Network 2 Flashcards
What IP address ranges must be used for a VNet according to RFC 1918?
10.0.0.0-10.255.255.255 (10.0.0.0/8), 172.16.0.0-172.31.255.255 (172.16.0.0/12), 192.168.0.0-192.168.255.255 (192.168.0.0/16).
What happens if public IP ranges are used in a VNet?
The addresses within your VNet will take priority, preventing VMs from accessing the corresponding Internet addresses.
Which IP ranges are reserved by the Azure platform and cannot be used in a VNet?
169.254.0.0/16 (Link-local), 168.63.129.16/32 (Azure-provided DNS).
What is the requirement for the name of a subnet within a VNet?
The subnet name must be unique within the VNet and cannot be changed after creation.
Why does Azure reserve a couple of IP addresses from each subnet?
For network identification and broadcast.
What properties must be defined for a virtual network (VNet)?
Name, Location, Address Space, DNS settings, Subnets, Peerings.
Can VNets be peered across different subscriptions and Azure AD tenants?
Yes, VNets can be peered across different subscriptions and Azure AD tenants.
What is Global VNet peering?
Peering between VNets in different Azure regions, allowing traffic to travel over the Microsoft backbone infrastructure.
What is a limitation of Global VNet peering with the Load Balancer’s Basic tier?
Global peering cannot be used to access the front-end IP of a basic internal Azure load-balancer in the remote VNet.
What is a hub-and-spoke network topology?
A design where shared resources are deployed in a hub VNet, accessed by multiple applications in separate spoke VNets.
How can you enable spoke-to-spoke communication without additional VNet peerings?
By deploying a network virtual appliance (NVA) in the hub and configuring user-defined routes (UDRs) to route traffic.
What must be enabled to share a virtual network gateway between peered VNets?
Allow Gateway Transit on the peering connection from the VNet with the gateway.
What are the two pricing tiers for Public IP addresses in Azure?
Basic and Standard.
What is the key difference between Basic and Standard Public IP addresses?
Standard tier supports zone-redundant deployment, Basic tier does not.
What are the different DNS-related services and features in Azure?
Azure DNS, Azure Traffic Manager, App service domains, Azure-provided DNS, Recursive DNS, Reverse DNS.
What does Azure Traffic Manager do?
Uses DNS to implement global traffic management, directing traffic based on factors such as endpoint availability and user location.
What is the purpose of a network security group (NSG)?
To control inbound and outbound traffic flows to Azure resources.
What is a service tag in Azure?
A platform-defined shortcut mapping to the IP ranges of various Azure services, used in NSG rules.
What does Performance Monitor in Network Performance Monitor (NPM) do?
Monitors packet loss and latency between endpoints in Azure and on-premises.
What is required to configure Performance Monitor in NPM?
A VM or server running the Log Analytics agent at both ends of each monitored connection.
What does Service Connectivity Monitor in NPM do?
Tests outbound connectivity from your network to open a TCP port, such as a website or application.
What is the purpose of a gateway subnet in a VNet?
To deploy VPN gateways; it is a dedicated subnet used only for virtual network gateways.
What is the recommended size for a gateway subnet?
A CIDR /27 address block to allow for future expansion.
Can a VPN gateway be resized between different SKUs?
Yes, but only between VpnGw1, VpnGw2, and VpnGw3 tiers. Not for Basic tier.
What is Border Gateway Protocol (BGP) used for in Azure VPN gateways?
To exchange routing information between networks automatically, enabling high availability and transit routing.
What is the default deployment configuration for a VPN gateway in Azure?
Active-standby, with two VMs for redundancy.