Windows Azure Virtual Network Basics 4 Cheryl McGuire | Technical Writer – Microsoft Ronald Beekelaar | Founder – Virsoft Solutions
Lessons Virtual Network Basics Name Resolution (DNS) Traffic Manager This should also be a review for the 70-642.
Virtual Network Communication Basics
Windows Azure Virtual Network Your “virtual” branch office/ datacenter in the cloud Extend your Enterprise Networks into Azure networking on-ramp for migrating existing apps and services to Windows Azure Enables “hybrid” apps that span cloud and their premises A protected private virtual network in the cloud Set up secure private IPv4 networks fully contained within Windows Azure IP address persistence Inter-service DIP-to-DIP communication Windows Azure VM 1 VM 2 ROLE 1 Subnet 2 Subnet 1
DIPS and VIPS There are multiple ways to access a VM by IP address VIP – Virtual IP address An internet-facing IP address that is not bound to a specific computer or network interface card. The cloud service that the VM sits within is assigned the VIP. You can have multiple VMs in a cloud service. They share the same VIP. DIP – Dynamic IP address This IP address is dynamically assigned (via DHCP) to your virtual machine by Windows Azure. You rely on DHCP – Do NOT statically configure your IP address. Even for DCs. The IP address lease directly equates to the lifetime of the VM. If you create a virtual network, the VM will receive its DIP from that range.
IP addresses Cloud Service VIP- 137.135.64.110 VM1 VM2 Virtual Machine DIP-192.168.1.7 DIP-192.168.1.15 VM1 VM2 Think of a cloud service as a container. Every VM has either a cloud service created for it automatically, or you can choose a cloud service for it to belong to.
Inbound Through the SLB Software Load Balancer supercoffee.cloudapp.net VIP 137.135.64.110 supercoffee.cloudapp.net:55736 supercoffee.cloudapp.net:52539 DIP-192.168.1.7 DIP-192.168.1.15 Switch to quick Demo on desktop VM1 VM2
Within a Virtual Network Can communicate within VNet and within Cloud Service. V Cloud Service VIP 137.135.64.110 Cloud Service VIP 137.135.65.23 DIP-192.168.1.7 DIP-192.168.1.15 DIP-192.168.1.18 VM1 VM2 VM1 Don’t go into Vnet any more than to say it’s an IP address overlay if you want to keep traffic from needed to go out through the SLB. It also is required if you want a secure VPN. Check with Ronald on this one. The VM name can be the same host in both VMs. That’s why you need FQDN to have name resolution. Virtual Network
Multiple Virtual Networks Within a Subscription Software Load Balancer V V Cloud Service VIP 137.135.64.110 Cloud Service VIP 137.135.65.23 DIP-192.168.1.7 DIP-192.168.1.15 DIP-192.168.1.15 VM1 VM2 VM1 Can have the same IP ranges and the same hostnames. Can live on the same piece of hardware. Do not communicate directly with each other. VNet1 VNet2
No Inter-VNet Communication Software Load Balancer X X Internet standard body (IETF) as a special IP range for carrier usage 100.60.0.0/10
Secure Cross-Premises Communication Software Load Balancer X X Internet standard body (IETF) as a special IP range for carrier usage 100.60.0.0/10 In April 2012, IANA allocated 100.64.0.0/10 for use in carrier grade NAT scenarios in RFC 6598.[3] This address block should not be used either on private networks or on the public Internet: it is intended only for use within the internal operations of carrier networks. Also, things get trickier when we talk about where traffic routes to as soon as you introduce Vnet gatways. VNet Gateway VNet Gateway Company A 192.168.1.0/24 Subsidiary 192.168.1.0/24 Not on the same network No IP address overlap X X
Traffic Routing from the VNet Traffic through the gateway, or the SLB? Is it within the same VNet? Yes? Send it to the host within the VNet. No? Is it listed in Local Networks? Yes? Send through the gateway. If it’s not either of those, send it outbound through the SLB. Important- List your IP ranges in Local Networks Verify that your names are resolving to the correct destination IP
Windows Azure Name Resolution
Windows Azure provided DNS (IDNS) You can create your own hostnames You don’t need to configure anything Resolves VMs by hostname within the same cloud service Resolves VMs by FQDN within the same virtual network Machine names are modeled explicitly and registered in the DNS service Standard DNS lookups are supported
Bring your own DNS for: BYODNS Name resolution between cloud services Multiple hostnames for the same VM Cross-premises name resolution Reverse lookups (PTR) Wins and NetBios name resolution
DNS Server Requirements Requirements for your DNS server: Must accept dynamic DNS registration -DDNS Record scavenging must be off Recursion must be enabled Accessible on TCP/UDP port 53 by clients requesting resolution and by services/VMs registering their names
Specify your DNS Server Network Configuration file or Management Portal DNS Element Virtual Network Sites Element
Demo Demo hostnames and FQDN Switch to desktop Microsoft.com logon to show hostnames for the VMS. Discuss how the cloudapp name is different, but the hostname can be the same. Show NetConfig file on the desktop. Show how if you add a DNS server to the registered DNS servers, it adds it to the Netconfig file. Change order of the DNS servers and then re-export and show how the order changes.
Traffic Manager
Traffic Manager – Now Generally Available!! Build high performing cloud applications Planning for disaster recovery Upgrade Cloud Applications seamlessly DNS-based service load balancing Direct user traffic to services running across Windows Azure datacenters based on policy: Performance/latency Round-robin DR / Failover
Traffic Manager What does Traffic Manager do? Why is this useful? Allows you to control the distribution of user traffic to your cloud services. Why is this useful? It improves on the availability of your critical applications by monitoring and providing automatic failover capabilities if a service is unavailable. If you are running cloud services all over the world, it can direct users to the cloud service closest to them, improving the responsiveness of your application and delivery times. If you are doing maintenance on a cloud service and need to bring it down, it will route traffic to the other cloud services that you define in your profile. How does it work? It applies an intelligent policy engine to the Domain Name Service (DNS) queries on the domain names of your cloud services. Your cloud services can be running in the same datacenter or in different datacenters across the world.
How does Traffic Manager Work? User requests info using the company domain name. The DNS RR for the company domain points to a Traffic Manager domain in Windows Azure Traffic Manager. This is done by using a CNAME record. The Traffic Manager domain is part of the Traffic Manager profile that you create. You also create rules within this profile. The rules you select dictate the load balance method you want to use and what you want to monitor for health. Traffic Manager processes the rules and returns the DNS name of the cloud service, which is later resolved to the IP address. The User contacts the service directly, by IP address. This information is cached on the client’s computer. Thus, the client will continue to interact with the selected service until that TTL expires.
How do I configure Traffic Manager You can configure Traffic Manager in the Management Portal Create a Traffic Manager Profile Add endpoints Configure the DNS TTL Select the Load Balancing Method Round Robin Performance Failover. Be sure to adjust the failover order. Configure Monitoring. You can either monitor ‘/’ (default directory of the services) or create a file with the same name in each cloud service and allow Traffic Manager to perform an http(s) GET on the file. Then specify in Traffic Manager. Save your changes.
Demo Traffic Manager Demo Switch to desktop Microsoft.com logon to show hostnames for the VMS. Discuss how the cloudapp name is different, but the hostname can be the same. Show NetConfig file on the desktop. Show how if you add a DNS server to the registered DNS servers, it adds it to the Netconfig file. Change order of the DNS servers and then re-export and show how the order changes.
9/18/2018 8:58 AM © 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.