Azure Networking

  Azure for AWS Experts

https://channel9.msdn.com/Shows/TechNet+Radio/TNR1668

Return to Main Menu

Create the Virtual Network

By the Dashboard

  • Dashboard > + Create a resource > Networking > Virtual Network
    • Name
    • Address space: 10.0.0.0/16
      • Okay to use same addresses used in other vnets, but will not be able to network them together.
    • Subscription: Pay as you go
    • Subnet name: Public, private, web, application etc.
    • Subnet address range: 10.0.0.0/24
    • Resource Group: This is a tag, kind of like a project, or cloudformation stack, to group items together.

By Command Line CLI

Create the vnet

azure network vnet create <vnetName> --resource-group <resourceGroup> --location <Region> --address-prefixes "10.0.0.0/8"
To view your vnet:
azure network vnet list

Create a subnet

azure network vnet subnet create <subnetName> --resource-group <resourceGroup> --vnet-name <vnetName> --address-prefix "10.1.0.0/24"
To view everything in the new vnet:
azure network vnet show <vnetName> --resource-group <resourceGroup>
Same in JSON
azure network vnet show <vnetName> --resource-group <resourceGroup> --json
Same in JSON & find variable
azure network vnet show <vnetName> --resource-group <resourceGroup> --json | jq .location

By Template

(CloudFormation, brah!)
Locate Azure templates here: https://azure.microsoft.com/en-us/resources/templates/
https://azure.microsoft.com/en-us/resources/templates/101-vnet-two-subnets/

{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "vnetName": {
      "type": "string",
      "defaultValue": "VNet1",
      "metadata": {
        "description": "VNet name"
      }
    },
    "vnetAddressPrefix": {
      "type": "string",
      "defaultValue": "10.0.0.0/16",
      "metadata": {
        "description": "Address prefix"
      }
    },
    "subnet1Prefix": {
      "type": "string",
      "defaultValue": "10.0.0.0/24",
      "metadata": {
        "description": "Subnet 1 Prefix"
      }
    },
    "subnet1Name": {
      "type": "string",
      "defaultValue": "Subnet1",
      "metadata": {
        "description": "Subnet 1 Name"
      }
    },
    "subnet2Prefix": {
      "type": "string",
      "defaultValue": "10.0.1.0/24",
      "metadata": {
        "description": "Subnet 2 Prefix"
      }
    },
    "subnet2Name": {
      "type": "string",
      "defaultValue": "Subnet2",
      "metadata": {
        "description": "Subnet 2 Name"
      }
    }
  },
  "variables": {
    "apiVersion": "2015-06-15"
  },
  "resources": [
    {
      "apiVersion": "2015-06-15",
      "type": "Microsoft.Network/virtualNetworks",
      "name": "[parameters('vnetName')]",
      "location": "[resourceGroup().location]",
      "properties": {
        "addressSpace": {
          "addressPrefixes": [
            "[parameters('vnetAddressPrefix')]"
          ]
        },
        "subnets": [
          {
            "name": "[parameters('subnet1Name')]",
            "properties": {
              "addressPrefix": "[parameters('subnet1Prefix')]"
            }
          },
          {
            "name": "[parameters('subnet2Name')]",
            "properties": {
              "addressPrefix": "[parameters('subnet2Prefix')]"
            }
          }
        ]
      }
    }
  ]
}

Create a template from your Resource Group

  • Resource Group > Automation Script
    • This makes really ugly code.

From the CLI

This is accessed from the Automation Script screen.

