├── .gitattributes
├── .gitignore
├── README.md
├── arm
├── NetworkingLab_master.json
├── UDR_3subnets.json
├── UDR_Lab.json
├── cli_cheatsheet.sh
├── externalLB.json
├── externalLB_standard.json
├── index.php
├── internalLB.json
├── internalLB_standard.json
├── linuxNVAconfig-1nic.sh
├── linuxNVAconfig.sh
├── linuxVM.json
├── linuxVM_diagExt.json
├── multiVnetLab.json
├── nic_NSG_noSLB_PIP_static.json
├── nic_NSG_noSLB_noPIP_static.json
├── nic_noNSG_noSLB_PIP_dynamic.json
├── nic_noNSG_noSLB_PIP_static.json
├── nic_noNSG_noSLB_noPIP_dynamic.json
├── nic_noNSG_noSLB_noPIP_static.json
├── nic_nsg.json
├── nic_nsg_slb.json
├── nothing.json
├── nvaLinux_1nic_noVnet_ScaleSet.json
├── nvaLinux_1nic_noVnet_ScaleSet_ILBonly.json
├── nvaLinux_2nic_noVnet.json
├── nvaLinux_2nic_noVnet_ScaleSet.json
├── nva_2nic_noVnet.json
├── pipDynamic.json
├── slb.json
├── subnet.json
├── udr.sh
├── vnet3Subnets.json
├── vnetPeeringHubNSpoke.json
└── vpnGw.json
├── diagrams [Autosaved].pptx
├── diagrams.pptx
├── monitoring.md
├── nested_templates_info.md
├── open-source-azure-networking-READY.docx
└── pictures
├── az_shell_tmux.PNG
├── figure01.png
├── figure01v2.png
├── figure02.png
├── figure02v2.png
├── figure03.png
├── figure03v2.png
├── figure04.png
├── figure04v2.png
├── figure05.png
├── figure05v2.png
├── figure06.png
├── figure08.png
├── figure08v2.png
├── figure09.png
├── figureConnectedDevices.PNG
├── figureRG.png
├── figureVpn.png
├── figure_nva_elb.png
├── figure_nva_elbv2.png
├── labLogo.PNG
├── lb_health_metrics.png
├── lb_monitoring.PNG
└── monitor
├── art_01.png
├── art_02.png
├── art_03.png
├── art_04.png
├── art_05_vnet4.png
├── connection_monitor.png
├── connection_monitor_02.png
├── connection_monitor_02b.png
├── connection_monitor_03.png
├── connection_monitor_03b.png
├── effective_rules.png
├── insights_dark.png
├── ip_flow_verify_nva.png
├── lb01_dark.png
├── lb_health50_dark.png
├── lbinsights_metrics01_dark.png
├── lbinsights_topology01_dark.png
├── lbinsights_topology02_dark.png
├── lbinsights_topology03_dark.png
├── next_hop.png
├── nsg_diagnostics_01.png
├── nsg_diagnostics_02.png
├── nsg_diagnostics_03.png
├── nsg_diagnostics_04.png
├── packet_capture01.png
├── packet_capture01_vm5.png
└── packet_capture02.png
/.gitattributes:
--------------------------------------------------------------------------------
1 | # Auto detect text files and perform LF normalization
2 | * text=auto
3 |
4 | # Custom for Visual Studio
5 | *.cs diff=csharp
6 |
7 | # Standard to msysgit
8 | *.doc diff=astextplain
9 | *.DOC diff=astextplain
10 | *.docx diff=astextplain
11 | *.DOCX diff=astextplain
12 | *.dot diff=astextplain
13 | *.DOT diff=astextplain
14 | *.pdf diff=astextplain
15 | *.PDF diff=astextplain
16 | *.rtf diff=astextplain
17 | *.RTF diff=astextplain
18 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | # Windows image file caches
2 | Thumbs.db
3 | ehthumbs.db
4 |
5 | # Folder config file
6 | Desktop.ini
7 |
8 | # Recycle Bin used on file shares
9 | $RECYCLE.BIN/
10 |
11 | # Windows Installer files
12 | *.cab
13 | *.msi
14 | *.msm
15 | *.msp
16 |
17 | # Windows shortcuts
18 | *.lnk
19 |
20 | # =========================
21 | # Operating System Files
22 | # =========================
23 |
24 | # OSX
