Implement and Manage virtual networking Flashcards
Create and configure virtual networks
https://learn.microsoft.com/en-us/azure/virtual-network/manage-virtual-network
*When a VNet is created you can not modify the address ranges. If you want to change the VNet address range you have to remove the VNet and redeploy it.
Azure VPN’s
- Site to site(S2S) VPN connection:
-Provides a secure connection between you on prem network and azure virtual network
Use case: When you you need to extend your on prem network to azure network often used for hybrid setups.
- Requires a VPN device or router on premise.
- Point to site VPN:
- Allows individual clients to connect securely to the azure virtual network
Use case: Suitable for remote users who want to access to azure resources without requiring a VPN device.
- VNet to Vnet VPN:
- Enables connecting two Azure VNets together , allowing communication between azure resources in different VNets
Use case: Useful when you have resources distributed in different regions.
Express route
- Provides a dedicated private connection from your on prem data center to azure , bypassing the public internet.
- Use case: Organizations with high bandwidth and performance requirements
!!Know the difference between VNet to VNet and Peering!!
- VNet to VNet VPN:Description:
VNet-to-VNet VPN enables the connection of two Azure virtual networks in the same or different regions using a VPN connection.
This creates a secure tunnel between the VNets, allowing them to communicate with each other.
Communication: VNet-to-VNet VPN connections use the public internet for communication, but the traffic is encrypted to ensure security.
This approach is suitable for scenarios where the VNets are in different regions or when peering is not possible.
- Peering
- Network peering allows the connection of two Azure virtual networks within the same region.
When you peer two VNets, they become part of the same Azure region and can communicate with each other using private IP addresses.
Communication: Peered VNets can communicate with each other directly, as if they were part of the same network. The communication is routed through the Azure backbone network.
Create a configure virtual network peering
https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview
https://learn.microsoft.com/en-us/azure/virtual-network/create-peering-different-subscriptions?tabs=create-peering-portal
https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering?tabs=peering-portal
When peering two VNets together , peering connections are required in both directions other wise it will show Initiated.
- The peering status should show “connected”
This is the case when you want both Vnets to be able to communicate with each other.
*Network peering allows the connection of two Azure virtual networks within the same region.
*VNet peering can be configured with VNets in the same subscription , across subscriptions and across tenants
Configure public IP addresses
Public IP addresses allow Internet resources to communicate inbound to Azure resources. Public IP addresses enable Azure resources to communicate to Internet and public-facing Azure services.
Standard and basic SKU’s
Basic:
For IPV4 supports dynamic or static
IPV6 - Dynamic
Standard:
Static only
Configure user defined routes
https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview
A route table resource allows you to override the azure provided system routes that automatically route traffic into , and out of an azure virtual network.
A route table contains a next hop default route that azure uses when VM’s within a subnet try to reach resources beyond that subnet. The next available hops are:
1. Virtual appliance
2. Internet
3. Virtual network
4. Virtual network gateway
When you create a route table that such as “defines a next hop” it has to be binded to each subnet for it to be in effect
Troubleshoot network connectivity
Network watcher-
Network Hop - determines of traffic is being correctly routed and monitoring tools
Flow logs - maps ip traffic through a network security group
Connection troubleshoot -
Topology