John you are simply the best on the Net, another crisp explanation and to the point . I always come to your channel when i need more details on a particular subject. Thanks for all your hard work and making this possible for us to learn Azure
Great Stuff and perfect timing, much appreciated!. Me and my colleague just talked (argued) about this topic last week. We were thinking about the use cases of MS peering and private peering + private link to access PaaS resources and the differences of them.
HiJohn, your videos are amazing and I have learned a lot from them, thank you very much. I'm studying for the new SC-300 exam and I'm looking forward to seeing a video here about this exam.
Great video! I'm curious how do you keep all of this knowledge in your head haha, do you keep notes for each service? A video about how you digest knowledge would be great! 😁And thank you for the excellent content as always
Hi John, qq, there are BGP communities for actual Azure Regions, would these BGP communities include all of the services (Storage, SQL, etc.) for a given region?
@@NTFAQGuy Thanks for the quick turnaround! This means I should either apply the BGP community for the whole region or apply individual BGP community per Azure services I'd like to make reachable from the ER (rather than relying on the Internet link). Looking at the actual Azure public IP address space, I noticed that lots of regions have IPv6 addresses which wouldn't be usable (for now)
Finally a simple and clear explanation! As far as I understand, when possible it is simpler to use Microsoft peering instead of private peering. Is it right?
Hello John, in Azure Data Factory we now have option to create runtime in Azure Managed Vnet which helps us to create Private Link connections to say Storage account/ Azure SQL. But since the Vnet of ADF IR is Azure Managed how would we find out which private IP got assigned to my Storage Account. I think more secured approach is to have the Private link subnet inside the Vnet where the ADF self hosted Runtime also sits . ( and not opt for Azure Managed Network ). Not sure why would be have such a feature in ADF when eventually a Storage account would still have Public end points exposed. Thanks!
gud precise content.... in private end points too we would still have public IPs for the Pass service although not accessible apart from the private IP ? ( same like MS peering )
i'm not 100% following the question. Sometimes there is still a public IP but correct you can stop it working. There is some variation by service to specifics.
Great video. Interesting to understand how private peering and DNS forwarding will behave in hub and spoke networks with virtual hubs and FW. What's the best practice in such cases?
Hub and spoke wouldn’t really change it. The dns forward could just sit in the hub. Just be consistent in mapping private zones for spokes and hub. As you get more complex setup more considerations that are likely beyond UA-cam comment :)
Hi John, when using a private link (on a storage account), how can one verify (through metrics) traffic is actually traversing the private link and not the public IP? eg. use azcopy to copy data into storage acct. Thanks
Hello John. One quick question. Do i have to create/configure and associate to a VNet that Azure Dns Private Zone you mentioned in min 20.47 or will it be automatically configured for me?
Hrm, couldn't we use an Azure Firewall dns proxy to fwd the requests to the Azure dns server? I am thinking of the hub and spoke model. With my ER in the hub, along with my Azure Firewall, this would compliment it greatly
John you are simply the best on the Net, another crisp explanation and to the point . I always come to your channel when i need more details on a particular subject.
Thanks for all your hard work and making this possible for us to learn Azure
Wow, thanks. That is very kind.
I needed a quick refresher and now I am fully understanding...great explanation of those 3 servcies and how they fit together.
Thanks
Super super John...this solved my Paas access via ms peering + private peering combo. Thanks a lot!
Glad it helped!
Fantastic video, this subject was pretty muddy for me after reading about it on MS Learn but this cleared it up. Thanks!
Glad it was helpful!
really awesome video, thanks a lot! Please keep the ball rolling 😊
Brilliant as always. Many Thanks for all your hard work John.
Very welcome
Great Stuff and perfect timing, much appreciated!. Me and my colleague just talked (argued) about this topic last week. We were thinking about the use cases of MS peering and private peering + private link to access PaaS resources and the differences of them.
Glad I was timely :)
Excellent video. Brilliant John. 👍
Thanks
Great explanation! Thanks so much for the content!
Thanks
Thxs John, just found this! You rock sir!
Great explaination !
Would greatly appreciate a deep dive on Azure policy.
i cover policy in the governance master class lesson.
HiJohn, your videos are amazing and I have learned a lot from them, thank you very much.
I'm studying for the new SC-300 exam and I'm looking forward to seeing a video here about this exam.
Great to hear!
Great video! I'm curious how do you keep all of this knowledge in your head haha, do you keep notes for each service? A video about how you digest knowledge would be great! 😁And thank you for the excellent content as always
I keep notes on things. Creating content helps me learn it.
great video, clear precise and super easy to understand, if my network team had seen it before implementing sh..y stuff as they did
lol, well, glad it was helpful :-)
Excellent John. Well done.