#!/bin/bash
set -euo pipefail
IFS=$'\n\t'

# -e: immediately exit if any command has a non-zero exit status
# -o: prevents errors in a pipeline from being masked
# IFS new value is less likely to cause confusing bugs when looping arrays or arguments (e.g. $@)

usage() { echo "Usage: $0 -i <subscriptionId> -g <resourceGroupName> -n <deploymentName> -l <resourceGroupLocation>" 1>&2; exit 1; }

declare subscriptionId=""
declare resourceGroupName=""
declare deploymentName=""
declare resourceGroupLocation=""

# Initialize parameters specified from command line
while getopts ":i:g:n:l:" arg; do
case "${arg}" in
i)
subscriptionId=${OPTARG}
;;
g)
resourceGroupName=${OPTARG}
;;
n)
deploymentName=${OPTARG}
;;
l)
resourceGroupLocation=${OPTARG}
;;
esac
done
shift $((OPTIND-1))

#Prompt for parameters is some required parameters are missing
if [[ -z "$subscriptionId" ]]; then
echo "Your subscription ID can be looked up with the CLI using: az account show --out json "
echo "Enter your subscription ID:"
read subscriptionId
[[ "${subscriptionId:?}" ]]
fi

if [[ -z "$resourceGroupName" ]]; then
echo "This script will look for an existing resource group, otherwise a new one will be created "
echo "You can create new resource groups with the CLI using: az group create "
echo "Enter a resource group name"
read resourceGroupName
[[ "${resourceGroupName:?}" ]]
fi

if [[ -z "$deploymentName" ]]; then
echo "Enter a name for this deployment:"
read deploymentName
fi

if [[ -z "$resourceGroupLocation" ]]; then
echo "If creating a *new* resource group, you need to set a location "
echo "You can lookup locations with the CLI using: az account list-locations "

echo "Enter resource group location:"
read resourceGroupLocation
fi

#templateFile Path - template file to be used
templateFilePath="template.json"

if [ ! -f "$templateFilePath" ]; then
echo "$templateFilePath not found"
exit 1
fi

#parameter file path
parametersFilePath="parameters.json"

if [ ! -f "$parametersFilePath" ]; then
echo "$parametersFilePath not found"
exit 1
fi

if [ -z "$subscriptionId" ] || [ -z "$resourceGroupName" ] || [ -z "$deploymentName" ]; then
echo "Either one of subscriptionId, resourceGroupName, deploymentName is empty"
usage
fi

#login to azure using your credentials
az account show 1> /dev/null

if [ $? != 0 ];
then
az login
fi

#set the default subscription id
az account set --subscription $subscriptionId

set +e

#Check for existing RG
az group show $resourceGroupName 1> /dev/null

if [ $? != 0 ]; then
echo "Resource group with name" $resourceGroupName "could not be found. Creating new resource group.."
set -e
(
set -x
az group create --name $resourceGroupName --location $resourceGroupLocation 1> /dev/null
)
else
echo "Using existing resource group..."
fi

#Start deployment
echo "Starting deployment..."
(
set -x
az group deployment create --name "$deploymentName" --resource-group "$resourceGroupName" --template-file "$templateFilePath" --parameters "@${parametersFilePath}"
)

if [ $? == 0 ];
then
echo "Template has been successfully deployed"
fi

Network Security Groups

  • These are a combination of AWS Network ACLs and Security Groups
    • Statefull like Security Groups
    • Can assign both Access and Deny rules
    • Can filter on addresses, address prefixes or wildcards
  • Can be assigned at Subnet Level or VM or even per NIC
  • The ability to use smaller and fewer lists speeds up your network traffic.

Multiple NICs

  • Can assign up to 10 NICs per VM
  • Internal and External
  • MAC and IP addresses persist through VM life cycle
  • Separate frontend-backend traffic and management-data planes

MarketPlace Options

  • Load Balancers
  • Firewalls
  • etc.

Internet IP addresses and Load Balancing

Public IP Addresses

  • Can be used for instance level or load balancing

Instance Level IP

  • Internet IP addigned exclusively to a single VM.
  • Entire port range is accessible by default
  • Primarily for targeting a specific VM

Load Balanced IP (VIP)

  • Internet IP load balanced among one or more VM instances
  • Allows port redirection
  • Primarily for load balanced, highly available or autoscale scenarios

 

 

LEAVE A COMMENT