Book Image

Designing and Implementing Microsoft Azure Networking Solutions

By : David Okeyode
Book Image

Designing and Implementing Microsoft Azure Networking Solutions

By: David Okeyode

Overview of this book

Designing and Implementing Microsoft Azure Networking Solutions is a comprehensive guide that covers every aspect of the AZ-700 exam to help you fully prepare to take the certification exam. Packed with essential information, this book is a valuable resource for Azure cloud professionals, helping you build practical skills to design and implement name resolution, VNet routing, cross-VNet connectivity, and hybrid network connectivity using the VPN Gateway and the ExpressRoute Gateway. It provides step-by-step instructions to design and implement an Azure Virtual WAN architecture for enterprise use cases. Additionally, the book offers detailed guidance on network security design and implementation, application delivery services, private platform service connectivity, and monitoring networks in Azure. Throughout the book, you’ll find hands-on labs carefully integrated to align with the exam objectives of the Azure Network Engineer certification (AZ-700), complemented by practice questions at the end of each chapter, allowing you to test your knowledge. By the end of this book, you’ll have mastered the fundamentals of Azure networking and be ready to take the AZ-700 exam.

Related Content you might be interested in

Current Title:

Small book image
Designing and Implementing Microsoft Azure Networking Solutions
David Okeyode
Aug, 2023 | 524 pages
Small book image
Microsoft Azure Security Technologies Certification and Beyond
David Okeyode
Nov, 2021 | 526 pages
Small book image
Hands-On Networking with Azure
Mohamed Waly
Mar, 2018 | 276 pages
Small book image
Azure Networking Cookbook, Second Edition
Mustafa Toroman
Dec, 2020 | 298 pages
Table of Contents (17 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Conventions used
Get in touch
Share your thoughts
Download a free PDF copy of this book
1
Part 1: Design and Implement Core Networking Infrastructure in Azure
Part 1: Design and Implement Core Networking Infrastructure in Azure
Free Chapter
2
Chapter 1: Azure Networking Fundamentals
Chapter 1: Azure Networking Fundamentals
Technical requirements
Understanding Azure VNet
Planning Vnet naming
Planning VNet location
Planning Vnet IP address spaces
Planning Vnet subnet segmentation
Hands-on exercise – creating a single-stack VNet in Azure
Hands-on exercise – creating a dual-stack VNet in Azure
Understanding private IP address assignment for subnet workloads
Hands-on exercise – determining the VM location and sizes for future exercises
Hands-on exercise – exploring private IP assignments
Hands-on exercise – cleaning up resources
Summary
Further reading
3
Chapter 2: Designing and Implementing Name Resolution
Chapter 2: Designing and Implementing Name Resolution
Technical requirements
A hands-on exercise – provisioning resources for the chapter’s exercises
Name resolution scenarios and options
Internal name resolution scenarios and options
External name resolution scenarios and options
A hands-on exercise – clean up resources
Summary
Further reading
4
Chapter 3: Design, Implement, and Manage VNet Routing
Chapter 3: Design, Implement, and Manage VNet Routing
Technical requirements
Understanding the default routing for Azure VNet workloads
Modifying the default routing behavior
Hands-on exercise – cleaning up resources
Summary
Further reading
5
Chapter 4: Design and Implement Cross-VNet Connectivity
Chapter 4: Design and Implement Cross-VNet Connectivity
Technical requirements
Understanding cross-VNet connectivity options
Connecting VNets using VNet peering
Connecting VNets using a VPN gateway connection
Connecting VNets using a vWAN
Hands-on exercise – provisioning resources for the chapter
Hands-on exercise – implementing cross-region VNet connectivity using the vWAN
Comparing the three cross-VNet connectivity options
Hands-on exercise – clean up resources
Summary
Further reading
6
Part 2: Design, Implement, and Manage Hybrid Networking
Part 2: Design, Implement, and Manage Hybrid Networking
7
Chapter 5: Design and Implement Hybrid Network Connectivity with VPN Gateway
Chapter 5: Design and Implement Hybrid Network Connectivity with VPN Gateway
Technical requirements
Understanding Azure hybrid network connection options
Hands-on exercise – provision resources for chapter exercises
Hands-on exercise: implement a BGP-enabled VPN connection in Azure
Understanding point-to-site connections
Hands-on exercise – implement a P2S VPN connection with Azure certificate authentication
Troubleshoot Azure VPN Gateway using diagnostic logs
Hands-on exercise – clean up resources
Summary
8
Chapter 6: Designing and Implementing Hybrid Network Connectivity with the ExpressRoute Gateway
Chapter 6: Designing and Implementing Hybrid Network Connectivity with the ExpressRoute Gateway
Technical requirements
Understanding what ExpressRoute is and its main use cases
Understanding ExpressRoute components
Deciding on an ExpressRoute connectivity model
Selecting the right ExpressRoute circuit SKU
Selecting the right ExpressRoute gateway SKU
Improving data path performance with ExpressRoute FastPath
Designing and implementing cross-network connectivity over ExpressRoute
Understanding the implementation of encryption over ExpressRoute
Understanding the implementation of BFD
Hands-on exercise – implementing an ExpressRoute gateway
Summary
9
Chapter 7: Design and Implement Hybrid Network Connectivity with Virtual WAN
Chapter 7: Design and Implement Hybrid Network Connectivity with Virtual WAN
Technical requirements
Designing a scalable network topology in Azure
Understanding the design considerations of a vWAN hub
Understanding the routing and SD-WAN configuration in a virtual hub
Hands-on exercise 1 – provision resources for chapter exercises
Configuring Site-to-Site connectivity using VWAN
Hands-on exercise 2 – implement site-to-site VPN connectivity using VWAN
Implementing a global transit network architecture using VWAN
Understanding the security considerations of a virtual hub
Summary
Further reading
10
Chapter 8: Designing and Implementing Network Security
Chapter 8: Designing and Implementing Network Security
Technical requirements
Securing the Azure virtual network perimeter
Implementing DDoS protection
Hands-on exercise 1 – provisioning resources for Chapter 8’s exercises
Hands-on exercise 2 – implementing DDoS Protection, monitoring, and validation
Implementing Azure Firewall
Hands-on exercise 3 – deploying Azure Firewall into a VNet and a Virtual WAN Hub
Implementing a WAF in Azure
Implementing central management with Firewall Manager
Summary
Further reading
11
Part 3: Design and Implement Traffic Management and Network Monitoring
Part 3: Design and Implement Traffic Management and Network Monitoring
12
Chapter 9: Designing and Implementing Application Delivery Services
Chapter 9: Designing and Implementing Application Delivery Services
Technical requirements
Understanding Azure’s load-balancing and application delivery services
Designing and implementing an Azure Load Balancer service
Designing and implementing an Azure Application Gateway service
Designing and implementing an Azure Front Door load balancer service
Designing and implementing an Azure Traffic Manager service
Choosing an optimal load-balancing and application delivery solution
Summary
13
Chapter 10: Designing and Implementing Platform Service Connectivity
Chapter 10: Designing and Implementing Platform Service Connectivity
Technical requirements
Implementing platform service network security
Summary
Further reading
14
Chapter 11: Monitoring Networks in Azure
Chapter 11: Monitoring Networks in Azure
Technical requirements
Introducing Azure Network Watcher for monitoring, network diagnostics, and logs
Understanding the network monitoring tools of Network Watcher
Understanding the Network diagnostic tools of Network Watcher
Hands-on exercise 1 – provisioning the resources for the chapter's exercises
Hands-on exercise 2 – implementing the network monitoring tools of Network Watcher
Understanding NSG flow logs
Hands-on exercise 3 – enabling NSG flow logs
Summary
Further reading
15
Index
Index
Why subscribe?
16
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share your thoughts
Download a free PDF copy of this book

