MST400-M06.pdf
Document Details
Uploaded by InvigoratingCarnelian5090
null
Tags
Full Transcript
MST400: Introduction to Microsoft Azure Administration Module 6: Network Traffic Management Hooshang Kazemi, Ph.D. Module Topics • Network Routing and Endpoints • Azure Load Balancer • Application Gateway MST400 Network Routing and Endpoints: System Routes Azure uses system routes to direct n...
MST400: Introduction to Microsoft Azure Administration Module 6: Network Traffic Management Hooshang Kazemi, Ph.D. Module Topics • Network Routing and Endpoints • Azure Load Balancer • Application Gateway MST400 Network Routing and Endpoints: System Routes Azure uses system routes to direct network traffic • Traffic between VMs in the same subnet. • Between VMs in different subnets in the same virtual network. • Data flow from VMs to the Internet. • Site-to-Site and ExpressRoute communication through the VPN gateway. A Route Table contains a set of rules, called routes, that specifies how packets should be routed in a virtual network. MST400 Network Routing and Endpoints: User-Defined Routes • User-Defined Routes (UDRs) control network traffic by defining the next hop of the traffic flow. • The hop can be a virtual network gateway, virtual network, internet, or virtual appliance. • Each route table can be associated to multiple subnets, but a subnet can only be associated to a single route table. • There are no charges for creating route tables in Microsoft Azure. MST400 Network Routing and Endpoints: Routing Example • We have a virtual network that includes three subnets. • In the DMZ subnet, there is a network virtual appliance (NVA). NVAs are VMs that help with network functions like routing and firewall optimization. • We want to ensure all traffic from the Public subnet goes through the NVA to the Private subnet. MST400 • • • • Create a Routing Table Create a Custom Route Associate the Route Table Use PowerShell to view your routing information MST400 Network Routing and Endpoints: Service Endpoints • Service endpoint provides an identity to your virtual network services. • Benefits of using Service Endpoints: • Improved security for your Azure service resources • Optimal routing for Azure service traffic from your virtual network • Endpoints always take service traffic directly from your virtual network to the service on the Microsoft Azure backbone network • Simple to set up with less management overhead MST400 Network Routing and Endpoints: Service Endpoint Services Several services are available including: • Azure Storage. Each storage account supports up to 100 virtual network rules. • Azure SQL Database and Azure SQL Data Warehouse • Azure Database for PostgreSQL server and MySQL • Azure Cosmos DB • Azure Key Vault • Azure Service Bus and Azure Event Hubs MST400 Network Routing and Endpoints: Private Link A Private Link brings services to your private virtual network by mapping it to a private endpoint eliminating data exposure to the public internet. Private Link features: • Private connectivity to services on Azure • Integration with on-premises and peered networks • Protection against data exfiltration for Azure resources • Services delivered directly to your customers’ virtual networks MST400 Azure Load Balancer The load balancer distributes inbound traffic to backend resources using load-balancing rules and health probes. • Load-balancing rules determine how traffic is distributed to the backend. • Health probes ensure the resources in the backend are healthy. • The Load Balancer can be used for inbound and outbound scenarios and scales up to millions of TCP and UDP application flows. • There are two types of load balancers: public and internal. MST400 Public Load Balancer • A public load balancer maps the public IP address and port number of incoming traffic to the private IP address and port number of the VM. • Mapping is also provided for the response traffic from the VM. MST400 Internal Load Balancer • An internal load balancer directs traffic to resources that are inside a virtual network or that use a VPN to access Azure infrastructure. Frontend IP addresses and virtual networks are never directly exposed to an internet endpoint. Types of Internal load balancing: • • • • Within a virtual network For a cross-premises virtual network For multi-tier applications. For line-of-business applications ✔ A public load balancer could be placed in front of an internal load balancer to create a multi-tier application. MST400 Load Balancer SKUs MST400 Load Balancer: Backend Pools ✔ In the Standard SKU, you can have up to 1000 instances in the backend pool. In the Basic SKU, you can have up to 100 instances. MST400 Load Balancer: Load Balancer Rules • A load balancer rule defines how traffic is distributed to the backend pool. • Load balancing rules can be used in combination with NAT rules. • Before configuring the rule, create the frontend, backend, and health probe. MST400 Load Balancer: Session Persistence • Session Persistence specifies how traffic from a client should be handled. We can select any of the following behaviors: • None (default) specifies any VM can handle the request. • Client IP specifies that successive requests from the same client IP address will be handled by the same VM. • Client IP and protocol specifies that successive requests from the same client IP address and protocol combination will be handled by the same VM. MST400 Load Balancer: Health Probes The Health Probe dynamically adds or removes VMs from the load balancer rotation based on their response to health checks. • There are two main ways to configure health probes HTTP and TCP. • HTTP custom probe. The load balancer regularly probes your endpoint (every 15 seconds, by default). The instance is healthy if it responds with an HTTP 200 within the timeout period (default is 31 sec.) • TCP custom probe. This probe relies on establishing a successful TCP session to a defined probe port. If the specified listener on the VM exists, the probe succeeds. ✔ There is also a guest agent probe that can be used when HTTP or TCP custom probe configurations are not possible. This probe uses the guest agent inside the VM. Not recommended! MST400 • Create a Load Balancer MST400 Azure Application Gateway • Application Gateway manages the requests that client applications send to a web app. • The Application Gateway uses round robin. • Load-balancing works in the OSI Layer 7. Load-balancing requests use the routing parameters (host names and paths) in the Application Gateway rules. • Uses end-to-end request encryption. • Features Autoscaling MST400 Application Gateway Routing: Path-based routing Path-based routing sends requests with different URL paths to different pools of back-end servers. MST400 Application Gateway Routing: Multiple site routing More than one web application can be configured on the same application gateway instance. • Multiple DNS names (CNAMEs) must be registered for the same IP address of the Application Gateway. • Multi-site configurations are useful for supporting multi-tenant applications, where each tenant has its own set of virtual machines or other resources hosting a web application. MST400 Application Gateway Configuration MST400 • Explore Application Gateway Configuration MST400 Thank you! MST400