Microsoft Networking Academywith the C+E Global Black Belts
Olivier Martin (@omartin) – Networking TSP GBB
Kevin Lopez (@kevlopez) – ER Partner Sales Executive GBB
Jaime Schmidtke (@jaimesc) – ER Partner Sales Executive GBB
Eddie Villalba (@edvilla) – Networking and Open Source TSP GBB
Bryan Woodworth (@brwoodwo) – Networking TSP GBB
• Still every 2 weeks… but !
• Introductory Sessions (200 level)• Azure Networking Fundamentals (10 minutes)
• Microsoft Guest of the week (15-20 minutes)
• Partner Spotlight of the week (15-20 minutes)
• Q&A (10 minutes)
• Deep Dive Sessions (300-400 level)• Short introduction (5 minutes)
• Deeper dive topic of the week (35-45 minutes)
• Q&A (10 minutes)
• Email [email protected] to receive detailed schedules for the upcoming sessions!
• Available on Channel 9!
Microsoft Networking Academy
• Introduction!
•Deep dive on High Availability in virtual networks with your host
•Open Q&A
Agenda for March 17th, 2017
On Premise10.0.0.0/22
FW3
FW4
DC Monitoring
SAW
FW1
FW2 UDR
Azure Vnet
192.168.0.0/20
Data Tier
Web Tier
UDR
On Premise10.0.0.0/22
FW3
FW4
DC Monitoring
SAW
FW1
FW2 UDR
Azure Vnet
192.168.0.0/20
Data Tier
Web Tier
UDR
FW1
FW2 UDR
Azure virtual
network
FW1
FW2 UDR
Azure virtual
network
FW1
FW2 UDR
Azure virtual
network
On Premise10.0.0.0/22
Spoke A - 192.168.16.0/20
Spoke B - 192.168.32.0/20
VNet Peering
Spoke N - 192.168.240.0/20
Hub VNet –
DC
Monitoring
FW1 FW2 FWn
SAW
...
...
Hub VNet –
DC
Monitoring
FW1 FW2 FWn
SAW
...
Spoke A - 192.168.16.0/20
Spoke B - 192.168.32.0/20
VNet Peering
...
Hub VNet –
DC
Monitoring
FW1 FW2 FWn
SAW
...
...
Hub VNet –
DC
Monitoring
FW1 FW2 FWn
SAW
...
Availability Set
FW2
FW1 UDR
Public IP
Public IP
Availability Set
FW1 UDR
Public IP
Public IPInternet host
Availability Set
FW2
FW1 UDR
Public IP
Public IP
Availability Set
https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/dmz/nva-ha
FW2
FW1UDR
Public IP
Availability Set
FW2
FW1UDRPublic IP
Availability Set
FW1 UDR
Internet host
Public IP
Availability Set
FW2
FW1UDRPublic IP
Availability Set
FW2
FW1UDR
Client Device
Availability Set
FW2 FW3 FW4
...FW1 FWn
UDR
Ava
ilab
ility
Set
FW1 FW2 FWn
...
www
Client Device
Internet
Ava
ilab
ility
Set
FW1 FW2 FWn
...
Client Device
Internet
UDR
www
UDR
www
Ava
ilab
ility
Set
FW1 FW2 FWn
...
Client Device
Internet
UDR
www
Ava
ilab
ility
Set
FW1 FW2 FWn
...
Client Device
Internet
(PREVIEW FEATURE)
FW1
FW2 UDR
preview feature – will be GA soon
Internet
Ga
tew
aySu
bn
et
19
2.1
68.1
5.0
/24
VNet Hub 192.168.0.0/20
Hub-OutsideFW192.168.0.0/24
VNet Spoke A 192.168.16.0/20
Subnet 2 192.168.17.0/24
VM-A-2
VNet Spoke B 192.168.32.0/20
Subnet 1 192.168.32.0/24
FW
Subnet 2 192.168.33.0/24
VM-B-2
VPN Gateway
VM-H-2
Hub-Subnet 2192.168.11.0/
24
VM-H-1
Hub-Subnet 1192.168.10.0/
24
Subnet 1 192.168.16.0/24
VM-A-1
FW1
FW2 FW_n
Subnet 10.0.0.0/24
OnPrem10.0.0.0/16
VM-B-1
192.168.0.4 192.168.0.5 192.168.0.(n+4)
192.168.1.5 192.168.1.(n+4)192.168.1.4
VM-B-1
INPUT
ROUTINGLOOKUP
PREROUTING
ROUTINGLOOKUP
OUTPUT
POSTROUTINGFORWARD
INPUT
ROUTINGLOOKUP
PREROUTING
ROUTINGLOOKUP
OUTPUT
POSTROUTINGFORWARD
NAT table
CHAIN : PREROUTING
CHAIN : POSTROUTING
CHAIN : OUTPUT
Filter table
CHAIN : INPUT
CHAIN : FORWARD
CHAIN : OUTPUT
•
NAT table
CHAIN : PREROUTING
CHAIN : POSTROUTING
CHAIN : OUTPUT
target prot opt source destination
SNAT tcp -- anywhere 192.168.16.0/20 to:192.168.1.4
SNAT tcp -- anywhere 192.168.10.0/23 to:192.168.1.4
SNAT tcp -- anywhere 192.168.32.0/20 to:192.168.1.4
169.254.0.0/16 dev eth0 scope link metric 1002
169.254.0.0/16 dev eth1 scope link metric 1003
169.254.169.254 via 192.168.0.1 dev eth0 proto static
Open Q&A
