Azure Classroomnotes 27/Mar/2022

Azure Networking

  • Azure Gives internet connectivity to all the subnets by default
  • In the Azure VMs we use NAT Gateway to prevent SNAT exhaustion.
  • IN the Azure VMs without public ip to check the internet connectivity, try not to use ping, as in NAT ICMP is disabled, rather use curl/wget/apt etc to verify the connectivity.
  • In Azure by default there is no concept of private or public subnets as in other cloud. If you want to make any subnet private, we have following options
    • Restrict at NSG
    • Create a custom Route table and override the rule of internet access.

Multi Networks

  • Generally in enterprise case we will not be working with one vnet.
  • Consider the following scenario
    Preview
  • Now create a resource group and create two vnets in different regions with above mentioned address spaces
    • ntier-primary:
      • region: east us
      • address space: 10.0.0.0/16
      • subnets:
        • web: 10.0.0.0/24
        • app: 10.0.1.0/24
        • db: 10.0.2.0/24
    • ntier-secondary:
      • region: west us
      • address space: 10.1.0.0/16
      • subnets:
        • web: 10.1.0.0/24
        • app: 10.1.1.0/24
        • db: 10.1.2.0/24
  • Now create one vm with public ip in web subnet on ntier-primary
  • Now create one more vm with public ip in web subnet on ntier-secondary
    Preview
  • If we want to establish communication between two vnets in azure, we cannot directly communicate using private ips, by default we have to use public ip which is not a good idea as it uses internet.
  • Azure has a global back network connecting every azure region to other region designed for this purpose.
  • Generally if we want to communicate between two private networks using private ips we use Virtual Private Networks (VPN). This is referred as site-to-site vpn.
  • If we want to communicate between two vnets in azure with non-colliding address spaces, we can use Virtual Network peering
  • Lets create a vnet peering connection between ntier-primary and ntier-secondary
    Preview
    Preview
    Preview
    Preview
    Preview
  • After peering
    Preview

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About continuous learner

devops & cloud enthusiastic learner