Skip to main content

Azure Landing Zone – Networking Overview

In this blog post, we will be going through the networking overview of the Azure Landing Zone.

key design considerations and recommendations surrounding network typologies in Microsoft Azure.


Design Element :

Below are the design consideration for Azure networking and connectivity.

  • Planning for IP Addressing
  • Configure DNS
  • Define an Azure Networking Topology
  • Connectivity to Azure
  • Connectivity to other cloud providers

Planning for IP Addressing

IP address planning is a vital first step when designing a network in Azure especially if you have a hybrid environment to avoid overlapping IP address space across on-premises environment and Azure.

Design Considerations:
  • Azure reserves 5 IP address with each subnet so factor in the address space when sizing the virtual networks.
  • Some Azure service such as Application Gateway – WAF, Azure Firewall, Azure Bastion and VPN Gateway require dedicated subnets.
  • You can delegate subnets to some Azure service that can be injected into the virtual network.
  • DR - Uesgin - Project plan ( how we are going migrat foundation) ( who is going to work all storage account) ( we can deliver month)

Design Recommendation:

  • IP address space should not overlap the on-premises environment.
  • Use the non-routable, private address spaces.
  • 10.0.0.0 – 10.255.255.255 (10/8 prefix)
  • 172.16.0.0 – 172.31.255.255 (172.16/12 prefix)
  • 192.168.0.0 – 192.168.255.255 (192.168/16 prefix)
You cannot add the following address ranges:
  • 224.0.0.0/4 (Multicast)
  • 255.255.255.255/32 (Broadcast)
  • 127.0.0.0/8 (Loopback)
  • 169.254.0.0/16 (Link-local)
  • 168.63.129.16/32 (Internal DNS)
  • Plan for future growth since adding address space can cause an outage.
  • Public IP addresses should not be used for virtual networks.


Domain Name System (DNS)

Since DNS is a critical part of networking, some companies may use their exisiting DNS solution and other may adopt native Azure capabilities.

Design Considerations:
  • The maximum number of private DNS zone, which can be linked to a virtual network with auto-registration is one.
  • Be aware of the Azure Private DNS zone limits.

Design Recommendation:

  • Use Azure DNS zones for Azure related name space resolutions.
  • In a mix environment (Azure + on-premises environment), use exiting DNS services such as Active Directory integrated DNS.
  • If the Azure environment is running Azure Firewall, then DNS Proxy should be evaluated.

Azure Networking Topology

Azure Virtual WAN is a Microsoft managed solution that provided end to end global and dynamic transit connectivity.

Virtual WAN simplifies end to end network connectivity from on-premises to Azure and within Azure by creating a hub and spoke network architecture.



Connectivity to Azure

Design Considerations:
  • Azure ExpressRoute private connectivity to Azure infrastructure since the traffic is not going through the internet.
  • Private Link can be established for connectivity to Azure platform as a service (PaaS) over ExpressRoute with private peering.
Design Recommendation:
  • ExpressRoute should be used as the primary connection for connecting an on-premises environment to Azure. Furthermore, site to site VPN can be used as a backup connectivity.
  • Using a single ExpressRoute connection is the singe point of failure so use dual ExpressRoute circuits.
  • ExpressRoute/VPN Gateway come in various SKUs so choose the right SKU based on the requirements.
Connectivity to other cloud providers

Follow the below cross-cloud connectivity flow chart for choosing an option.

Option 1 – Customer manages routing.
Option 2 – A cloud exchange provider manages routing.
Option 3 – Use site to site VPN.


Design Considerations:
  • Azure virtual network can only be connected to another cloud provider’s virtual private cloud (VPC) if the private IP addresses do not overlap.
  • Site to site VPN have lower throughput and higher latency than ExpressRoute.
Design Recommendation:
  • If you do not want to use public internet, then choose option 1 and 2.
  • If ExpressRoute is not available, you can use site to site VPN with traffic going through the internet for the connection between Azure and cloud provider.
The Azure Landing Zone - Networking Overview is now complete.

Comments

Post a Comment

Popular posts from this blog

Azure Networking

Azure Network service connect cloud and on-premises infrastructure, to provide your customers and users the best possible experience Also, support your hybrid or all-in cloud strategy using networking services built on one of the largest fiber network backbones. Get the most from your Azure or open-source solutions and workloads with highly reliable performance and secure connectivity. Listed network services are available in Azure currently. Azure Virtual Network Azure Load Balancer Azure Traffic Manager Azure Express Route Azure VPN Gateway Azure DNS Azure Content Delivery Network  Azure Virtual WAN I hope this has been informative and thank you for reading! 
Post a Comment
Read more

Benefits and usage of Core Azure Architectural Components

Azure core benefits and usage of Azure Architectural Components. Azure Regions provide customer flexibility to bring application closer to the user by allowing them to choose regions closer to them as per the geographical location. Azure provides Region pairs for disaster recovery if there is any natural calamities or any one data center is down due to any technical reason, Azure Availability zone provides you a guaranteed SLA of 99.9%. The availability zone helps to recover from data center level failure. Availability Sets allows you to achieve 99.95% SLA. Availability Sets keeps application online during maintenance or hardware failure with the help of the fault domain and update domain. Azure Resource Group helps you to organize your resources. This helps to delete all the resources in one shot by deleting the resource group. Azure Resource Manager helps to create, configure, manage, delete and control access to the resource groups and all the resources under it. It provides a consi...
Post a Comment
Read more

Azure Site Recovery now supports Azure Policy in public

 Azure service updates > Azure Site Recovery now supports Azure Policy in public preview https://azure.microsoft.com/en-us/updates/asr-policy-preview/ Leverage Azure Policy to enable Azure Site Recovery for your VMs at scale and ensure organizational standards.    I hope this has been informative and thank you for reading!
Post a Comment
Read more