Intro to Azure Virtual Networks Flashcards
Dynamic Public IP Address
an assigned address that can change over the lifespan of the Azure resource. The dynamic IP address is allocated when you create or start a VM. The IP address is released when you stop or delete the VM. In each Azure region, public IP addresses are assigned from a unique pool of addresses. The default allocation method is dynamic.
Static Public IP Address
an assigned address that won’t change over the lifespan of the Azure resource. To ensure that the IP address for the resource remains the same, set the allocation method explicitly to static. In this case, an IP address is assigned immediately. It’s released only when you delete the resource or change the IP allocation method to dynamic.
Public IP Address Basic SKU
Allocation Method: For IPv4: Dynamic or Static; For IPv6: Dynamic.
Idle Timeout: Have an adjustable inbound originated flow idle timeout of 4-30 minutes, with a default of 4 minutes, and fixed outbound originated flow idle timeout of 4 minutes.
Security: Open by default. Network security groups are recommended but optional for restricting inbound or outbound traffic
Availability Zones: Not Supported
Routing Preference: Not Supported
Global Tier: Not Supported
Public IP Address Standard SKU
Allocation Method: Static
Idle Timeout: Have an adjustable inbound originated flow idle timeout of 4-30 minutes, with a default of 4 minutes, and fixed outbound originated flow idle timeout of 4 minutes.
Security: Secure by default model and be closed to inbound traffic when used as a frontend. Allow traffic with network security group (NSG) is required (for example, on the NIC of a virtual machine with a Standard SKU Public IP attached).
Availability Zones: Supported. Standard IPs can be non-zonal, zonal, or zone-redundant. Zone redundant IPs can only be created in regions where 3 availability zones are live. IPs created before zones are live won’t be zone redundant.
Routing Preference: Supported to enable more granular control of how traffic is routed between Azure and the Internet.
Global Tier: Supported via cross-region load balancers.
Vnet Address Ranges
10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
Vnet Addresses not Allowed
224.0.0.0/4 (Multicast)
255.255.255.255/32 (Broadcast)
127.0.0.0/8 (Loopback)
169.254.0.0/16 (Link-local)
168.63.129.16/32 (Internal DNS)
Public DNS services
resolve names and IP addresses for resources and services accessible over the internet such as web servers.
Private DNS services
resolve names and IP addresses for resources and services
Azure provided DNS
an internal DNS zone that always exists, supports automatic registration, requires no manual record creation, and is created when the VNet is created. And it’s a free service.
Limitations of Internal DNS
Can’t resolve across different VNets.
Registers resource names, not guest OS names.
Does not allow manual record creation.
Private DNS zones
available to internal resources only. They are global in scope, so you can access them from any region, any subscription, any VNet, and any tenant. If you have permission to read the zone, you can use it for name resolution.
Two ways to link VNets to a private zone
Registration: Each VNet can link to one private DNS zone for registration. However, up to 100 VNets can link to the same private DNS zone for registration.
Resolution: There may be many other private DNS zones for different namespaces. You can link a VNet to each of those zones for name resolution. Each VNet can link to up to 1000 private DNS Zones for name resolution.
DNS Forwarding
Forwarding - specifies another DNS server (SOA for a zone) to resolve the query if the initial server cannot.
Conditional forwarding - specifies a DNS server for a named zone, so that all queries for that zone are routed to the specified DNS server.
Regional VNet peering
connects Azure virtual networks in the same region.
Global VNet peering
connects Azure virtual networks in different regions. When creating a global peering, the peered virtual networks can exist in any Azure public cloud region or China cloud regions, but not in Government cloud regions. You can only peer virtual networks in the same region in Azure Government cloud regions.
