Skip to content

Instantly share code, notes, and snippets.

@rbenigno

rbenigno/AzureHubSpoke.ps1

Created October 24, 2022 19:36
Show Gist options
  • Save rbenigno/3df1c210d1085aed27db660253f0f5d7 to your computer and use it in GitHub Desktop.
Save rbenigno/3df1c210d1085aed27db660253f0f5d7 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
AzureHubSpoke.ps1
#########
# The routes in this config use the firewall for routing between spokes and
# and for spoke traffic to the internet. Additional routes needed if hub
# shared subnet should also go through the firewall
# Region
$azregion = 'westus3'
# Resource Group
$vnetresourcegroup = "rg-network-prod-wus3-001"
# Hub Virtual Network
$hubvnet = "vnet-hub-prod-wus3-001"
$hubvnetaddressprefix1 = "10.200.16.0/20"
$hubvnet_sharedsubnet = "10.200.17.0/24"
$hubvnet_sharedsubnetname = "snet-shared-prod-wus3-001"
$hubvnet_sharedsubnet_routetable = "rt-snet-shared-prod-wus3-001"
# Spoke Virtual Network
$spokevnet = "vnet-storage-prod-wus3-001"
$spokevnetaddressprefix = "10.200.4.0/22"
$spokevnetsubnet = "10.200.4.0/24"
$spokevnetsubnetname = "snet-netapp-prod-wus3-001"
$spokevnet_routetable = "rt-$($spokevnet)"
# Firewall
$hubfw_inside_ip = "10.10.10.10"
#########
# Create Hub Virtual Network
$HubVirtualNetwork = New-AzVirtualNetwork `
-ResourceGroupName $vnetresourcegroup `
-Location $azregion `
-Name $hubvnet `
-AddressPrefix $hubvnetaddressprefix1
# Create shared subnet
$SubnetConfig = Add-AzVirtualNetworkSubnetConfig `
-Name $hubvnet_sharedsubnetname `
-AddressPrefix $hubvnet_sharedsubnet `
-VirtualNetwork $HubVirtualNetwork
# Assign newly created subnet to Virtual Network
$HubVirtualNetwork | Set-AzVirtualNetwork
# Create a route table for the shared subnet
$SubnetRouteTable = New-AzRouteTable `
-Name $hubvnet_sharedsubnet_routetable `
-ResourceGroupName $vnetresourcegroup `
-location $azregion
# Associate the route table to the shared subnet
Set-AzVirtualNetworkSubnetConfig `
-VirtualNetwork $HubVirtualNetwork `
-Name $hubvnet_sharedsubnetname `
-AddressPrefix $hubvnet_sharedsubnet `
-RouteTable $SubnetRouteTable | `
Set-AzVirtualNetwork
#########
# Create Spoke Virtual Network
$SpokeVirtualNetwork = New-AzVirtualNetwork `
-ResourceGroupName $vnetresourcegroup `
-Location $azregion `
-Name $spokevnet `
-AddressPrefix $spokevnetaddressprefix
# Create subnet
$SubnetConfig = Add-AzVirtualNetworkSubnetConfig `
-Name $spokevnetsubnetname `
-AddressPrefix $spokevnetsubnet `
-VirtualNetwork $SpokeVirtualNetwork
# Assign newly created subnet to Virtual Network
$SpokeVirtualNetwork | Set-AzVirtualNetwork
# Peer Virtual Networks
$HubVirtualNetwork = Get-AzVirtualNetwork -name $hubvnet
$SpokeVirtualNetwork = Get-AzVirtualNetwork -name $spokevnet
# Peer Hub to Spoke
Add-AzVirtualNetworkPeering `
-Name "$($hubvnet)_to_$($spokevnet)" `
-VirtualNetwork $HubVirtualNetwork `
-RemoteVirtualNetworkId $SpokeVirtualNetwork.Id `
-AllowForwardedTraffic `
-AllowGatewayTransit
# Peer Spoke to Hub
Add-AzVirtualNetworkPeering `
-Name "$($spokevnet)_to_$($hubvnet)" `
-VirtualNetwork $SpokeVirtualNetwork `
-RemoteVirtualNetworkId $HubVirtualNetwork.Id `
-AllowForwardedTraffic `
# -UseRemoteGateways # Only if hub has gateway or route server
# Spoke Route Table creation
$AzFirewallRouteTable = New-AzRouteTable `
-Name $spokevnet_routetable `
-ResourceGroupName $vnetresourcegroup `
-location $azregion `
-DisableBgpRoutePropagation
# Create a route (default route)
Get-AzRouteTable `
-ResourceGroupName $vnetresourcegroup `
-Name $spokevnet_routetable `
| Add-AzRouteConfig `
-Name "Default" `
-AddressPrefix 0.0.0.0/0 `
-NextHopType "VirtualAppliance" `
-NextHopIpAddress $hubfw_inside_ip `
| Set-AzRouteTable
# Associate the route table to the VM subnet
Set-AzVirtualNetworkSubnetConfig `
-VirtualNetwork $SpokeVirtualNetwork `
-Name $spokevnetsubnetname `
-AddressPrefix $spokevnetsubnet `
-RouteTable $AzFirewallRouteTable | `
Set-AzVirtualNetwork
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment