Microsoft Azure

Microsoft Azure cloud Networking components:

Azure terms used for networking component that my be useful for AZ-900 Foundation or administration exam. 

1. vNet (Virtual Network):
• It work like logical network boundary, represents supernet allocated for Azure resource group.
• Under vNet we can create multiple subnet. Minimum one subnet is required to create vNet.
• vNet exists with subscription and region and cannot span subscription or region. There is limit for vNet soft limit =50 and hard limit = 500.
• Routing between subnet in vNet is automatic and enabled by default using System Routes. System route cannot be modified or deleted, but we ca override it using custom route. 
• Traffic from vNet to azure service is routed via Azure’s backbone network. Rest other traffic (except RFC 1918, RFC 6598) are routed via public internet 
2. Route table. 
• Route table are used to route traffic between vNet or another network. 
• It contain 3 important information, source, destination and next-hop
• Source = defines who created route (Default / system << Virtual Network Gateway / BGP << UDR (User defined route)
• Destination : Subnet of destination network
• Next-hop: 1st hop to reach destination network.
• Most specific / longest prefix route is preferred, if there are multiple route to same destination than preference is (UDR >> Virtual Network Gateway >> System)
• Next-hop type: 
• Virtual network gateway
• Virtual network (default Azure routing)
• Internet
• Virtual appliance (specified VM) 
• None (black hole / drop traffic) 
3. Network Security Group (NSG):
• It acts like FW at network lever used to filter inbound / outbound traffic.
• It is applied at VM (NIC) level or Subnet level.
4. Service endpoint:
• Allows communication from vNet to Azure service (e.g. blob service) 
5. Application Security Group (ASG) 
• Help to manage security of VM by grouping them according to the application that run on them. (e.g. Internet >>> webserver >>> app server >>> database server
6. Azure Firewall and Azure Firewall manager 
• Azure Firewall is firewall service from Azure and Azure Firewall manager is used to manage it.
• Azure Firewall manager support secured virtual hub and hub virtual network. 
7. Bastion host:
• Node used as jump server, jump box or remote server host for client coming from internet.
8. NAT Gateay
• Network address translator 
9. Azure DNS 
• DNS service from Azure 
10. Azure load balance. 
• Used to balance network traffic / session load between group of servers.
• There are public (external) and private (internal) load balancer. 
11. Application Gateway : 
• It works like L7 load balancer and can used path-based routing. 
12. WAF (Web application Firewall) 
• Used to protect web application use along with Application gateway.
13. Azure traffic manager: a. Used as DR / HA solution to route traffic between different region.
14. Express route:
• Dedicated 10Gig connectivity to Azure cloud using private network via express route provider. 
15. VPN Gateway: 
• Allows to connect remote site (Site-to-Site) or user (Point-to-site) vpn 
16. Local network gateway: 
• Network object that represent on-premises location, used while configure VPN gateway.
17. Virtual WAN
• Form of HUB which allows to interconnect all vNet and on-premises site or remote user. 
18.  vNet peering:
• allows routing traffic between two vNet using Microsoft backbone network infrastructure
19. Gateway transit:
•  Allows vpn hub to forward traffic from spoke
20. Azure FrontDoor: 
• Microsoft global edge network that acts like entry-point to access hosted resource (Azure / on-premises) from public internet.
21. Azure private link: 
• Allow access to Azure service using private address space.
22.  Azure private link service. 
• Allows communication between resource from two vNet / network hosted in Azure using overlapping private ip