Module 4 - Configure Virtual Networks

Question 1

What is a virtual network?

Answer 1

created using software and it is hosted on a physical network infrastructure.

Key components:

VM -

Hypervisor -

Virtual switches - software based switches which enable communication between VM’s

virtual network adaptors - software interfaces within the vms to connect them to the virtual network

Virtual LANs (VLANs) - used to divide a physical network into smaller isolated segments within the virtual network

An Azure virtual network is a logical isolation of the Azure cloud that’s dedicated to your subscription.

You can use virtual networks to provision and manage virtual private networks (VPNs) in Azure.

Each virtual network has its own Classless Inter-Domain Routing (CIDR) block and can be linked to other virtual networks and on-premises networks.

You can link virtual networks with an on-premises IT infrastructure to create hybrid or cross-premises solutions, when the CIDR blocks of the connecting networks don’t overlap.

Question 2

Why use an azure virtual network

Answer 2

1. Communication of azure resources with the internet:
2. Commination between azure resources
3. Communication with on prem resources
   4.Filtering of network traffic
4. Routing of network traffic
   6 Integration with azure services

Communication of azure resources with the internet
By default azure resources within a VNet are isolated from the internet. However ou can configure the VNet to allow internet bound traffic by using the following components:

1. Network security groups(NSG)
   Basic firewall that allows or denies traffic to and from azure resources. You can configure NSG to control inbound and outbound traffic to and from the internet by defining rules based on source and destination ip addresses , ports and protocols.
2. Azure Bastion
   Azure bastion provides secure and seamless RDP and SSH access to VM’s directly through the azure portal. Reduces exposure of vm to public internet by eliminating the need to expose RDP.SSH ports.
3. Azure load balancer
   allows you to distribute incoming network traffic across multiple servers to ensure no single server becomes overwhelmed. It can be configured to allow traffic to be directed to a specific resource.
4. Azure application gateway
   is a web based traffic load balancer that enables you to manage traffic to your web apps. It can be configured to allow traffic to reach your web apps.
5. Public ip addresses
   Azure resources that need communication with the internet requires a public ip address. Public ip address can be associated with resources such as vm’s , load balancers or azure firewall.

Commination between azure resources
1.VNets allow you to create isolated and securely connected networks. Resources that are part of the same VNet can communicate woth each other but not other VNets. You can establish communication between VNets using VNet peering or VPN gateways:

2.Private ip addresses
Azure resources , especially vm are assigned private ip addresses within a VNet. Resources can communicate with each other using private ip addresses within the same VNet.

3.Vnet peering
allows you to connect VNets in the same region , enabling resources in different VNets to communicate with each other. This is done private over Microsoft backbone network.

4.VPN gateway
VPN gateways enables secure communication between Vnets or on prem networks and azure VNets. This is useful for connecting resources in different geographic locations.

5.ExpressRoute:
Provides a dedicated , private connection between on prem networks and azure data centers. Used to establish a private commination between on prem resources and azure resources.

Communication with on prem resources:
There are several options available, and the choice depends on factors such as security requirements, bandwidth, and the complexity of your network architecture. Here are the main methods for achieving connectivity between on-premises and Azure resources:

1. Azure VPN gateway
   allows you to create a site-to-site vpn connection between your on prem network and azure. This establishes a secure and encrypted tunnel over the internet. You can use a policy based or route based VPN
2. Azure ExpressRoute
   dedicated , private connection between on prem and data center and azure. The connection bypasses the public internet , offering higher security and lower latency. It is used for scenarios where you need a more predictable and consistent network performance
3. Azure virtual network gateway
   is used i n conjunction with VPN gateway or express Route. It acts like a router for traffic between these networks
4. Point-to-Point VPN
   Allows individual computers or devices to securely connect to a n Azure Virtual network. Often used for smaller number of on prem devices that need to combinate with azure resources.
5. Site-to-site VPN and expressRoute hybrid connections
   allows you to connect your azure app service(webb apps , mobile apps and api apps) to your on prem network.
6. Azure VPN client
   is point-to-site vpn connection. It allows for users to connect to the Azure Virtual network.

Question 3

What is a subnet in azure

Answer 3

A subnet is a range of ip addresses in a VNet. This is used to divide a larger networks into smaller more manageable segments. The reason for a subnet is for organizing and securing network traffic , simplifying network management , and implementing network polices.

• VNet is a logically isolated network and within the VNet you can create one or more subnets. There is a limit of 3000 subnets per VNet.

1. each subnet contains a range of ip addresses that fall within the virtual network address space.
2. The address range must be unique for each subnet in the virtaul network
3. the range for one subnet cannot overlap with other subnet ip address ranges in the same virtual network
4. The ip address space must be specified using CIDR notation
5. Reserved ip address - Azure reserves five ip addresses. The first 4 addresses and the last address are reserved.

example IP address range of 192.168.1.0/24:

192.168.1.0 - This indicates the virtual network address

192.168.1.1 - Azure configures this address as the default gateway.

192.168.1.2 and 192.168.1.3 - Azure maps these Azure DNS IP addresses to the virtual network space

192.168.1.255 - This value supplies the virtual network broadcast address.

Factors and scenarios to consider when adding subnets:

Service requirements

Network virtual appliances

service endpoints

network security groups

private links

Question 4

Create virtual networks

Answer 4

Overview of how virtual networks are used in in azure:

Step 1 . Creation of virtual networks
When an azure virtual network is created , you have to define a private ip address space , subnets and other settings

Question 5

Plan IP addressing

Answer 5

Private IP address:
Enables communication within an azure virtual network and your on prem network. You can use VPN gateway or Azure ExpressRoute circuit to extend your network to azure

Public IP addresses:
Allows resources to communicate with the internet.
You can associate a public IP address with a VM NIC , internet facing load balancers, VPN gateways and application gateways.

The SKU must match the SKU of azure load balancer

Basic SKU:

IP assignment - Static or dynamic
- Note that VPN gateway and application gateway can only be assigned dynamic IP addresses in basic SKU

Security - Open by default

Resources - NICS , VPN gateways , app gateways , and internet facing load balancers.

Not zone redundant

Standard SKU
IP address assignment - Static
VPN gateway and application gateway can be assigned staic IP addresses.

Security - Secure by default , Closed to inbound traffic

Resources - NICS , VPN gateways , app gateways ,internet facing load balancers

Provides zone redundancy