Azure Networking Contd…
- A virtual network address spaces can be extended i.e.
- we created a virtual network with address space 192.168.0.0/24
- If we need more ips in the same network any time after creation you can add new cidr range and assign this to subnets. lets add 192.168.100.0/24
- Subnets address space can be edited but the interfaces (nic) which are already in use will still be part of the same subnet.
- Any subnet we create in Azure would reserve 5 ip addresses
- x.x.x.0 => Network id (Any network)
- x.x.x.1 => Default gateway (Azure)
- x.x.x.2, x.x.x.3 => Azure DNS (Azure)
- x.x.x.255 => Network Broadcast ip (Any Network)
Network Security Group
- This is used to restrict network packets
- This can be assigned to
- Network Interface (nic)
- subnet
-
NSG whenever a packet arrives (assuming ingress)
- verifies the packet against the rules by priority
-
NSG Has default rules
- Incoming (ingress):
- Packet with source from same vnet allow this
- Packt from Azure load balancer => Allow this
- Deny rest
- Outgoing (egress):
- Allow to any destination.
- Incoming (ingress):
- When we create NSG if we want the above behavior there is no need to add any rules but if you need to allow/deny some packet or make changes, we add security rules which are processed in priority
- Next Steps:
- NSG’s at subnet level and NIC Level
- NSG’s at subnet level and NIC Level