Posts

Assigning multiple IPs to Windows VM in Azure

Image
There are times when VM in Azure needs to have more than one IP address. It can be just secondary IP for specific service running on VM, or IP-address of load balancer that is attached to. There are couple of (well documented) ways this can be configured on Azure end, and several ways to configure OS end. When multiple IP addresses configured in Azure, the primary can be assigned via DHCP, however, that's a challenging task part to assign 2nd and subsequent IPs to VM. Here I am exploring the new way that can be simple enough and effective at the same time. Azure configuration. Nothing new here, just repeating what is already was described a lot of times.  On Azure end, there are 2 ways to get this done: assign 2nd (and all the subsequent, up to 200) IP address as a secondary IP use Attach Load Balancer to VM, and enable Floating IP (otherwise Load Balancer will use NIC IP, instead of LB IP) This is important to understand that this if IP is not configured on Azure level, it does no...
Post a Comment
Read more

Traceroute in Azure

Image
Is it possible to traceroute in Azure? Despite a lot of negative statements, it is totally possible. Take a look: IPv4: IPv6: All you need is to meet 2 conditions here: Add Network Security Group rule allowing Inbound ICMP to this VM from Any source Configure VM with explicit instance-level public IP. Here's explanation for these conditions: 1. ICMP All the NSG rules in Azure, explicit or implicit, are stateful. This includes ICMP. As you may know, traceroute works by sending IP packets with very short TTL (starting with 1). Each router on the path is decreasing TTL by one, and the router that decreases packet TTL to 0, must drop it and should send ICMP message packet TTL Expired in transit. ICMP message will return to VM from the router, not from VM we are sening probes to. But NSG rules are only ready to receive responses from the end host. Opening ICMP inbound for all the hosts allows ICMP "Expired in transit" packets to reach original VM, and work tracert properly. 2....
Post a Comment
Read more

Split-brain DNS with Privatelink domains and Internet Fallback

Image
Disclaimer: While I work for Microsoft, this article does not represent a recommended or validated architecture. It reflects my personal thoughts on a possible usage scenario. There's a new Azure Private DNS feature that allows fallback to Public DNS record if private one is not defined. Private DNS zones and the feature itself is perfectly explained in the official documentation and in blog posts of my coworkers, and I won't even try to repeat this. ( John Savill , Jose Moreno , Official Doc ) They are mostly created for Private Endpoint support for services provided by Microsoft. However, anyone can use the same feature to create Split-brain DNS for their own domain. Several use cases, besides Microsoft-provided services using Private Endpoints, that can be useful Use case 1. Corporate Split-brain DNS Imagine, you have different website versions for external and internal users. With Private DNS zones it was possible to create split DNS before, however, managing all the recor...
Post a Comment
Read more