Understanding Azure Virtual Networks
Azure Virtual Networks (vNet) provide an isolated and secure environment to run virtual machines and applications. It offers the ability to communicate between Azure resources, the internet, and on-premise networks. The crucial elements of an Azure vNet include IP address, DNS servers, Security rules, and routing.
Creating an Azure Virtual Network
To create a vNet, login to the Azure portal, select ‘Create a resource’ > ‘Networking’ > ‘Virtual network’. Inputs like the name of the vNet, address range, subscription, resource group, location, and subnet details need to be added, post which click on ‘Review+Create’ then ‘Create’.
Configuring an Azure Virtual Network
Upon creating a vNet, it needs to be configured appropriately to serve its purpose efficiently. This includes:
- Configuring DNS Servers: Designating a DNS server for a vNet can be accomplished from the vNet settings. Go to ‘DNS Servers’ under ‘Settings’ and choose your preferred DNS server.
- Configuring DHCP: Azure provides DHCP services automatically for vNet. It allocates IP addresses from the vNet’s address space.
Understanding Subnets
Subnets help segment the IP address range of the vNet into smaller blocks of IP addresses. It allows the separation of resources within a vNet, providing a layered security setup.
Creating a Subnet
A subnet can be created while creating a vNet or afterward. Within the Azure portal, navigate to the required vNet, select ‘Subnets’ under ‘Settings’, then click on ‘+ Subnet’. Fill the essential details like Name and Address range, then click ‘OK’.
Configuring a Subnet
In Azure, you have the flexibility to apply Network Security Groups (NSGs) or Route Tables (UDRs) at the Subnet level. You simply have to navigate to the Subnet inside the Virtual Network and then assign NSGs/UDRs.
Conclusion
In conclusion, understanding the creation and configuration of Azure Virtual Networks and subnets is key to implementing an effective network design on Azure. It offers excellent control over traffic flow and resource segregation. As you prepare for the AZ-104 Azure Administrator Exam, practicing these concepts will be highly beneficial for your networking module understanding.
Practice Test
True or False: You can create and configure virtual networks and subnets using the Azure portal.
- True
- False
Answer: True
Explanation: The Azure portal provides an interface for creating and configuring virtual networks and subnets.
What are the primary purposes of virtual networks in Azure?
- A. Enable resources to communicate with each other
- B. Isolate resources from each other
- C. Provide a range of IP addresses to resources
- D. All of the above
Answer: D. All of the above
Explanation: Virtual networks serve to enable communication between resources, provide isolation for resources, and assign a range of IP addresses.
True or False: When creating a virtual network, it is required to create at least one subnet.
- True
- False
Answer: True
Explanation: While creating a virtual network, at least one subnet needs to be created to enable resources to communicate within the virtual network.
Can you associate multiple network security groups (NSGs) with a subnet in Azure?
- A. Yes
- B. No
Answer: B. No
Explanation: Only one network security group can be associated with a subnet in Azure.
Which command is used to create a new virtual network in Azure using Azure CLI?
- A. az network vnet create
- B. new-azvirtualnetwork
- C. az create vnet
- D. azure network vnet create
Answer: A. az network vnet create
Explanation: The ‘az network vnet create’ command is used to create a new virtual network in Azure using the Azure CLI.
True or False: IP addresses within a VNet subnet can overlap with IP addresses in another subnet on the same VNet.
- True
- False
Answer: False
Explanation: IP addresses within a VNet subnet must be unique and cannot overlap with IP addresses in another subnet on the same VNet.
What is the maximum number of subnets that you can create per virtual network in Azure?
- A. 256
- B. 1024
- C. 2048
- D. 4096
Answer: C. 2048
Explanation: The maximum number of subnets that can be created per virtual network in Azure is
You cannot add virtual machines to a subnet once it is created.
- A. True
- B. False
Answer: B. False
Explanation: Even after a subnet is created, you can add virtual machines to it.
True or False: A subnet can span multiple virtual networks.
- True
- False
Answer: False
Explanation: A subnet cannot span multiple virtual networks; it must reside within a single virtual network.
Which Azure service allows for the control of the flow of data for security and efficiency within a VNet?
