Az 700t00a Enu Powerpoint 01
Az 700t00a Enu Powerpoint 01
Az 700t00a Enu Powerpoint 01
Introduction to
Azure Virtual
Networks
Configure Public IP services Exercise: connect two Azure Virtual Networks using
global virtual network peering
Exercise: design and implement a Virtual Network i Implement virtual network traffic routing
n Azure
Design name resolution for your Virtual Network Configure internet access with Azure Virtual NAT
Subnets
Explore
Azure Private IP Address allocation
Virtual
Networks Understand Regions and Subscriptions
Review
RFC 1918
10.0.0.0 - 10.255.255.255 (10/8 prefix) Unavailable address ranges:
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix) 224.0.0.0/4 (Multicast)
Azure reserves 5 IP addresses 255.255.255.255/32 (Broadcast)
x.x.x.0: Network address 127.0.0.0/8 (Loopback)
x.x.x.1: Reserved by Azure for the default gateway 169.254.0.0/16 (Link-local)
x.x.x.2, x.x.x.3: Reserved by Azure to map the Azure 168.63.129.16/32 (Internal DNS)
DNS IPs to the VNet space
x.x.x.255: Network broadcast address
Dynamic (default). Azure assigns the next available unassigned or unreserved IP address in the
subnet’s address range
Static. You select and assign any unassigned or unreserved IP address in the subnet's address range
Create a Create a
virtual network virtual network
in the portal with PowerShell
overview
Custom IP address prefix (Bring your own IP)
Review
Application Gateway Front-end configuration Yes (V1 only) Yes (V2 only)
A public IP address resource can be associated with resources such as virtual machine network
interfaces, internet-facing load balancers, VPN gateways, and Application Gateways
© Copyright Microsoft Corporation. All rights reserved.
Choose the appropriate SKU for a public IP
• Assigned with the static or dynamic • Always use static allocation method
allocation method • Secure by default and closed to
• Open by default. NSGs are inbound traffic
recommended but optional • Allow inbound traffic with NSG
• Assigned to network interfaces, VPN • Assigned to network interfaces,
gateway, public load balancers, or standard public load balancers, or
Application Gateways Application Gateways
• Don’t support availability zone • Can be zone-redundant, zonal, or no-
scenarios zone
Regional vs Global
Dynamic vs Static
• Validation
• Provision
• Commission
© Copyright Microsoft Corporation. All rights reserved.
Configure Public IP services - Review
Design
Name Azure DNS Zones Significance of IP address 168.63.129.16
Virtual Demonstration
Network
DNS Record Sets
Query:VM2.contoso.lab
Response:VM1.contoso.lab
DNS queries across the linked virtual DNS resolution in VNet1 is private and
networks are resolved not accessible from the Internet
Enables the VM Agent to communicate with the Azure platform to signal that it is in a
"Ready" state
Enables communication with the DNS virtual server to provide filtered name
resolution to the resources (such as VM) that do not have a custom DNS server.
Enables health probes from Azure load balancer to determine the health state of
VMs
Enables the VM to obtain a dynamic IP address from the DHCP service in Azure
Implement DNS for Windows Server IaaS VMs - Training | Microsoft Learn
Enable
Cross- Service Chaining
VNet
Connectiv Configure VNet Peering
ity with
Peering Demonstration
overview
Review
Distribute your services across Azure virtual networks and integrate them by using virtual ne
twork peering - Training | Microsoft Learn
Review
System routes
Default routes
Custom routes
Each virtual network subnet has a built-in, system routing table. The
system routing table has the following three groups of routes:
• Local VNet routes: Route directly to the destination VMs in the same
virtual network.
• On-premises routes: Route to the Azure VPN gateway.
• Default route: Route directly to the Internet. Packets destined to the
private IP addresses not covered by the previous two routes are
dropped.
Resolve Issues:
• Add a custom route to override a default route.
• Change or remove a custom route that causes traffic to be routed to an undesired
location.
• Ensure that the route table is associated to the correct subnet (the one that contains the
network interface).
• Ensure that devices such as Azure VPN gateway or network virtual appliances you've
deployed are operating as intended.
© Copyright Microsoft Corporation. All rights reserved.
Demonstration – Creating custom routes
Add a route
Virtual network:
Designing Virtual networks with NAT gateway resources - Azure Virtual Network NAT | Micro
soft Docs