How to visualize all your Virtual Network Peering cross-subscriptions and cross-regions in Azure?

*Zero Dollar Solution for a Single Tenant

Audience: Azure Cloud Network Architects

If you are conducting an Azure Cloud Network and Infrastructure review and having to review hundreds of subscriptions and VNETs for each Azure Tenant, you need to have tools and hacks to speed up the discovery phase otherwise you will turn to a machine learning big data ingestion robot.

The following is a three-step solution to build a single view of all VNET Peering within a single Azure Tenant, cross subscription and cross regions.

What's the value?

Having a single view of all VNET Peering will give you the following answers:

1. What is your Azure Virtual Network Connectivity Pattern? Hub and Spoke? Landing Zone Shared Network Hub?

2. How many Azure subscriptions are isolated from the network?

3. What is your Azure Virtual Network Connectivity Pattern for your non-production environments?

Solution

The solution doesn't require you to purchase and install a CSPM, digest terabytes of logs and build dashboards. This is a 10 minutes solution with zero dollar cost to unearth an entire Azure Tenant Network connectivity.

Azure Resource Graph Explorer

Resource Graph Explorer is a great tool to discover quickly deployed resources within your tenant. No need to spend your time shipping logs and running big data reports. Azure Resource Graph Explorer will

"Azure Resource Graph is an Azure service designed to extend Azure Resource Management by providing efficient and performant resource exploration with the ability to query at scale across a given set of subscriptions so that you can effectively govern your environment." - Source Microsoft Overview of Azure Resource Graph - Azure Resource Graph | Microsoft Docs

Data

Run this query inside Azure Resource Graph Explorer

resources | where type == "microsoft.network/virtualnetworks" | extend target = tostring (split (properties.virtualNetworkPeerings[0].properties.remoteVirtualNetwork. ['id'], "/")[-1]) | extend source = tostring (name) | project source, target

Hack: usually Azure Graph Explorer will use a long name for remote virtual network target, thus the slash parameter only captures the value of the VNET name rather than the full VNET subscription name. This is important for the node chart to work. The source column used the "(name)" field and therefore, the target column should use the name and not the full path for the node chart to properly recognize the relationship.

Output

A CSV File with two columns. 1) Source VNET is your "spoke" and 2) Target VNET is your "Hub".

Note: Sometimes, Spoke VNET is connected to another Spoke VNET. you will have to review the result with the team to get further explanation.

Visualization

Tip: Use any online visualization tool that can display a "node chart diagram" see Make interactive network visualizations without coding | Flourish | Data Visualization & Storytelling.

For this example, I used PowerBI free Desktop version see this blog for more details on how to connect your CSV file to PowerBI for visualization.

Create a Network Graph in Power BI | by Ednalyn C. De Dios | Towards Data Science

The final Result

An interactive animated view of all your network peering topology. This visualization allows you to select a node and get its name for further analysis.

Hope this was helpful.

Enjoy :)