Virtual Networks Flashcards
Creating a cloud only Virtual Network
1) using the Azure management portal, Azure PowerShell, and xplat-cli.
2) create multiple subnets to improve performance
CIDR
1) Classless Inter-Domain Routing (CIDR) notation
2) Shorthand representation of subnet mask
3) 10.0.0.0 / 8(number of bits) -> subnet of 255.0.0.0
4) Address from 10.0.0.0 to 10.255.255.255
IP addresses
1) a public-facing virtual IP (VIP) address
2) an internal dynamic IP (DIP)
VIP
1) comes from a pool of IP addresses managed by Microsoft
2) It is not assigned directly to the VM. Instead, it’s assigned to the Cloud Service that contains the VM
Reserve VIP
1) upto 20 VIPs can be reserved
2) to assign static IPs to your VM
Internal Dynamic IP
The DIP address is a dynamic IP address associated with your VM. A DIP is assigned by DHCP with a near-infinite lease. So, it remains stable as long as you don’t stop or deallocate the machine
static IP address
1) If your VM resides in a virtual network, you can assign a static IP address to it
2) when you set up a domain controller or a Domain Name System (DNS) server on your virtual network, you’ll need to assign static IPs to these machines because both services require static IP addresses.
Instance-Level Public IP (PIP) Address
A PIP, on the other hand, is directly assigned to a VM. PIP is appropriate for workloads that need a large number of ports to be opened, such as passive FTP.
Name resolution and DNS servers
1) VMs on the same network can address one another by DIP addresses.
2) Azure provides a built-in hostname resolution for VMs and role instances within the same cloud service
3) for VMs across multiple cloud services, you’ll need to set up your own DNS server.
Host Names and FQDN
1) you can define the VM host name by using the vmName property in the service configuration file.
2) In this case, Azure will append an instance number to the name to distinguish different role instances
3) DNS name is assigned to the machine with the format [machine name].cloudapp.net
VM End points
1) VIP public ports
2) goes to load balancer
3) load balancer forwards to DIP:private port
Network ACLs
ACL provides the ability to selectively permit or deny traffic to a VM endpoint. An ACL comprises an ordered list of rules that either permit or deny traffic to the endpoint. Packets are filtered on the hosting server before they can reach your VM
NSG
IP ranges are represented by named tags. There are three default tags: 1) VIRTUAL_NETWORK 2) AZURE_LOADBALANCER 3) INTERNET Blocked by default
NSG
1) ACLs are applied to traffic to a specific VM endpoint, whereas NSGs are applied to all traffic that is inbound and outbound on the VM.
2) ACLs are associated to a VM endpoint, whereas NSGs are associated to a VM, or a subnet within a virtual network.
3) You cannot use both ACL and NSG on the same VM instance. You must first remove all endpoint ACLs before you can associate an NSG.
