Azure Networking
- Azure Gives internet connectivity to all the subnets by default
- In the Azure VMs we use NAT Gateway to prevent SNAT exhaustion.
- IN the Azure VMs without public ip to check the internet connectivity, try not to use ping, as in NAT ICMP is disabled, rather use curl/wget/apt etc to verify the connectivity.
- In Azure by default there is no concept of private or public subnets as in other cloud. If you want to make any subnet private, we have following options
- Restrict at NSG
- Create a custom Route table and override the rule of internet access.
Multi Networks
- Generally in enterprise case we will not be working with one vnet.
- Consider the following scenario
- Now create a resource group and create two vnets in different regions with above mentioned address spaces
- ntier-primary:
- region: east us
- address space: 10.0.0.0/16
- subnets:
- web: 10.0.0.0/24
- app: 10.0.1.0/24
- db: 10.0.2.0/24
- ntier-secondary:
- region: west us
- address space: 10.1.0.0/16
- subnets:
- web: 10.1.0.0/24
- app: 10.1.1.0/24
- db: 10.1.2.0/24
- ntier-primary:
- Now create one vm with public ip in web subnet on ntier-primary
- Now create one more vm with public ip in web subnet on ntier-secondary
- If we want to establish communication between two vnets in azure, we cannot directly communicate using private ips, by default we have to use public ip which is not a good idea as it uses internet.
- Azure has a global back network connecting every azure region to other region designed for this purpose.
- Generally if we want to communicate between two private networks using private ips we use Virtual Private Networks (VPN). This is referred as site-to-site vpn.
- If we want to communicate between two vnets in azure with non-colliding address spaces, we can use Virtual Network peering
- Lets create a vnet peering connection between ntier-primary and ntier-secondary
- After peering
