Azure Classroomnotes 03/Aug/2022

Azure Networking Contd…

  • A virtual network address spaces can be extended i.e.
    • we created a virtual network with address space
    • If we need more ips in the same network any time after creation you can add new cidr range and assign this to subnets. lets add
  • Subnets address space can be edited but the interfaces (nic) which are already in use will still be part of the same subnet.
  • Any subnet we create in Azure would reserve 5 ip addresses
    • x.x.x.0 => Network id (Any network)
    • x.x.x.1 => Default gateway (Azure)
    • x.x.x.2, x.x.x.3 => Azure DNS (Azure)
    • x.x.x.255 => Network Broadcast ip (Any Network)

Network Security Group

  • This is used to restrict network packets
  • This can be assigned to
    • Network Interface (nic)
    • subnet
  • NSG whenever a packet arrives (assuming ingress)

    • verifies the packet against the rules by priority
  • NSG Has default rules

    • Incoming (ingress):
      • Packet with source from same vnet allow this
      • Packt from Azure load balancer => Allow this
      • Deny rest
    • Outgoing (egress):
      • Allow to any destination.
  • When we create NSG if we want the above behavior there is no need to add any rules but if you need to allow/deny some packet or make changes, we add security rules which are processed in priority
  • Next Steps:
    • NSG’s at subnet level and NIC Level

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About continuous learner

devops & cloud enthusiastic learner