PART 2: NETWORKING SERVICES
2.1 Azure Virtual Network (VNet)
Overview
Your private network in Azure. All resources connect here.
Key Concepts
- Address Space (CIDR)
- Subnets
- NSGs (Firewall rules)
- ASGs
- Route Tables (UDR)
- Service Endpoints
- Private Endpoints
VNet Peering
- Connect VNets (non-transitive)
- Uses Microsoft backbone
- Supports Gateway Transit
Interview Q&A
Peering transitive? No.
Service vs Private Endpoint: Private Endpoint = more secure (no public access).
2.2 Azure Load Balancer
Overview
L4 load balancer for TCP/UDP traffic.
SKUs
| Feature | Basic | Standard |
|---|
| SLA | None | 99.99% |
| Zones | No | Yes |
Types
- Public Load Balancer
- Internal Load Balancer
Key Concepts
- Frontend IP
- Backend Pool
- Health Probes
- NAT Rules
- HA Ports
2.3 Azure Application Gateway
Overview
L7 load balancer with WAF.
Key Features
- URL routing
- SSL termination
- WAF protection
- Autoscaling
SKUs
| SKU | Scaling | WAF |
|---|
| Standard v2 | Auto | No |
| WAF v2 | Auto | Yes |
2.4 Azure Front Door
Overview
Global L7 load balancer with CDN capabilities.
Key Features
- Anycast routing
- Edge SSL termination
- WAF
- Caching
Comparison
| Feature | Front Door | Traffic Manager |
|---|
| Layer | L7 | DNS |
| Failover | Fast | Slow (TTL) |
2.5 Azure VPN Gateway
Overview
Encrypted connectivity between on-prem and Azure.
- Site-to-Site
- Point-to-Site
- VNet-to-VNet
Key Concepts
- GatewaySubnet
- BGP
- Active-Active mode
2.6 Azure ExpressRoute
Private dedicated connection to Azure (no internet).
2.7 Azure Firewall
Overview
Managed cloud firewall (L3–L7).
- Network Rules
- Application Rules
- NAT Rules
- Threat Intelligence
2.8 Azure DNS
DNS hosting with public and private zones.
2.9 Private Link & Private Endpoint
Secure private access to Azure services without internet.
2.10 Network Security Groups (NSGs)
Overview
L3/L4 firewall for subnet/NIC.
Rule Properties
- Priority (100–4096)
- Direction
- Protocol
- Allow/Deny
2.11 Azure Traffic Manager
Overview
DNS-based traffic routing.
Routing Methods
| Method | Description |
|---|
| Priority | Failover |
| Weighted | Load distribution |
| Performance | Lowest latency |
2.12 Azure Virtual WAN
Global networking hub for branch connectivity.
2.13 Azure Bastion
Secure RDP/SSH without public IP.
2.14 Azure CDN
Content delivery network for caching at edge.
2.15 NAT Gateway
Outbound SNAT with fixed public IP.
2.16 Network Watcher
- IP Flow Verify
- Next Hop
- Connection Troubleshoot
- Packet Capture
- Topology view