Virtual Networks Flashcards
I want to enable two vNETS to talk to each other but not have the traffic leave the Microsoft network, what options do I have?
Network peering will create a logical connection between two vNETS and traffic is only over the Microsoft network.
When using Network Peering can I you have two vNETS with same peering?
No, IP CIDR ranges have to have non over lapping network
When using Network Peering can you have transit networking?
No
I have vNETs in separate regions, I am concerns that vNET peering is not able to be used to connect these vNETs, what options have i here?
You can use vNET petering across regions.
I have vNETs in separate subscriptions, I am concerns that vNET peering is not able to be used to connect these vNETs, what options have i here?
You can use vNET peering across subscriptions.
Is transitive routing supported when using vNET peering?
No
What is a network security group?
You can add then to a ENI and they enable you to filter network traffic at L4 using a one or more rules. You can block network traffic in or out of the network.
What default rules do you get?
- Allow vNET inbound
- Allow load balancer
- Deny all
I currently have my network security group assigned to a VM and all outbound traffic is blocked, I want to only allow traffic to Azure storage, how can I do this?
Use NSG Service Tag, the NSG service tag can be like, internet, storage, etc.
With NSG’s outbound traffic you have the ability to select a service such as storage service to be allowed.
What is an NSG service tag?
An NSG Service Tag can used as destination when creating outbound rule, this enable you to selects Azure service like storage, load balancer, etc.
What is an application security group?
You add your NIC’s for your VM’s to the application security group and then in NSG you can in the outbound select an application security group the NSG riles will apply to. Or you can select the app security group as a source in the input rules.
What is traversing the network in vNET peering and can I do it?
This means you have say 3 vNETS peered and you try travers form one network through another, this is not possible in Azure Peering.
When using vNET peering is your traffic going over the internet?
No, only on Azure private network.
Is vNET peering highly available?
Yes, Azure uses multiple redundant paths.
When using vNNET peering, is latency high?
No, there is low latency, comparable with native Azure networking.
Can you have vNET peering across regions?
Yes, 100%, you can have vNET peering across regions, known as Global peering.
Can you have vNET peering across subscriptions?
Yes, 100%, you even get the option to select subscription when you are configuring the vNET peering.
Can you have vNET peering across Tenants?
Yes, 100%
What is a Virtual interface?
The virtual interface is used to attach to a VM and is allocated a private IP and optional public IP, these can be dynamic, meaning they can change or static, each NIC can have more then a single ip allocated.
Can a virtual network interface have more than a single IP?
Yes
Can I attach more then a single interface to a VM?
Yes, but depending on VM size will determine now many interfaces you can have.
I am using Basic network SKU, I want to use zones, is this possible?
No, only with standard SKU.
What security option has a virtual network?
- DDOS
- Firewall
Where is the network security group attached?
Its attached to the virtual network interface or to the entire subnet