Hi john - you should write a blog or something where all this info lives - would be super helpful
Learn.onboardtoazure.com
Thanks John! Another awesome video! Loved it!
Glad you enjoyed it!
Buddy you're great. Thanks for this deep dive.
Very welcome
Hi John, qq, there are BGP communities for actual Azure Regions, would these BGP communities include all of the services (Storage, SQL, etc.) for a given region?
Yes
@@NTFAQGuy Thanks for the quick turnaround! This means I should either apply the BGP community for the whole region or apply individual BGP community per Azure services I'd like to make reachable from the ER (rather than relying on the Internet link). Looking at the actual Azure public IP address space, I noticed that lots of regions have IPv6 addresses which wouldn't be usable (for now)
Finally a simple and clear explanation! As far as I understand, when possible it is simpler to use Microsoft peering instead of private peering. Is it right?
Simpler yes :) but you lose granularity and other functionality. It’s the normal “it depends” :)
Very nicely explained
Hello John, in Azure Data Factory we now have option to create runtime in Azure Managed Vnet which helps us to create Private Link connections to say Storage account/ Azure SQL. But since the Vnet of ADF IR is Azure Managed how would we find out which private IP got assigned to my Storage Account. I think more secured approach is to have the Private link subnet inside the Vnet where the ADF self hosted Runtime also sits . ( and not opt for Azure Managed Network ). Not sure why would be have such a feature in ADF when eventually a Storage account would still have Public end points exposed. Thanks!
you don't use the PE in the managed vnet. you would create your own PE to your vnet if required for app access etc.
Love your content. Can you please also show same things via az cli as well for people are are new to powershell?
Glad you like the content.
gud precise content.... in private end points too we would still have public IPs for the Pass service although not accessible apart from the private IP ? ( same like MS peering )
i'm not 100% following the question. Sometimes there is still a public IP but correct you can stop it working. There is some variation by service to specifics.
Hey John, thanks for this awesome video and others. Do you have any plan on making a video on Enterprise-scale landing zones?
Glad you like the video. I don't talk about future plans as if I do then people just continually ask why its not done yet :-)
Good advice. Thanks John :)
Great video. Interesting to understand how private peering and DNS forwarding will behave in hub and spoke networks with virtual hubs and FW. What's the best practice in such cases?
Hub and spoke wouldn’t really change it. The dns forward could just sit in the hub. Just be consistent in mapping private zones for spokes and hub. As you get more complex setup more considerations that are likely beyond UA-cam comment :)
Great video John!
Got my AZ-500 exam tomorrow. Any last minute tips?
Good luck. Take your time, attempt every question, don’t stress, it’s just a test :)
Hi John, when using a private link (on a storage account), how can one verify (through metrics) traffic is actually traversing the private link and not the public IP? eg. use azcopy to copy data into storage acct. Thanks
There are metrics you can view on the endpoint object.
John if could show us a lab on creating storage and accessing privately from onprem and also about dns stuff in lab.. That could really help us...
The ms docs have nice walkthroughs of the click by click adding private endpoint then of course expressroute or s2s vpn.
Hi john
Just want to understand how azure peering is different from service endpoints or private endpoints. I’m little confused about them.
I have other videos where I talk about this but start with the networking video of the master class
Hello John. One quick question. Do i have to create/configure and associate to a VNet that Azure Dns Private Zone you mentioned in min 20.47 or will it be automatically configured for me?
It will offer to be azure managed during endpoint creation.
Hrm, couldn't we use an Azure Firewall dns proxy to fwd the requests to the Azure dns server? I am thinking of the hub and spoke model. With my ER in the hub, along with my Azure Firewall, this would compliment it greatly
anything that acts as DNS proxy will work just fine so yes Azure Firewall with proxy forwarding to Azure DNS should be great.
Thx for the great content John!
Glad you enjoy it!
Thanks John...your an inspiration
Thanks
Is there a difference between Microsoft Peering and O365 Peering?
O365 is a workload you can enable on Microsoft peering if you get an exception
@@NTFAQGuy Thanks, Been working on getting an exception for a while but could never get a straight answer if they were the same of different.
AWESOME as usual.
Thank you! Cheers!
Great video! Keep it up.
Excellent!
merci John. When I say to myself "well I know this stuff" ==> watch John's video ==> ok need to work and dive deeper!
Lol
Awesome👍
Thanks for the visit
Superb.
Thank you