Scribd
Upload
3 views20 pages

Networking

The document provides an overview of virtual network basics, including the structure of virtual networks, subnets, and IP address management. It discusses routing types, including system routes, user-defined routes, and BGP routes, as well as VPN types and their functionalities. Additionally, it covers connecting virtual networks through VNET peering and the limitations of IP address spaces.

Uploaded by

nilson18
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
3 views20 pages

Networking

The document provides an overview of virtual network basics, including the structure of virtual networks, subnets, and IP address management. It discusses routing types, including system routes, user-defined routes, and BGP routes, as well as VPN types and their functionalities. Additionally, it covers connecting virtual networks through VNET peering and the limitations of IP address spaces.

Uploaded by

nilson18
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 20

NETWORKING

Virtual Network Basics

• A vir tual network exists.

Within a specif ic subscription and region (It cannot span subscriptions nor regions).

• A vir tual network consists of one or more IP range.

• The address space is broken up into subnets with the smallest subnet possible being
a /29 which will give 3 usable IP addresses.

• IP addresses not available (f irst, second, third, four th and last)

.0 Network Adresses .2 - .3 DNS

.1 Default gateway .255 Broadcast


VIRTUAL
NETWORK
BASICS
Virtual Network Basics

• Subnets are regional and span Availability Zones.

• RFC 1918

10.0.0.0/8

172.16.0.0/12

192.168.0.0/16
IPv6

• Virtual Networks are dual stack enabling IPv4 and IPv6 address ranges
assigned.

• IPv6 support in NSG, UDR, LB, peering, etc.

• NIC Cannot be IPv6 only.

• Can enable IPv6 for existing resources (may require reboot).

• ExpressRoute private peering support.


Supported types of IP traffic

• Standard IP-based protocols supported including:

TCP, UDP, ICMP

• Multicast, broadcast, IP -in-IP encapsulated packets and Generic Routing


Encapsulation (GRE) blocked.

• You CANNOT ping the azure gateway or use tools such as tracert.

• Traditional layer 2 VLANs are not supported. ( VNets are Layer-3 overlays. Azure
does not support any Layer -2 semantics.)
Connecting Virtual Networks

• If you wish to have multiple subscriptions and /or use multiple regions you will
have multiple virtual networks.

• In the past we could connect virtual networks using S2S VPN or by connecting
to the same ExpressRoute circuit but both approaches have problems..

• VNET peering enables virtual network to be connected via the Microsof t


backbone in the same or different regions (global peering).

• There is a small ingress and egress charge for traffic via network peering.

• IP address spaces CANNOT overlap..


Connecting Virtual Networks

• Can span subscriptions and even AAD tenants.

• Peers are not transitive, but they can be..


Routing

• There are 3 types of routes:

System Routes

User-Defined Routes (Route table, custom routes)

BGP Routes
Routing – System Routes

• Azure automatically creates system routes.

Virtual Network ,Peering, Virtual Network Service Endpoint.

• You CANNOT create system routes, nor can you remove them.

• You can override some system routes with custom routes.


Routing – User-Defined Routes

• You use a UDR at the subnet level to alter system /default routes.

• When you add an entry in a User Defined Route, it will deactivate any system
routes using the same prefix.

• Static routing.

• Max 200 UDR per subscription.

• VPN Gateway (LNG), Route table.


Routing – Border Gateway Protocol

• BGP is the main routing protocol of the internet.

• An on-premises network gateway can exchange routes with an Azure virtual


network gateway using the border gateway protocol (BGP).

• Dynamic routing.

• ExpressRoute - VPN
Routing – Default Routes
Routing – Next Hops

• Virtual Appliance: VM that typically runs a network application, such as a


firewall.

• VNG: Specify when you want traffic destined for specific address prefixes routed
to a virtual network gateway.

• None: Specify when you want to drop traffic to an address prefix.

• VNET: Specify the Virtual network option when you want to override the default
routing within a virtual network.

• Internet: Specify the Internet option when you want to explicitly route traffic
destined to an address prefix to the Internet.
Routing – How Azure selects a route

• 1. User-Defined Route (VNG, UDR)

• 2. BGP route (ExpressRoute, VPN)

• 3. System route

• The bigger prefix wins


VPN

• Service that can be used to send encrypted traffic between an Azure virtual
network and on -premises locations over the public Internet.

• You can also use VPN Gateway to send encrypted traffic between Azure virtual
networks over the Microsof t network.

• Multiple connections can be created to the same VPN gateway.


VPN- Types

• S2S: A cross-premises IPsec /IKE VPN tunnel connection between the VPN
gateway and an on -premises VPN device.

• P2S:VPN over OpenVPN, IKEv2, or SSTP. This type of connection lets you
connect to your virtual network from a remote location, such as from a
conference or from home.
Azure VPN - Parts

• Virtual Network Gateway (VNG)

• Local Network Gateway (LNG)

• Connections
Troubleshooting

• Network Watcher

• Effective routes

• Effective security rules


THANK YOU

You might also like