Table of Contents
Before diving into troubleshooting, it’s important to have a grasp of the various Azure networking resources. Some of the core components include Azure Virtual Networks (VNets), Network Security Groups (NSGs), Virtual Network Gateways, Public IP addresses, Azure DNS, Load Balancers, and Network Watcher. Each of these plays a role in the external networking capabilities of your Azure environment.
Azure Network Watcher provides tools for monitoring and diagnosing conditions at a network scenario level. Some helpful tools include:
Azure Monitor can collect, analyze, and act on telemetry data from Azure and on-premises environments. Use it to:
For performance-related network issues, Azure Speed Test Tool can help determine latency from different Azure regions to your resource.
Scenario: An Azure VM is unable to connect to an external service.
Steps:
Scenario: Users report they cannot access a hosted Azure Web App from the internet.
Steps:
By following these troubleshooting steps and utilizing Azure’s robust set of networking tools, administrators can effectively address and resolve external networking issues in their Azure environment, which is an essential competency for the AZ-104 Microsoft Azure Administrator exam.
Answer: A) True
Explanation: Azure Network Watcher provides tools that allow you to monitor, diagnose, and gain insights into network performance and health, including inter-VM connection issues within the same virtual network.
Answer: D) Azure Network Watcher
Explanation: Azure Network Watcher’s DNS Lookup feature can be used to troubleshoot DNS resolution issues.
Answer: A) True
Explanation: Azure VPN Gateway is used to send encrypted traffic between an Azure virtual network and an on-premises location over the public internet, thereby establishing secure, cross-premises connectivity.
Answer: A) Network Security Group (NSG) configuration issue
Explanation: An improperly configured Network Security Group (NSG) associated with the VMs or the subnet can prevent traffic from being correctly distributed by the Azure Load Balancer.
Answer: A) True
Explanation: Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications, including URL-based routing.
Answer: A) Gateway logs and D) Gateway configuration settings
Explanation: Gateway logs and gateway configuration settings are critical when troubleshooting a site-to-site VPN connection, as they can provide detailed insights into the health and configuration of the VPN gateway.
Answer: B) False
Explanation: The “Effective Routes” feature in Network Watcher is used to display the list of all effective routes that are applied to an Azure VM, aiding in network troubleshooting, not for evaluating marketing campaigns.
Answer: B) To provide a private, dedicated, high-speed connection to Azure
Explanation: Azure ExpressRoute allows you to extend your on-premises networks into the Microsoft cloud over a private connection facilitated by a connectivity provider.
Answer: A) True
Explanation: NSG flow logs record all events related to the NSG, which can be used to troubleshoot inbound and outbound connections to Azure resources.
Answer: B) It is associated with a resource.
Explanation: If a public IP address is not reachable, one of the first things to check is whether it is correctly associated with a resource such as a VM or load balancer.
Azure Network Watcher is a service that provides monitoring and diagnostic tools for Azure networks.
Azure Network Watcher provides several benefits, including the ability to monitor network traffic, diagnose connectivity issues, and view network topology.
Azure Network Watcher provides several diagnostic tools, including packet capture, IP flow verify, and next hop.
You can use the NSG flow log feature to view traffic through a network security group and identify any issues.
You can use the VPN diagnostics feature to diagnose and troubleshoot virtual network gateways.
You can use the connection troubleshoot feature to test connectivity to a virtual machine and diagnose any connectivity issues.
You can use the Load Balancer insights feature to monitor the performance and health of a load balancer and troubleshoot any issues.
You can use the packet capture tool to capture and analyze network traffic to troubleshoot connectivity issues.
The IP flow verify tool is used to verify the flow of traffic between virtual machines and identify any connectivity issues.
You can use the topology feature to view a graphical representation of the network topology in Azure, including virtual machines, virtual networks, and subnets.
The next hop tool is used to determine the next hop IP address for traffic leaving a virtual machine or a subnet.
You can use the network security group (NSG) flow logs feature to view traffic to and from an Azure virtual machine.
You can use the DNS diagnostics feature to troubleshoot DNS issues and identify any misconfigurations.
The path visualization tool is used to visualize the network path between two virtual machines or subnets.
You can use the Azure Network Watcher CLI to perform diagnostic tests, such as testing connectivity to a virtual machine or verifying the flow of traffic through a network security group.
If this material is helpful, please leave a comment and support us to continue.