Understanding Azure VNet

Before we get too far into Azure networking concepts, let’s establish what Azure VNet is and the capabilities that it provides.

A VNet is a virtual version of a physical network, implemented on the Azure cloud platform. The main advantage that it has over a traditional network is that we don’t need to implement or maintain the underlying physical hardware for this network (these responsibilities are offloaded to our cloud provider – Microsoft). But for the most part, we can achieve similar capabilities and architectures that we can achieve on-premises. We can even implement more flexible architectures with Azure VNets due to the software-defined nature.

So, what capabilities does Azure VNet provide? Here is a short list of some use cases:

  • Connectivity for supported Azure services including VM, virtual machine scale sets (VMSSs), and 32 other services
  • Native Internal TCP/UDP Load Balancing and proxy systems for Internal HTTP(S) Load Balancing
  • Connects to on-premises networks using Cloud VPN tunnels and Cloud Interconnect attachments

Limitation

An Azure subscription can have up to 1,000 VNets as of the time of writing (April, 2022). An additional subscription will be needed to grow beyond this limit.

Azure VNet versus traditional networks

Even though Azure VNet is similar to a traditional on-premises network in many ways, there are still important differences, mainly due to restrictions that have been put in place by Microsoft to ensure security in a multi-tenant platform such as Azure. Here are some key ones:

  • Azure VNet does not support Layer-2 semantics (Only Layer-3 and Layer-4). This means that concepts such as virtual LANs (vLANs) and Layer-2 broadcasts don’t work in Azure VNet. Figure 1.1 shows the output of running the arp -a command on a VM that is deployed in Azure VNet. You will notice that the MAC address resolution for VMs in the same subnet results in the same 12:34:56:78:9a:bc value. This is because we are on a shared platform and the VNet is a Layer-3 overlay instead of Layer-2:
Figure 1.1 – ARP table on an Azure VM

Figure 1.1 – ARP table on an Azure VM

  • Another key difference between a traditional network and Azure VNet is that some protocols and communication types are restricted from being used in Azure VNet. Protocols such as multicast, broadcast, DHCP unicast, UDP source port 65330, IP-in-IP encapsulated packets, and Generic Routing Encapsulation (GRE) packets are not allowed in Azure VNet. Any application or service capability that requires these protocols or communication types will need to be refactored before deployment into Azure VNet for it to work. The only protocols that are allowed are TCP, UDP, ICMP, and Unicast communication (except source port UDP/68 /, destination port UDP/67, and UDP source port 65330, which is reserved for the host).

Note

For more information on the differences of Azure VNet and traditional networks, refer to the document at https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-faq.

Now that you have some fundamental information on what Azure VNet is, let’s discuss how you would go about planning one, starting with considerations around naming it.

Previous Section
End of Section 3
Next Section