Skill 4.1 Implement and Manage Virtual Networking Flashcards
What is VNet peering
Allows two seperate virtual networks to communicate diretly by using their IP addresses. They can either be in teh same Azure region or in seperate Azure regions.
What is Global VNet peering
Peering netween vnets in different regions
What does VNet traffic travel over
Microsoft Backbone infrastructure
Can VNets have non-overlapping IP address spaces
no
How many peering connections can exist on a VNet
500
What must be configured to allow connectivity between a second VNet with an external network
Use Remote Gateways – Settings must be enabled on the peering connection from VNET-B to VNET-A. This informs VNET_B of teh availability of the gateway in VNET-A.
Allow Gateway Transit – Optio must be enabled on teh peering connection form VNET-A TO VNET-B. This permits traffic from VNET-B to use VNET-A’s gateway to send traffic to he external network.
Where are private IP addresses configured
within the IP configurations of teh network interface
What is the first private IP address to be allocated
.4
What are uses for Static private IP addresses
Virtual machines that act as a domain controllers or DNS servers
Resources that require firewall rules using IP addresses
Resources accessed by other apps/resources through an IP address explicitly, rather then a domain name
What happens by default when you change a IP address to static
Azure will assign the previously assigned dynamic IP addresses
What is service chaining
Using a network virtual appliance as a hub through user-defined routes(UDR) to route inter-spoke traffic through the NVA.
Where can a peering connection accept traffic from by default
Traffic originating from the VNet to which it is connected
What does associating a public IP address with a network interface create
An internet facing endpoint, allowing your virtual machine to receive network traffic directly from the internet
What does associating an VM with a public IP require
The NIC must be updated to reference the public IP address
What are the tiers of public IP addresses
Basic – supports both static and dynamic allocation methods. Open by default for inbound traffic. Use NSGs to restrict inbound and outbound traffic. Not Zone redundant and doesn’t support availability zone. Does not support public IP prefixes.
Standard Tier – Supports static allocation only. Closed by default for inbound traffic. Use NSG’s to allow inbound traffic and restrict outbound traffic. Zone redundant by default and allows the use of availability zones and Public IP addresses
Describe dynamic allocation
Only resources in use get a IP address which is reallocated if they are stopped or deleted.
An actual IP address is only allocated to the public IP address resource when the resource is in use. If a virtual machine is stopped (deallocated) or deleted, the IP address assigned to the public IP address resource is released and returned to the pool of available IP addresses.
What must be specified when creating an IP prefix
prefix resource name,
subnet size,
Azure region where it will be located.
What are the ways to configure a DNS label for an Azure public IP address
By specifying the DNS name label property of the public IP address resource
By creating a DNS, A record in Azure DNS or a third-party DNS service hosting a DNS domain
By creating a DNS CNAME record in Azure DNS or third pary hosting
By creating an Alias record in Azure DNS
Describe SNAT
Source Network address Translation – Used for when traffic leaves a virtual machine via the private IP address and used SNAT to map the outbound traffic from the private IP address to the public IP address.
What are default system routes in Azure
Within the same subnet
From one subnet to another within VNet
VMs to the internet
A VNet to another VNet through a VPN gateway
A VNet to anotehr VNet trough VNet Peering
A VNet to your on-premises network through a VPN
A VNet to your on-premises network through a VPN gateway or ExpressRoute (Optional)
VirtualNetworkServiceEndpoint (Optional)
Describe user defined routes in Azure
Useful for when you want to send traffic through a virtual network appliance
What are the next hop types supported for UDRs(User Defined Routes)
Virtual Appliance – A VM running a network application such as a firewall
Virtual network gateway
Virtual Network Gateway – Used to route traffic with the virtual network
Internet – Used to route a specific IP address of prefix to the internet
None– Used to drop all traffic sent to a given IP address or prefix.
What happens if you apply a route table to a subnet if the route table contains a rule with a next hop address within that subnet.
It creates a routing loop
What has to be enabled for a VM to accept a network packet addressed to a different machine to be passed to the virtual client
IP forwarding
What are the route priorities
User-defined routes
System routes for traffic in a virtual network, accross a virtual network peering or to a virtual network endpoint
BGP routes
Other System routes
What are service endpoints
mechanism to integrate Azure PaaS services into your virtual network and access them through a Microsoft Azure backbone network instead of over the internet. Service endpoints precent the exposure of data and services to teh internet
What are private endpoints
They establish a connection between any of the supported Azure services and your virtual network. Provides a secure channel between a VNet and a service. The private endpoint gets a pirvate IP address from your VNet address space.
What is a DNS Zone
representation of a domain name in an authoritative DNS server. It contains the colleciton of DNS records for a given domain name
What is Azure’s service for purchasing domain names
App Service Domains service
Where do DNS settings on a user’s device point to
A recursive DNS server, also sometimes known as local DNS service (or LDNS) or simply a DNS resolver. Recursive DNS service is typically hosted by your company or by your ISP
What do NS records do
Tell clients on the internet where to find the name and servers for a given DNS zone. NS records are also configured in the parent zone, and a copy of the records is also present in the child zone
What DNS services are available in Azure
Azure DNS
Azure Traffic Manager
App Service Domain
Azure Provided DNS
Recursive DNS
Reverse DNS
Describe Azure DNS
Allows you to host your DNS domains in Azure. Provides the ability to create and manage DNS records for your domain and provides the name servers, which answer DNS queries for your domain from other users on the internet
Azure Traffic manager
An intelligent DNS service that uses DNS to implement global traffic management. Where Azure DNS always provides the same DNS response to a given DNS query, in Azure Traffic manager the same query may result in one of several responses
App Service Domains
Allows purchasing of domain names, which can then be hosted in Azure DNS. This service is integrated with Azure App Service but can be used for any domain registration eve if App Service is not being used.
Azure-provided DNS
Sometimes called Internal DNS, it allows the VMs in your virtual network to find each other, using DNS queries based on the hostname of each VM. The DNS queries are internal (Private) to the virtual network.
Recursive DNS
A service provided by Azure for DNS name resolution from your Azure VMs or other Azure services. You can also configure your VMs to use your own DNS server instead. This is sometimes informally called bring your own DNS. This is common when joining your VMs to a domain controller.
Reverse DNS
Provides the ability to configure the reverse DNS lookup for an Azure-assigned public IP address.
How does Azure Treat DNS Zones
As a resoure in Azure DNS. Creating a DNS zone resource allocates authoritative DNS name servers to hsot the DNS records for that zone.
What is a glue record
A DNS server record that is not authoritative for the zone and is used to avoid a condition of impossible dependencies for the DNS zone.
how does Azure DNS treat child zones
As entirely seperate zones.
What is a record set
A collection of records with the same name and the same type.They are a child resource of the DNS zone and can contain up to 20 individual records
What is a CAA record
Used to specify which certificate authorities can issue certificates for a domain. Must be configured using CLI or Powershell
What are SPF DNS records
SPF records are used to identify legitimate mail servers for a domain and help prevent spam
When creating a DNS zone what does the location field specify
the resource group location
What is needed to set up a DNS delegation Zone
name servers must be listed in teh corresponding NS records in the parent zone.
What is a VNET
A Azure Virtual Network that provides the foundation of the Azure networking infrastructure
What IP addresses do you always lose with Azure networks
.0 – Network Address
.1 = Azure Gateway
.2 & .3 = DNS
.255 = Broadcast
Because of this you have can’t have a network that is smaller then a /29
What is the most important setting when configuring a VNET
the IP range or ranges that the vnet will use
