understanding azure networking services
TRANSCRIPT
Webinar: Understanding Azure Networking Services
We’ll be starting shortly…
Webinar: Understanding Azure Networking Services
David Pitcher
Senior ALM Consultant
InCycle Software
We Help Organizations
Get to the Next Level
ALM MVPs and ALM consultants in six locations
Agenda
III
I
II ?
IV
Questions & Answers
Virtual Networks
Point to Site VPN
Site to Site VPN
Express Route
Virtual Networks
Virtual Network
<subnet X> <subnet Y> <subnet Z>
DNS Server
Microsoft Azure
VNet to VNet
US WestVnet C
US WestVnet B
US EastVnet B
Internet
Connectivity between Virtual Networks
Enables rich network topologies in the cloud
US EastVnet A
US WestVnet A
Hybrid Network Connectivity
On-premises
Your datacenter
Individual computers behind corporate firewall
Point-to-Site VPN
Route-based VPN
Azure
Virtual Network
<subnet 1> <subnet 2> <subnet 3>
DNS Server
VPN Gateway
Remote workers
Point-to-Site VPNs
On-premises
Your datacenter
Individual computers behind corporate firewall
Route-based VPN
Azure
Virtual Network
<subnet 1> <subnet 2> <subnet 3>
DNS Server
VPN Gateway
Remote workers
Site-to-SiteVPN
Site-to-Site VPNs
Avoids risks from exposure to Internet
Avoids complexity and added costs
Provides lower latency, higher bandwidth and greater availability
Private Network
Site 1
Site 2
Site 3
Express Route
Greater networking costs and higher latency
Data traverses the Internet to reach public cloud
Limited bandwidth
Private Network
Site 1
Site 1
Site 3
Load Balancing
Traffic Manager
Azure Load Balancer• Layer-4 TCP and UDP Traffic
Distribution
• IaaS / PaaS Tenants
• Multiple Endpoints
• Service Monitoring
• Source NAT
Distribution Mode - Hash
Distribution Mode – Source IP Affinity
Example – Load Balancer Configuration
Internal Load Balancer
Internet Facing Multi-Tier Services with Cloud Services
Internal Load Balancer
Multiple Cloud Services in a Virtual Network
Traffic Manager
1
2
3
4
www.contoso.com IN CNAME contoso.trafficmanager.net
5
6
DNS
1. User Traffic To Company Domain Name
2. Company Domain Name To Traffic Manager Domain Name
3. Traffic Manager Domain Name & Profile
4. Traffic Manager Process Profile Rules
5. Endpoint Domain Name Sent To User
6. User Calls Endpoint
Traffic Manager – Failover
DNS1
2
3
4
Check the ordered endpoints
CS-APrimary
CS-BStandby 1
CS-CStandby 2
CS-DStandby 3
Offline
Endpoints Status
1. CS-A Offline
2. CS-B Online
3. CS-C Online
4. CS-D Online
Traffic Manager – Round Robin
DNS1
2
3
4
Select CS-C (random, based on weight)
CS-A CS-B CS-C CS-D
Endpoints Weights
CS-A 2
CS-B 2
CS-C 5
CS-D 1
Traffic Manager – Performance
DNS
1
2
3
4
Look up
latency
times
CS-A CS-B CS-C CS-D
5
6
IP range US West US East West Europe East Asia
… … … … …
131.107.0.0/16 230 ms 180 ms 6 ms 25 ms
… … … … …
Cloud service
Datacenter
CS-A East Asia
CS-B West Europe
CS-C US East
CS-D US West
Maintain Internet Latency Table
131.107.89.14
Local DNS server
Virtual IP Address – VIP
Reserved Virtual IP Address - RVIP
Static Internal IP Address – DIP
Public Instance IP Address – PIP
IP Addressing Overview
Virtual IP Address - VIP
Dynamic IP Address - DIP
foo.cloudapp.net VIP
Reserved IP Address
Why
Constraints
foo.cloudapp.net VIP
Static DIP Address
Why
foo.cloudapp.net VIP
Instance Public IP Address
Why PIP
Constraints
foo.cloudapp.net VIP
Network Endpoint ACLs
Network Security Groups
Multiple NICs
Network Endpoint ACLs
IP: 101. 121.---.255
IP: 127.255. ---.---
IP: 2001:4898:9:2:---:e60c:b118:---
IP: 111.111. ---.---
29
IP: 101. 121.---.255
IP: 127.255. ---.---
End Point ACL
Network Security Groups
Name Priority Source IP Source Port Destination IP Destination Port Protocol Access
WEB 100 INTERNET * * 80 TCP ALLOW
Multiple NICs
VM Size (Standard Tier) Maximum NICs
A3, A6, D3, A8, G3, D12
(4-core VMs except G3-8, A8-8)2
A4, A7, A9, G4, D4, D13
(8-core VMs except G4-16, A9-
16)
4
G5 (32-core), DS14 (16-core)8
All other sizes 1
Questions?
David Pitcher
Senior ALM Consultant
InCycle Software
Seattle, WA
(425) [email protected]
www.incyclesoftware.com
Offers
Contact us at: [email protected]
/InCycleSoftware @InCycleSoftware /company/incycle-software incyclesoftware.com/blog/
Azure Proof
of Concept
Azure
PlanningMicrosoft
Azure