25 | # =========================
26 |
27 | .DS_Store
28 | .AppleDouble
29 | .LSOverride
30 |
31 | # Thumbnails
32 | ._*
33 |
34 | # Files that might appear in the root of a volume
35 | .DocumentRevisions-V100
36 | .fseventsd
37 | .Spotlight-V100
38 | .TemporaryItems
39 | .Trashes
40 | .VolumeIcon.icns
41 |
42 | # Directories potentially created on remote AFP share
43 | .AppleDB
44 | .AppleDesktop
45 | Network Trash Folder
46 | Temporary Items
47 | .apdisk
48 |
--------------------------------------------------------------------------------
/arm/UDR_3subnets.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "vnetPrefix": {
6 | "defaultValue": "10.1",
7 | "type": "string",
8 | "metadata": { "description": "first two octets of vnet prefix, assumes a /16" }
9 | },
10 | "udrName": {
11 | "defaultValue": "vnet1",
12 | "type": "string",
13 | "metadata": { "description": "Prefix for the Custom Route Table name" }
14 | },
15 | "nextHop": {
16 | "defaultValue": "10.4.1.101",
17 | "type": "string",
18 | "metadata": { "description": "Next hop for ALL routes" }
19 | }
20 | },
21 | "variables": {
22 | "subnetPrefix": {
23 | "0": "[concat(parameters('vnetPrefix'), '.0.0/24')]",
24 | "1": "[concat(parameters('vnetPrefix'), '.1.0/24')]",
25 | "2": "[concat(parameters('vnetPrefix'), '.2.0/24')]",
26 | "3": "[concat(parameters('vnetPrefix'), '.3.0/24')]"
27 | }
28 | },
29 | "resources": [
30 | {
31 | "comments": "Routing for subnet 0",
32 | "type": "Microsoft.Network/routeTables",
33 | "name": "[concat (parameters('udrName'), '-subnet0')]",
34 | "apiVersion": "2016-03-30",
35 | "location": "[resourceGroup().location]",
36 | "properties": {
37 | "routes": [
38 | {
39 | "name": "subnet1",
40 | "properties": {
41 | "addressPrefix": "[variables('subnetPrefix')['1']]",
42 | "nextHopType": "VirtualAppliance",
43 | "nextHopIpAddress": "[parameters('nextHop')]"
44 | }
45 | },
46 | {
47 | "name": "subnet2",
48 | "properties": {
49 | "addressPrefix": "[variables('subnetPrefix')['2']]",
50 | "nextHopType": "VirtualAppliance",
51 | "nextHopIpAddress": "[parameters('nextHop')]"
52 | }
53 | },
54 | {
55 | "name": "subnet3",
56 | "properties": {
57 | "addressPrefix": "[variables('subnetPrefix')['3']]",
58 | "nextHopType": "VirtualAppliance",
59 | "nextHopIpAddress": "[parameters('nextHop')]"
60 | }
61 | },
62 | {
63 | "name": "Default-Route-To-NVA",
64 | "properties": {
65 | "addressPrefix": "0.0.0.0/0",
66 | "nextHopType": "VirtualAppliance",
67 | "nextHopIpAddress": "[parameters('nextHop')]"
68 | }
69 | }
70 | ]
71 | },
72 | "resources": [],
73 | "dependsOn": []
74 | },
75 | {
76 | "comments": "Routing for subnet 1",
77 | "type": "Microsoft.Network/routeTables",
78 | "name": "[concat (parameters('udrName'), '-subnet1')]",
79 | "apiVersion": "2016-03-30",
80 | "location": "[resourceGroup().location]",
81 | "properties": {
82 | "routes": [
83 | {
84 | "name": "subnet0",
85 | "properties": {
86 | "addressPrefix": "[variables('subnetPrefix')['0']]",
87 | "nextHopType": "VirtualAppliance",
88 | "nextHopIpAddress": "[parameters('nextHop')]"
89 | }
90 | },
91 | {
92 | "name": "subnet2",
93 | "properties": {
94 | "addressPrefix": "[variables('subnetPrefix')['2']]",
95 | "nextHopType": "VirtualAppliance",
96 | "nextHopIpAddress": "[parameters('nextHop')]"