- A. Azure Firewall
- B. Network Security Group
- C. ExpressRoute
- D. Virtual Network Gateway
Answer: B. Network Security Group
Explanation: Network Security Group provides security and controls the flow of data in a VNet by defining rules for incoming and outgoing traffic.
True or False: Azure automatically reserves the first and last IP address in each subnet.
- True
- False
Answer: True
Explanation: The first and last IP address of every subnet is reserved for protocol conformance.
In Azure, can we change the subnet’s address range after creating it?
- A. Yes
- B. No
Answer: B. No
Explanation: After creating a subnet in Azure, its address range cannot be changed.
A virtual network provides isolation at which level in Azure’s network model?
- A. Data link layer
- B. Network layer
- C. Transport Layer
- D. Application Layer
Answer: B. Network layer
Explanation: Azure provides isolation at the network layer by segregating parts of the Azure network through virtual networks.
What type of address space is used when creating a virtual network?
- A. IPv4
- B. IPv6
- C. Both
- D. None of the above
Answer: A. IPv4
Explanation: Currently, only IPv4 address space is supported when creating a virtual network in Azure.
True or False: Azure Virtual Network supports both TCP and UDP protocols.
- True
- False
Answer: True
Explanation: Azure Virtual Network supports both TCP and UDP protocols to provide network connectivity to resources.
Interview Questions
What is a virtual network in Microsoft Azure?
A virtual network in Azure is a logically isolated network on Azure which enables Azure resources to securely communicate with each other in the cloud.
What is a subnet within an Azure Virtual Network?
A subnet in Azure is a range of IP addresses in the VNet. You can divide a VNet into multiple subnets for organization and security. Each subnet is dedicated to a specific set of related services.
What is the purpose of Network Security Group in Azure Virtual Network?
Network Security Group (NSG) is used to filter network traffic to and from Azure resources in an Azure virtual network. It allows or denies traffic based on priority, protocol, source address and port, destination address and port, and access control.
How can you connect on-premises networks and Azure Virtual Networks?
On-premises networks can connect to Azure Virtual Networks through site-to-site (S2S) VPN, ExpressRoute, or Point-to-Site (P2S) VPN.
How do you create an Azure virtual network?
An Azure virtual network is created in the Azure portal, through Azure PowerShell, or the Azure CLI. It requires providing a name for the VNet, selecting a location (region), configuring the address range, and creating one or more subnets.
How does Azure assign IP addresses to resources in a VNet?
Azure assigns private IP addresses to resources from the address range that you specify when you create a VNet and its subnets. Azure manages IP address assignment and DNS within the VNet.
How do subnets enhance network security within Azure virtual networks?
Subnets provide enhanced security by segmenting the network, reducing the potential attack surface. Network Security Groups can be assigned to subnets, enabling rule-based access control for traffic entering or exiting the subnet, further enhancing security.
What is the Azure Load Balancer and how is it related to Azure Virtual Networks?
Azure Load Balancer is a network load balancer offering high availability by distributing incoming traffic among healthy service instances in cloud services or virtual machines in a VNet.
What is the role of user-defined routes in an Azure Virtual Network?
User-defined routes affect the flow of traffic within an Azure VNet. They are helpful in manually overriding Azure’s default system routes, or adding additional routes to a subnet’s route table.
Can you change the IP address space of a Virtual Network after it is created?
Yes, you can change the IP address spaces of a Virtual Network even after its creation, you can also add or remove IP addresses from the subnets.
How can you monitor network traffic in an Azure Virtual Network?
You can monitor network traffic in an Azure VNet using Azure Network Watcher. It provides tools for network troubleshooting and performance monitoring.
What is a VNet Peering in Azure?
VNet peering in Azure is the process that connects two Azure virtual networks, enabling them to communicate with each other directly using Azure backbone network.
How do you delete a subnet in Azure?
A subnet can be deleted from the Azure portal, Azure CLI, or Azure PowerShell, but it must not be in use by any resources. It can only be deleted if there are no resources, such as virtual machines or databases.
Can you connect Virtual Networks in the same Azure region?
Yes, you can connect Virtual Networks in the same Azure region using VNet peering.
What connectivity does Azure ExpressRoute provide?
Azure ExpressRoute allows you to create private connections between Azure datacenters and infrastructure on your on-premises or in a colocation environment. This connection is private and separate from the internet for increased reliability, speed, and security.