Azure Network Basics

Thursday, September 27, 2018 3:19 PM

Azure Network Component used for VNet Communication : Terminology with respect to AWS

1. Virtual Network --> Address Space (VNet CIDR) ,Address Range (Subnet)
2. Virtual Network Gateway --> Just like VPC Peering for VPC to VPC Communication. For Two VNet
to communicate must have a Virtual Network Gateway at the Both end of the VNet and IP will be
assigned to it. Gateway will have IP range (10.20.2.0/24) Subnet level CIDR
3. Subnets -->Same for both
4. Resource Group --> Group
5. Network and Security Group (Firewall) --> Security Group and NACL
6. Connections : To connect both the Virtual Network Gateway
7. Location --> Region
8. Virtual Machine --> EC2 instances
9. Subscription --> Tenant/Account name
10 Windows Firewall Update the Inbound Rule for the VMs to communicate by changing the File
and Printer (Echo Request -IPv4) to allow

Role : Subscription
Resource Group : Container to organize our resources
VPC : Virtual Network
Availability Zone : Availability Set
ELB : same
ILB :Internal Load balancer
NACL and Security Group {Lock Icon(Software Firewall)} : Network and Security Group(NSG)
VPC : Vnet (Virtual Network)
Your VPC : Address Space
EC2 : Virtual Machine
ElasticBeanStack : App Service

Lambda (Serverless) : Azure Function

S3 : Blob Storage

SQS : Queue Storage

Glacier : Backup

RDS : SQL Database(Only MYSQL is supported, can't be customized)

Redshift : SQL Data Warehouse

DynamoDB : DocumentDB

Reserve Instance : Microsoft Enterprise Agreement

CloudTrail : Azure Operational insight

CloudWatch : Azure Application insight

Azure Network Component :

Learning Network Page 1

Load Balancer differences :

There are different options to distribute network traffic using Microsoft Azure. These options work
differently from each other, having a different feature set and support different scenarios. They can
each be used in isolation, or combining them.
• Azure Load Balancer works at the transport layer (Layer 4 in the OSI network reference stack).
It provides network-level distribution of traffic across instances of an application running in
the same Azure data center.
• Application Gateway works at the application layer (Layer 7 in the OSI network reference
stack). It acts as a reverse-proxy service, terminating the client connection and forwarding
requests to back-end endpoints.
• Traffic Manager works at the DNS level. It uses DNS responses to direct end-user traffic to
globally distributed endpoints. Clients then connect to those endpoints directly.

1. Virtual Network : A virtual network enables Azure resources, such as virtual machines (VM), to
communicate privately with each other, and with the internet.

2. Load Balancer : Azure load balancer is a layer 4 load balancer that distributes incoming traffic
among healthy virtual machine instances. Load balancers uses a hash-based distribution
algorithm. By default, it uses a 5-tuple (source IP, source port, destination IP, destination port,
protocol type) hash to map traffic to available servers. Load balancers can either be internet-
facing where it is accessible via public IP addresses, or internal where it is only accessible from
a virtual network. Azure load balancers also support Network Address Translation (NAT) to
route traffic between public and private IP addresses.
You can configure the load balancer to:
○ Load balance incoming traffic across your virtual machines.
○ Forward traffic to and from a specific virtual machine using NAT rules.

Learning Network Page 2

3. Application Gateway : Microsoft Azure Application Gateway provides an Azure-managed HTTP
load-balancing solution based on layer-7 load balancing. Application load balancing enables IT
administrators and developers to create routing rules for network traffic based on HTTP. The
Application Gateway service is highly available and metered.
Microsoft Azure provides a 99.9% uptime SLA for Application Gateway Cloud Services having
two or more medium or larger instances.
Applications that require requests from the same user/client session to reach the same back-
end virtual machine. Examples of these applications would be shopping cart applications and
web mail servers.
Application Gateway load balancing as an Azure-managed service allows the provisioning of a
layer 7 load balancer behind the Azure software load balancer. Traffic manager can be used to
complete the scenario as seen in the following image, where Traffic Manager provides
redirection and availability of traffic to multiple application gateway resources in different
regions, while application gateway provides cross region layer 7 load balancing.

Learning Network Page 3

4. Virtual network gateway : A virtual network gateway is the software VPN device for your
Azure virtual network. Use this with a connection to set up a site-to-site VPN connection
between an Azure virtual network and your local network, or a VNet-to-VNet VPN connection
between two Azure virtual networks. It can also be used to connect a virtual network to an
ExpressRoute circuit. Microsoft Azure provides a 99.9% uptime SLA for virtual network
gateways.

5. Local network gateway : A local network gateway represents the hardware or software VPN
device in your local network. Use this with a connection to set up a site-to-site VPN connection
between an Azure virtual network and your local network. There are no additional charges for
creating local network gateways in Microsoft Azure.

Learning Network Page 4

6. Traffic Manager : How a profile with Priority routing type can be created to route users to two
Azure Web Apps endpoints. By using the Priority routing type, all traffic is routed to the first
endpoint while the second is kept as a backup. As a result, users can be routed to the second
endpoint if the first endpoint becomes unhealthy.

Learning Network Page 5

 7. Azure DNS : A DNS zone is used to host the DNS records for a particular domain. To start hosting
your domain in Azure DNS, you need to create a DNS zone for that domain name. Each DNS record
for your domain is then created inside this DNS zone. Finally, to publish your DNS zone to the
Internet, you need to configure the name servers for the domain.

Learning Network Page 6

8. Network Watcher :

Learning Network Page 7

 9. Route table: A route table contains a set of rules, called routes, that specifies how packets
should be routed in a virtual network. Route tables are associated to subnets, and each packet
leaving a subnet is handled based on the associated route table. Each route table can be
associated to multiple subnets, but a subnet can only be associated to a single route table.
Packets are matched to routes using the destination. This can be an IP address, a virtual
network gateway, a virtual appliance, or the internet. If a matching route can't be found, then
the packet is dropped. By default, every subnet in a virtual network is associated with a set of
built-in routes. These allow traffic between virtual machines in a virtual network; virtual
machines and an address space as defined by a local network gateway; and virtual machines
and the internet.
There are no additional charges for creating route tables in Microsoft Azure.

Create route table :

Name : TestRT-Kishan1

Learning Network Page 8

Subnet Association with the route table :

Learning Network Page 9

Learning Network Page 10
 10. ExpressRoute : Azure ExpressRoute enables you to create private connections between Azure
data centers and infrastructure that's on your premises or in a colocation environment.
ExpressRoute connections do not go over the public Internet, offering more reliability, faster
speeds, lower latencies, and higher security than typical connections. In some cases, using
ExpressRoute connections to transfer data between on-premises and Azure can also yield
significant cost benefits.
With ExpressRoute, you can establish connections to Azure at an ExpressRoute location
(Exchange Provider facility) or directly connect to Azure from your existing WAN network (such
as a MPLS VPN) provided by a network service provider.

About VPN devices and IPsec/IKE parameters for Site-to-Site VPN Gateway
connections:

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices

Learning Network Page 11