Virtual Networks Flashcards
What is the relationship between virtual networks region and resource regions?
They must necessarily match, a vnet can’t host machines from another region.
What is CIDR notation!?
It is a way to limit the number of available up address of a virtual network or subnet. An ip consists of 4 parts delimited by a dot. Each one is called an octet referencing the 8 binary bits in a byte.
CIDR notation is an up followed by a forward slash and a number from 1 to 32. The number following the forward slash is a mask or in other words locks a certain number of binary bits from being changed. This has the effect of limiting the range of up values that can be used.
10.0.1.255/32 32 fully locks all the bits meaning that 10.0.1.255 is the only allowed up in this range.
192.0.2.0/24 is an IPv4 CIDR address where the first 24 bits, or 192.0.2, is locked meaning that the last cores can be any value from 0 to 255 giving the user 255 ip addresses to use.
What’s the cost of virtual networks?
Virtual Network in Azure is free of charge. Every subscription can create up to 50 Virtual Networks across all regions. VNET Peering links two virtual networks – either in the same region, or in different regions - and enables you to route traffic between them using private IP addresses (carry a nominal charge).
What is a NIC network security group ?
A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. For each rule, you can specify source and destination, port, and protocol.
How to add a resource to a vnet?
Normally there is an option during creation which vnet to deploy to and in the event that you don’t want to deploy to an existing vnet, usually azure will offer to create one as part of the deployment.
What are the restrictions on creating subnets in a vnet?
The subnets must all exist within the up range defined by the vnet cidr range.
The subnets must not have any overlapping IPs.
Changing the subnet range of IPs will only work if there are no resources on the subnet whose IPs will be displaced after the up range change.
How to set a code range of up ip 10.0.1.X for the 64 IPs starting at the last octet being 64?
10.0.1.64/26
This includes all ops from ( and including) 10.0.1.64 to ( and including) 10.0.1.127
Are public ip address free?
No. At the time of writing it’s around $0.004 per hour, which is around 10c per day.
What’s the difference between a basic and a standard public ip address? What other options are there?
Basic Public IPs do not support Availability zones. Standard SKU: A Standard SKU public IP can be associated to a virtual machine or a load balancer front end. If you’re creating a public IP address in a region that supports availability zones, the Availability zone setting is set to Zone-redundant by default.
You can also have a dynamic or static ip (dynamic is fine if you’re using a dns service to map your domain to your ip and if its automatically updated as ip address changes)
What is a network security attached to?
A network interface card
What is a network interface card attached to in teens of vm resources?
To a virtual machine
How to edit the inbound and outbound security group rules from the azure portal?
From the network security group resource ui.
What the default port for tcp traffic?
TCP operates over a wide range of ports. For example rdp is forced to use port 3389 but it uses tcp protocol.
What port does Remote Desktop need to be open to communicate with a vm?
3389
What is a user defined route?
When you create subnets, Azure creates system routes that enable all resources in a subnet to communicate with each other. You can override the system routes by creating UDRs. This way, you can force traffic to follow a particular route.
What is the purpose of a firewall?
To filter/control traffic crossing a network threshold.
What is the connection between user defined routes and network tables?
Route tables contain default routes and optionally you can add user defined routes. Networks have a set of default traffic rules which demand how to direct network traffic within the network.
A route table can be modified to change the rules which govern how network traffic is managed.
You midgut want to do this to redirect inbound and outbound traffic through a network firewall in order to control the websites employees can access.
How to create a route table?
From the azure ui, choose route tables then click create.
Associate the route table to the target vnet and subnet.
Add the rules you want.
Route tables exist independently and can be associated to multiple vnets.
What does the route table option ‘propagate gateway routes’ do?
It includes the network routes implicit from other resources like vpn to vpn peering or a network gateway.
What is the ip address which represents any ip from anywhere?
0.0.0.0/0
What are the parameters used to configure one route of a route table?
- name
- destination ip/cidr
- next hop type ( what is the traffic being directed to)
- next hop address ( destination ip)
What does NAT stand for?
Network address translation
What is the difference between Nat , network and application rules in azure firewalls ( not in azure-104)?
The three types of rules can be broken down into two sets:
NAT: This is a routing rule, directing traffic from a public IP address to a private IP address. A hidden network rule is automatically created to allow the traffic.
Network Rules and Application Rules: These rules specify what traffic is allowed through the Azure Firewall.
So when a packet is being inspected to determine if it is allowed or not (not is the default) then only Network Rules and Application Rules are used for filtering. Only application rules can filter using domain names.
What is port 53 for?
The standard port for DNS is port 53. DNS client applications use the DNS protocol to query and request information from DNS servers, and the server returns the results to the client using the same port. Port 53 is used for both TCP and UDP communication.