AZ-104T00A

Administer
Network Traffic

© Copyright Microsoft Corporation. All rights reserved.

 Configure Network Routing and Endpoints

Configure Azure Load Balancer

Configure Application Gateway

Administer
Configure Network Watcher
Network Traffic
Introduction
Lab 06 – Implement Traffic Management

© Copyright Microsoft Corporation. All rights reserved.

Configure Network Routing and Endpoints

© Copyright Microsoft Corporation. All rights reserved.

 Review System Routes

Identify User-Defined Routes

Demonstration – Custom Routing tables

• Examine a Routing Example
Configure
Network Determine Service Endpoint Uses
Routing and
Identify Private Link Uses
Endpoints
Introduction Summary and Resources

© Copyright Microsoft Corporation. All rights reserved.

Review System Routes
System routes direct network traffic
between virtual machines, on-premises
networks, and the internet: Internet
• Traffic between VMs in the
System
same subnet Route
• Between VMs in different subnets in the
same virtual network System
Route
• Data flow from VMs to the internet Frontend Subnet Backend Subnet
• Communication between VMs using a
VNet-to-VNet VPN
Routing Table
• Site-to-Site and ExpressRoute
communication through the Virtual Network
VPN gateway

© Copyright Microsoft Corporation. All rights reserved.

Identify User-Defined Routes
A route table contains a set of rules,
called routes, that specifies how Internet
packets should be routed in a virtual
network User defined
route
VM/Appliance
IP Forwarding
User-defined routes are custom
routes that control network traffic by
System
defining routes that specify the next Route
hop of the traffic flow Backend Subnet
Frontend Subnet

User defined
The next hop can be a virtual network route
VM/Appliance
gateway, virtual network, internet, or IP Forwarding
Virtual Network
virtual appliance

© Copyright Microsoft Corporation. All rights reserved.

Demonstration – Custom Routing Tables

Create a route table

Add a route

Associate a route table to a subnet

Use PowerShell to view your routing information (optional)

© Copyright Microsoft Corporation. All rights reserved.

Determine Service Endpoint Uses

Endpoints limit network access to specific

services -Adding service endpoints can
take up to 15 minutes to complete

© Copyright Microsoft Corporation. All rights reserved.

Identify Private Link Uses

Private connectivity to services In the event of a security

on Azure. Traffic remains on Integration with on-premises incident within your network,
the Microsoft network, with and peered networks only the mapped resource
no public internet access would be accessible
© Copyright Microsoft Corporation. All rights reserved.
Summary and Resources – Configure Network Routing and Endpoints

Knowledge Check Questions Microsoft Learn Modules (docs.microsoft.com/Learn)

Manage and control traffic flow in your Azure deployment

with routes (Sandbox)

Introduction to Azure Private Link

A sandbox indicates a hands-on exercise.

© Copyright Microsoft Corporation. All rights reserved.
Configure Azure Load Balancer

© Copyright Microsoft Corporation. All rights reserved.

 Choose a Load Balancer Solution

Implement a Public Load Balancer

Implement an Internal Load Balancer

Determine Load Balancer SKUs

Configure
Azure Load Create Backend Pools
Balancer
Create Load Balancer Rules
Introduction
Configure Session Persistence (optional)

Summary and Resources

© Copyright Microsoft Corporation. All rights reserved.

Choose a Load Balancer Solution
Feature Application Gateway Front Door Load Balancer Traffic Manager
Usage Optimize delivery from Scalable, security- Balance inbound and Distribute traffic
application server enhanced delivery outbound connections optimally to services
farms while increasing point for global, micro and requests to your across global Azure
application security service-based web applications or server regions, while
with web application applications. endpoints. providing high
firewall. availability and
responsiveness.
Protocols HTTP, HTTPS, HTTP2 HTTP, HTTPS, HTTP2 TCP, UDP Any
Private Yes Yes
Global Yes Yes
Env Azure, non-Azure Azure, non-Azure Azure Azure, non-Azure
cloud, on premises cloud, on premises cloud, on premises
Security WAF WAF, NSG NSG

© Copyright Microsoft Corporation. All rights reserved.

