Azure Networking

Question 1

How does an Azure Organization structure looks like?

Answer 1

1. AD Tenant - the company itself.
2. Subscription - similar to AWS accounts.
3. Resource group - container of resources(i.e VM, storage).
   Subdividing AD Tenant and subscription per application eases the billing process.

Question 2

True or False: Subnets in Azure is public by default?

Answer 2

False. Subnets in Azure is private by default.

Question 3

True or False: In Azure, AZs exists in every region?

Answer 3

False.

Question 4

What are the types of Virtual Network Gateways?

Answer 4

• VPN Gateway - Site to Site VPN
• Express Route Gateway - leased line
• Local Network Gateway - customer owned

Question 5

What are the Transit Solutions in Azure?

Answer 5

1. Via Express Route Gateway
2. Via NVA(Network Virtual Appliance)
3. VNET Peering

Question 6

What are the limitations of using ER GW as a transit?

Answer 6

• Noisy neighbor issues
• Bandwidth limitation in the ER Gateway
• Default any to any for all spokes(Blackhole of routes may be needed to control/filter traffic)
  How it works is it leverages the ER GW by advertising a default or summary routes to the VNETs.

Question 7

What are the limitations of NVA?

Answer 7

• SNAT is required. How ever this has a limitation as the user has no visibility to the source IP.
• BW limited to the NVA
• UDR management.

Spoke VNETs has a UDR pointing to Azure LB.

Question 8

What are the limitations of VNET peering?

Answer 8

• By default, VNET is non-transitive. Meaning chaining of VNETs is not possible. Therefore, full mesh is required or 1-N Mapping.
• Vnet peering data charges for ingress and egress in both directions
• Vnet peering needs to be broken to add CIDR/Subnets to a Vnet

Question 9

What are the limitations of Azure Virtual WAN?

Answer 9

Microsoft manages the Hub.

• Users has no route control.
• 200 BGP routes limit.
• No 3rd party support
• All or nothing when it comes to feature set.
• Only Azure firewall is supported.