "hub-to-spoke1"
remote_virtual_network_id = azurerm_virtual_network.spoke1_vnet.id
virtual_network_name = azurerm_virtual_network.hub_vnet.name
resource_group_name = data.azurerm_resource_group.myrg.name
allow_virtual_network_access =true
allow_gateway_transit = true
allow_forwarded_traffic = true
use_remote_gateways = false
}
resource "azurerm_virtual_network_peering" "spoke1_to_hub" {
name = "spoke1-to-hub"
remote_virtual_network_id = azurerm_virtual_network.hub_vnet.id
virtual_network_name = azurerm_virtual_network.spoke1_vnet.name
resource_group_name = data.azurerm_resource_group.myrg.name
allow_virtual_network_access =true
allow_gateway_transit = false
allow_forwarded_traffic = true
use_remote_gateways = false
}
resource "azurerm_virtual_network_peering" "hub_to_spoke2" {
name = "hub-to-spoke2"
remote_virtual_network_id = azurerm_virtual_network.spoke2_vnet.id
virtual_network_name = azurerm_virtual_network.hub_vnet.name
resource_group_name = data.azurerm_resource_group.myrg.name
allow_virtual_network_access =true
allow_gateway_transit = true
allow_forwarded_traffic = true
use_remote_gateways = false
}
resource "azurerm_virtual_network_peering" "spoke2_to_hub" {
name = "spoke2-to-hub"
remote_virtual_network_id = azurerm_virtual_network.hub_vnet.id
virtual_network_name = azurerm_virtual_network.spoke2_vnet.name
resource_group_name = data.azurerm_resource_group.myrg.name
allow_virtual_network_access =true
allow_gateway_transit = false
allow_forwarded_traffic = true
use_remote_gateways = false
}
resource "azurerm_public_ip" "pipip1" {
allocation_method = "Static"
location = data.azurerm_resource_group.myrg.location
name = "pip1"
resource_group_name = data.azurerm_resource_group.myrg.name
}
resource "azurerm_public_ip" "pipip2" {
allocation_method = "Static"
location = data.azurerm_resource_group.myrg.location
name = "pip2"
resource_group_name = data.azurerm_resource_group.myrg.name
}
resource "azurerm_network_interface" "nic1" {
name = "nic1"
resource_group_name = data.azurerm_resource_group.myrg.name
location = data.azurerm_resource_group.myrg.location
ip_configuration {
name = "nic1-ip"
private_ip_address_allocation = "Dynamic"
subnet_id = azurerm_subnet.spoke1_subnet.id
public_ip_address_id = azurerm_public_ip.pipip1.id
}
}
resource "azurerm_network_interface" "nic2" {
name = "nic2"
resource_group_name = data.azurerm_resource_group.myrg.name
location = data.azurerm_resource_group.myrg.location
ip_configuration {
name = "nic2-ip"
private_ip_address_allocation = "Dynamic"
subnet_id = azurerm_subnet.spoke2_subnet.id
public_ip_address_id = azurerm_public_ip.pipip2.id
}
}
resource "azurerm_linux_virtual_machine" "vm1" {
name = "vm1"
resource_group_name = data.azurerm_resource_group.myrg.name
location = data.azurerm_resource_group.myrg.location
size = "Standard_B2s"
admin_username = "test"
network_interface_ids = [
azurerm_network_interface.nic1.id,
]
admin_ssh_key {
username = "sharat"
public_key = file("~/.ssh/id_rsa.pub")
}
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "0001-com-ubuntu-server-jammy"
sku = "22_04-lts"
version = "latest"
}
}
resource "azurerm_linux_virtual_machine" "vm2" {
name = "vm2"
resource_group_name = data.azurerm_resource_group.myrg.name
location = data.azurerm_resource_group.myrg.location
size = "Standard_B2s"
admin_username = "test"
network_interface_ids = [
azurerm_network_interface.nic2.id,
]
admin_ssh_key {
username = "sharat"
public_key = file("~/.ssh/id_rsa.pub")
}
os_disk {
caching = "ReadWrite"
storage_account_type = "Standard_LRS"
}
source_image_reference {
publisher = "Canonical"
offer = "0001-com-ubuntu-server-jammy"
sku = "22_04-lts"
version = "latest"
}
}
Solution
The reason VM1 and VM2 are not communicating is that they are in different VNets, and you haven't enabled peering between Spoke VNet1 and Spoke VNet2
To establish communication between VM1 and VM2, you need to create a peering between Spoke1 VNet and Spoke2 VNet. Only then will VM1 and VM2 be able to communicate with each other.