Implement a Public Load Balancer

Maps public IP addresses and port number of

Apply load balancing rules to distribute traffic
incoming traffic to the VM’s private IP address
across VMs or services
and port number, and vice versa
© Copyright Microsoft Corporation. All rights reserved.
Implement an Internal Load Balancer

Directs traffic only to resources inside

a virtual network or that use a VPN to
access Azure infrastructure

Frontend IP addresses and virtual

networks are never directly exposed to
an internet endpoint

Enables load balancing within a virtual

network, for cross-premises virtual
networks, for multi-tier applications,
and for line-of-business applications

© Copyright Microsoft Corporation. All rights reserved.

Determine Load Balancer SKUs
Feature Basic SKU Standard SKU
Backend pool Up to 300 instances Up to 1000 instances
Health probes TCP, HTTP TCP, HTTP, HTTPS
Availability zones Not available Zone-redundant and zonal
frontends for inbound and
outbound traffic
Multiple frontends Inbound only Inbound and outbound

Secure by default Open by default. NSG Closed to inbound flows

optional. unless allowed by a NSG.
Internal traffic from the virtual
network to the internal load
balancer is allowed.
SLA Not available 99.99%

© Copyright Microsoft Corporation. All rights reserved.

Create Backend Pools
 SKU Backend pool endpoints

VMs in a single availability set or

Basic SKU
VM scale set

Any VM in a single virtual network,

Standard
including a blend of VMs,
SKU
availability sets, and VM scale sets

To distribute traffic, a back-end address pool contains the

IP addresses of the virtual NICs that are connected to the load balancer

© Copyright Microsoft Corporation. All rights reserved.

Create Load Balancer Rules

Maps a frontend IP and port

combination to a set of backend pool
and port combination

Rules can be combined with NAT rules

A NAT rule is explicitly attached to a

VM (or network interface) to complete
the path to the target

© Copyright Microsoft Corporation. All rights reserved.

Configure Session Persistence (optional)

None (default) Client IP requests Client IP and protocol specifies that

Session persistence
requests can be will be handled by successive requests from the same
specifies how client
handled by any the same virtual address and protocol will be handled
traffic is handled
virtual machine machine by the same virtual machine

© Copyright Microsoft Corporation. All rights reserved.

Summary and Resources – Configure Azure Load Balancer

Knowledge Check Questions Microsoft Learn Modules (docs.microsoft.com/Learn)

Improve application scalability and resiliency by using Azure

Load Balancer (Sandbox)

Load balance non-HTTP(S) traffic in Azure

A sandbox indicates a hands-on exercise.

© Copyright Microsoft Corporation. All rights reserved.
Configure Azure Application Gateway

© Copyright Microsoft Corporation. All rights reserved.

 Implement Application Gateway

Determine Application Gateway Routing

Setup Application Gateway Components (optional)

Configure
Azure Summary and Resources
Application
Gateway
Introduction

© Copyright Microsoft Corporation. All rights reserved.

Implement Application Gateway

The web servers can be Azure virtual

Manages web Routes traffic to a pool of web servers machines, Azure virtual machine scale
app requests based on the URL of a request sets, Azure App Service, and even
on-premises servers

© Copyright Microsoft Corporation. All rights reserved.

Determine Application Gateway Routing
Path-based routing Multiple-site routing

© Copyright Microsoft Corporation. All rights reserved.

Setup Application Gateway Components (optional)
Frontend IP

Listeners

Routing rules

Backend pools

Web application
firewall (optional)

Health probes

© Copyright Microsoft Corporation. All rights reserved.

