Skip to content

Latest commit

 

History

History
71 lines (60 loc) · 3.1 KB

2.5.2. Virtual Networks - Virtual Network Interface.md

File metadata and controls

71 lines (60 loc) · 3.1 KB
Raw

Virtual Network Interface

  • Groups & manages public + private IP.
    • The address for each NIC are within the same subnet.
  • Associations:
    • A VM must have at least one network interface attached to it.
    • It can have network security group associated with it.
    • It has a VNet and subnet associated with it.
  • 💡 Adding an virtual network interface does not cause any downtime.

Multiple NICs

  • Best practice recommended by Microsoft.
  • Needed for many network virtual appliances.
  • 💡 Having different front-end and back-end NIC(s) makes administration/management easier
  • Primary NIC is first NIC attached, secondary NIC(s) are the others.
  • By default outbound traffic is sent by IP from primary NIC and Load Balancer pool uses primary NIC IP.
  • ❗ Limitations
    • VM size limits how many NICs can be attached.
    • Only one NIC can have public IP.
    • The order (names) of the NICs inside the VM will be random or can be changed after Azure updates etc, but IP and MAC addresses stay the same.
    • In an availability set for each VM must use either multiple NICs or single.
      • You cannot mix.
    • Single NIC <=> Multiple NIC(s) configuration requires VM to be re-deployed.

IP addressing

  • Prefix: e.g. 10.1.0.0/24
  • ❗ Dynamic <=> static switch requires NIC to be restarted.
  • Effects subnet configuration.
    • Azure best practice is to manage subnets separately.
    • Subnet for static IPs and subnet for dynamic IPs.
      • E.g. in multi-tier application web servers and load balancers will have public IPs but internal web application data layers won't have public IPs.
      • E.g. in big infrastructure where they have one or two jump boxes that have public IPs for the purpose of doing administration.
        • A box you can RDP to and then from there access other systems inside the implementation versus giving everything a public IP.
  • Default gateway is completely managed by Azure. You cannot modify.
  • You can set custom DNS server.
    • DNS server of VM is inherited from VNet, not IP address.

Public IP

  • Used for external internet communication.
  • Azure ARM object with a globally unique name.
  • Used in: • VMs • load balancer • VPN gateway • Application Gateway.
  • Can be static or dynamic.
    • Static IP do not change and is good for:
      • DNS name resolution.
      • IP address-based security
      • SSL certificates linked to an IP
      • Firewall rules
      • Role-based VMs such as domain controllers and DNS servers
  • 📝 SKUs
    • Basic
      • Can be assigned to any Azure resource
      • Assigned to a zone and not zone redundant.
    • Standard
      • Always static.
      • ❗ Can only be assigned to: NICs, public standard load balancers
      • Zone redundant by default.

Private IP

  • Used within VNet and subnets.
  • Can be used on-premises with VPN gateway or ExpressRoute.
  • Can be static or dynamic
  • Resources: in VMs, Load balancers and Application gateway.

IP Forwarding

  • Modifies IP address to reach right target.
  • Allows transient flows. E.g. NIC3 lets a NIC1 trying to communicate with NIC2 that it has no route to but only to NIC3 by IP forwarding during routing.