Issue
The documentation for adding an address space for a peered network mentions that virtual networks support syncing of the peering without having to remove and recreate the peering. Great!
Quote
This article has not yet been updated to reflect Azure networking’s support for peering resync. Azure virtual networks support adding and removing address space without the need to remove and restablish peerings; instead each remote peering needs a sync operation performed after the network space has changed. The sync can be performed using the
Sync-AzVirtualNetworkPeering PowerShell command or from the Azure Portal.
However, when attempting to add an address space you (at the time of writing) will experience an error.
Failed to save virtual network changes.
Failed to save changes to virtual network “vnet-test-peering”. Error: Address space of the virtual network vnet-test-peering cannot change when virtual network has peerings.
The issue is that the documentation is not only out of date but apparently incorrect. The feature that allows for the address space to be added and synced remains in preview. Ugh.
Solution
For this post, we will add an address space to the spoke of an already peered hub and spoke virtual network. We are assuming the virtual networks are in the same resource group.
Steps:
- Register the feature.
- Add the address range.
- Sync the peering for the address space to become available.
Note, this is fairly trivial in the portal. I just like PowerShell
Register the Feature
First of all register the feature.
1
2
|
# Register Azure Provider Feature: AllowUpdateAddressSpaceInPeeredVnets
Register-AzProviderFeature -ProviderNamespace Microsoft.Network -FeatureName AllowUpdateAddressSpaceInPeeredVnets
|
Add the Address Space
Add the address space.
1
2
3
4
5
6
7
8
9
10
11
12
13
|
# Definitions: ################################################################
$ResourceGroupName = "rg-vnet"
$AddressSpace = "192.168.0.0/22"
$SpokeName = "vnet-spoke-01"
$HubName = "vnet-hub-01"
# Virtual Networks: ###########################################################
$Spoke = Get-AzVirtualNetwork -Name $SpokeName -ResourceGroupName $ResourceGroupName
$Hub = Get-AzVirtualNetwork -Name $HubName -ResourceGroupName $ResourceGroupName
# Add Address Range to Spoke: #################################################
$Spoke.AddressSpace.AddressPrefixes.Add($AddressSpace)
Set-AzVirtualNetwork -VirtualNetwork $Spoke
|
Sync the Changes for each Peering
Synchronise the changes for each virtual network within the peering.
Note
There is no packet loss during the configuration update and the networks will continue to function.
1
2
3
|
# Synchronise Virtual Network Peering: ########################################
Sync-AzVirtualNetworkPeering -Name "spoke-to-hub" -VirtualNetworkName $SpokeName -ResourceGroupName $ResourceGroupName
Sync-AzVirtualNetworkPeering -Name "hub-to-spoke" -VirtualNetworkName $HubName -ResourceGroupName $ResourceGroupName
|
Check Status
You can verify the status with the following:
1
2
3
|
# Verify Status: ##############################################################
Get-AzVirtualNetworkPeering -VirtualNetworkName $SpokeName -ResourceGroup $ResourceGroupName -Name "spoke-to-hub" | Select-Object PeeringSyncLevel
Get-AzVirtualNetworkPeering -VirtualNetworkName $HubName -ResourceGroup $ResourceGroupName -Name "hub-to-spoke" | Select-Object PeeringSyncLevel
|
Summary
Done!
The result should say “Connected”. In testing it took several to 30 seconds for the peered networks to update and the new address space to be available.
I should note that adding a preview feature should be considered with caution. I have written this post to advise of the anomaly within the documentation, and to show how the address space can be added without issue and without an outage; however, ensure you consider the implications before proceeding within a production environment. As always, test before implementing.
The initial feature release is found here. It also describes performing the synchronisation through the portal for those uncomfortable with the shell.
Hope this helps!
Blog