Module 2ba - Exploring Azure Core Products - Networking, AVNs Flashcards
What are Azure Virtual Networks (AVNs)? What do they enable resources to do?
A set of Resources that links other Azure Resources, enabling them to communicate with each other, with users on the Internet and with on-prem client computers
Hint: V U
How do you connect one Azure Virtual Network to another one? Why is this significant?
You connect them through VN Peering (VNP) and User-Defined Routing (UDR)
Why the significance?
ISOLATION - Because two AVNs are by default isolated from one another. Resources assigned to one AVN cannot communicate with Resources in another AVN
What two options do you have for AVN DDos Protection? Which one is a Premium Service?
Basic DDos Protection and Standard DDos Protection (Premium Service)
*Know the cost vs benefit of selecting one
What are two (2) means by which AVNs can communicate with the public Internet?
AVNs can connect to the public internet by default. You just need to enable a public IP Address OR a public Load Balancer (these are both Resources you can provision for the AVN).
AVNs - Define the concept of Isolation
Isolation: AVNs allow you to create multiple isolated virtual networks, defined by a private IP Address Space that uses public or private IP Address Ranges
AVNs - How do you handle Name Resolution?
Use the built-in Name Resolution Service for name resolution, or configure the VN to use an internal or external DNS
Hhint: four (4) ways
How do you manage AVNs?
AVNs can be managed through
- Azure Portal
- Azure CLI
- Secure Shell
- Remote Desktop Protocol (good ol’ fashioned RPD lolol)
How do you modify an AVN after creation?
Azure Portal and Azure CLI
- Add PEERINGS (link to another AVN)
- Add additional Address Spaces
- Connect machines
- Add additional SubNets
AVN Names must be unique globally (T/F)?
False. They need to be unique within your SUBSCRIPTION, but NOT GLOBALLY
Hint: 3 ways to do it
How do AVNs communicate with On-Prem resource/end points?
- Point-To-Site
- Site-to-Site VPN
- Azure ExpressRoute
Hint: 3 ways to do it
How do you enable integration and communication between the Resources in an AVN?
Deploy Resources to the SAME AVNs - AVNs can connect to/add virtually all other Service types; Power Apps Service Environment, AK8s, VM Scale Sets, etc that are deployed to themselves
Setup Private Link - private access to specific Resources from Virtual Network or One-Prem Network
Service Endpoints - Endpoints can be used to connect to other Resource types like SQL DBs or Storage Accounts. You can link multiple Azure resources to AVNs to provide improved security and optimized routing between resources (AVNs isolate those resources to the single network)
AVNs - define the concept of Segmentation
Segmentation: You can divvy up the IP Address space into SubNets (via CIDR) and allocate part of the defined space to each named SubNet
Hint: 2 ways to do it
How can AVNs filter network traffic?
You can filter traffic between SubNets using two approaches:
Network Security Groups - A Resource where you can add inbound and outbound security rules for ingress/egress traffic
Network Virtual Appliances - An NVA is a specialized VM that carries out a specific network function like running a firewall or performing WAN optimization
What is the default behavior for routing network traffic, and what are the two ways to override it?
By default, Azure routes traffic between subnets on any connected virtual networks, on-prem networks, and the internet.
To override:
Route Tables - Define rules about how traffic gets directed and rerouted
Border Gateway Protocol (BGP) - Propagates On-Prem BGP routes to AVNs, works with Azure VPN Gateways or ExpressRoutes
General Knowledge: What is CIDR Notation?
Classless Inter-Domain Routing. Defines the range of IP Addresses available for your AVN. Azure provides the initial IP Address, you’ll need to partition it.
CIDR Address Spaces need to be unique within your Subscription and with any network you connect to (T/F)
True
What is an Azure ExpressRoute connection between AVNs and an On-Prem network?
Azure ExpressRoute - Provides dedicated connectivity to Azure that doesn’t go over the public Internet, providing greater bandwidth and higher levels of security.
More on this in a different deck…
What is a Point-To-Site connection between AVNs and an On-Prem network?
Point-To-Site - VPN-type typical approach, where an external PC (like my work laptop) VPNs into the corporate network via encrypted connection. For AVNs, you’d initiate a VPN connection to it. Requires an approved device (like my laptop or a phone or tablet, etc.)
Hint: Who are these connections intended for?
What is a Site-to-Site VPN connection used for? What three (3) things should you know about them?
Site-to-Site VPN - Used to link your On-Prem VPN device or gateway to the Azure VPN gateway in an AVN.
- Connections are encrypted
- Work over the Internet
- Not intended for public use, more specifically for Admins who need access to Azure resources
What are the rules for valid SubNet names? Which of the following are valid/invalid?
- 234FFF
- FFF234
- 234FFF_
- 234-FFF
- D34_FFF-234
- 234-FFF@234
- D34.FFF.
- D34FFF$
- -234_FFF
- _234+FFF
- $234DDD
Rules are:
- Begins - alphanumeric only
- Ends - alphanumeric or _
- Contains - alphanumeric or - _ .
234-FFF@234 - contains special char
D34.FFF. - ends with period
D34FFF$ - ends with special char
-234_FFF - begins with hyphen
_234+FFF - begins with underscore
$234DDD - begins with special char
Only the first 5. The rest are invalid.
What is User-Defined Routing and what two (2) entities can it control routing for?
UDR (user-defined routing) - Allows network admins to control routing tables between SubNets within a virtual network as well as BETWEEN virtual networks.
What is Virtual Network Peering? Where does all the traffic flow?
VN Peering - Allows contact between AVNs in different Regions. All traffic flows privately through Microsoft’s Backbone Network