Summary and Resources – Configure Azure Application Gateway

Knowledge Check Questions Microsoft Learn Modules (docs.microsoft.com/Learn)

Introduction to Azure Application Gateway

Load balance your web service traffic with Application Gate

way
Load balance HTTP(S) traffic in Azure

Encrypt network traffic end to end with Azure Applica

tion Gateway

© Copyright Microsoft Corporation. All rights reserved.

Configure Network Watcher

© Copyright Microsoft Corporation. All rights reserved.

 Describe Network Watcher Features

Review IP Flow Verify Diagnostics

Review Next Hop Diagnostics

Visualize the Network Topology

Configure Summary and Resources

Network
Watcher
Introduction

© Copyright Microsoft Corporation. All rights reserved.

Describe Network Watcher Features
A regional service that provides various network
diagnostic and monitoring tools​

IP Flow Verify diagnoses connectivity issues

Next Hop determines if traffic is being

correctly routed

VPN Diagnostics troubleshoots gateways and

connections

NSG Flow Logs maps IP traffic through a

network security group

Connection troubleshoot shows connectivity

between source VM and destination

Topology generates a visual diagram of

resources
© Copyright Microsoft Corporation. All rights reserved.
Review IP Flow Verify Diagnostics

Checks if a packet is
allowed or denied to or
from a virtual machine

© Copyright Microsoft Corporation. All rights reserved.

Review Next Hop Diagnostics

Helps with determining whether

traffic is being directed to the
intended destination by showing
the next hop

© Copyright Microsoft Corporation. All rights reserved.

Visualize the Network Topology

Provides a visual View all the resources in a virtual The Network Watcher
representation of your network, resource to resource instance in the same region as
networking elements associations, and relationships the virtual network
between the resources
© Copyright Microsoft Corporation. All rights reserved.
Summary and Resources – Configure Network Watcher

Knowledge Check Questions Microsoft Learn Modules (docs.microsoft.com/Learn)

Introduction to Azure Network Watcher

Monitor and troubleshoot your end-to-end Azure network inf

rastructure by using network monitoring tools
Analyze your Azure infrastructure by using Azure Mo
nitor logs (Sandbox)

Monitor the performance of virtual machines using A

zure Monitor VM Insights (Sandbox)

Write your first query with Kusto Query Language

A sandbox indicates a hands-on exercise.

© Copyright Microsoft Corporation. All rights reserved.
Lab – Implement Traffic Management

© Copyright Microsoft Corporation. All rights reserved.

Lab 06 – Implement traffic management
Scenario
You are tasked with implementing a hub spoke topology for network traffic. The topology
should include an Azure Load Balancer and Azure Application Gateway.
Objectives

Task 1: Task 2: Task 3:

Provision the lab Configure the hub and Test transitivity of virtual
environment spoke network topology network peering

Task 4: Task 5: Task 6:

Configure routing in the Implement Azure Implement Azure
hub and spoke topology Load Balancer Application Gateway

Next slide for an architecture diagram

© Copyright Microsoft Corporation. All rights reserved.
Lab 06 – Architecture Diagram Task6

Task1 az104-06-rg5
az104-06-rg1

az104-06-vnet01 10.60.0.0/22

Subnet0 10.60.0.0/24 Subnet1 10.60.1.0/24 Subnet-appgw 10.60.3.224/27

az104-06-appgw5

az104-06-vm0 az104-06-pip5
az104-06-vm1
10.60.0.4 10.60.1.4

Task2, Task3

Peering Peering

Task4 Task5
Subnet0 10.62.0.0/24 Subnet0 10.63.0.0/24 Task4

az104-06-vm2 az104-06-lb4 az104-06-vm3

az104-06-rt23 az104-06-rt32
10.62.0.4 10.63.0.4

az104-06-pip4
az104-06-vnet2 10.62.0.0/22 az104-06-vnet3 10.63.0.0/22
az104-06-rg4
az104-06-rg1 az104-06-rg1

© Copyright Microsoft Corporation. All rights reserved.

End of presentation

© Copyright Microsoft Corporation. All rights reserved.