When I tried using the same Terraform configuration that you are using, I also got the same error.
Make sure to enable peering. Add the following Terraform code to your configuration to enable peering between Spoke VNet1 and Spoke VNet2.
resource "azurerm_virtual_network_peering" "spoke1-to-spoke2" {
name = "spoke1-to-spoke2"
resource_group_name = azurerm_resource_group.myrg.name
virtual_network_name = azurerm_virtual_network.spoke1_vnet.name
remote_virtual_network_id = azurerm_virtual_network.spoke2_vnet.id
allow_virtual_network_access =true
allow_gateway_transit = false
allow_forwarded_traffic = true
use_remote_gateways = false
}
resource "azurerm_virtual_network_peering" "spoke2-to-spoke1" {
name = "spoke2-to-spoke1"
resource_group_name = azurerm_resource_group.myrg.name
virtual_network_name = azurerm_virtual_network.spoke2_vnet.name
remote_virtual_network_id = azurerm_virtual_network.spoke1_vnet.id
allow_virtual_network_access =true
allow_gateway_transit = false
allow_forwarded_traffic = true
use_remote_gateways = false
}
Terraform Apply
After enabling the peering, the both the VM's are started communicating each other.
- Cannot add data to a ComplexField using Python SDK for Azure AI Search
- letsencrypt cert request failing for AKS ingress
- Playwright Test execution on Azure Windows machine fails in pipeline with error as No test found, It works perfectly with same command
- How to Combining PowerShell Output from multiple server to Single csv
- How can I find all Azure app registrations with API permissions to a specific app registration?
- Azure Deployment Groups vs Agent Pools
- I cannot extract .sql CREATE TABLEs for each table in my Azure SQL Database in my Azure Repo
- Can not read blobs through BlobContainerClient for blobs with empty folder prefixes
- Are task logs deleted when the node is deleted due to autoscaling in Azure Batch service?
- Azure Function Blob Storage Monitor
- I want to fetch Azure SQL table data from ADF to use as input in copy activity
- How to access code of my Azure website?
- Run JMeter script in AzureDevOps - Bearer Access Token generation
- Azure Function - HTTP trigger request length exceeded
- How and where to define an environment variable on Azure
- Stream Analytics doesn't output the data to SQL but does to a blob storage
- While Hierarchical namespace enabled cannot upload blob with metadata hdi_isfolder
- Cannot log in to Visual Studio Account in VS 2022
- SchemaColumnConvertNotSupportedException: column: [Col_Name], physicalType: INT64, logicalType: string
- create Azure Keyvault secret without exposing values
- Can you create 'User Flows' in Azure with a pay-as-you-go account
- Deploy ARM template at management group scope with Azure DevOps Pipeline
- How to make an azure function that deploys my bicep script from Azure Storage Account
- Basic SQL commands in Terraform
- Can we Deploy Web Application in Azure OpenAI of Production Level
- Get-MgGroupMember by display name instead of userID
- Azure DevOps REST API parent relation link to existing work item error
- What should be put to 'repoOwners' in Managed Identity Federated Credentials policy?
- How to get list of users from CSV file whose LastSignInDate column has a date that is before 90 days from current date or is empty?
- Langchain cannot connect with Azure SQL Database