97 | }
98 | },
99 | {
100 | "name": "subnet3",
101 | "properties": {
102 | "addressPrefix": "[variables('subnetPrefix')['3']]",
103 | "nextHopType": "VirtualAppliance",
104 | "nextHopIpAddress": "[parameters('nextHop')]"
105 | }
106 | },
107 | {
108 | "name": "Default-Route-To-NVA",
109 | "properties": {
110 | "addressPrefix": "0.0.0.0/0",
111 | "nextHopType": "VirtualAppliance",
112 | "nextHopIpAddress": "[parameters('nextHop')]"
113 | }
114 | }
115 | ]
116 | },
117 | "resources": [],
118 | "dependsOn": []
119 | },
120 | {
121 | "comments": "Routing for subnet 2",
122 | "type": "Microsoft.Network/routeTables",
123 | "name": "[concat (parameters('udrName'), '-subnet2')]",
124 | "apiVersion": "2016-03-30",
125 | "location": "[resourceGroup().location]",
126 | "properties": {
127 | "routes": [
128 | {
129 | "name": "subnet0",
130 | "properties": {
131 | "addressPrefix": "[variables('subnetPrefix')['0']]",
132 | "nextHopType": "VirtualAppliance",
133 | "nextHopIpAddress": "[parameters('nextHop')]"
134 | }
135 | },
136 | {
137 | "name": "subnet2",
138 | "properties": {
139 | "addressPrefix": "[variables('subnetPrefix')['1']]",
140 | "nextHopType": "VirtualAppliance",
141 | "nextHopIpAddress": "[parameters('nextHop')]"
142 | }
143 | },
144 | {
145 | "name": "subnet3",
146 | "properties": {
147 | "addressPrefix": "[variables('subnetPrefix')['3']]",
148 | "nextHopType": "VirtualAppliance",
149 | "nextHopIpAddress": "[parameters('nextHop')]"
150 | }
151 | },
152 | {
153 | "name": "Other_vnets",
154 | "properties": {
155 | "addressPrefix": "10.0.0.0/8",
156 | "nextHopType": "VirtualAppliance",
157 | "nextHopIpAddress": "[parameters('nextHop')]"
158 | }
159 | }
160 | ]
161 | },
162 | "resources": [],
163 | "dependsOn": []
164 | }
165 | ]
166 | }
167 |
--------------------------------------------------------------------------------
/arm/UDR_Lab.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "nextHop": {
6 | "defaultValue": "10.4.1.100",
7 | "type": "string",
8 | "metadata": { "description": "Next hop for ALL routes" }
9 | }
10 | },
11 | "variables": {
12 | "vnetApiVersion": "2016-03-30"
13 | },
14 | "resources": [
15 | {
16 | "comments": "Routing for vnet1-subnet1",
17 | "type": "Microsoft.Network/routeTables",
18 | "name": "vnet1-subnet1",
19 | "apiVersion": "[variables('vnetApiVersion')]",
20 | "location": "[resourceGroup().location]",
21 | "properties": {
22 | "routes": [
23 | {
24 | "name": "vnet2",
25 | "properties": {
26 | "addressPrefix": "10.2.0.0/16",
27 | "nextHopType": "VirtualAppliance",
28 | "nextHopIpAddress": "[parameters('nextHop')]"
29 | }
30 | },
31 | {
32 | "name": "vnet3",
33 | "properties": {
34 | "addressPrefix": "10.3.0.0/16",
35 | "nextHopType": "VirtualAppliance",
36 | "nextHopIpAddress": "[parameters('nextHop')]"
37 | }
38 | },
39 | {
40 | "name": "vnet5",
41 | "properties": {
42 | "addressPrefix": "10.5.0.0/16",
43 | "nextHopType": "VirtualAppliance",
44 | "nextHopIpAddress": "[parameters('nextHop')]"
45 | }
46 | },
47 | {
48 | "name": "vnet1subnet1",
49 | "properties": {
50 | "addressPrefix": "10.1.1.0/24",
51 | "nextHopType": "VirtualAppliance",
52 | "nextHopIpAddress": "[parameters('nextHop')]"
53 | }
54 | },
55 | {
56 | "name": "ifconfig",
57 | "properties": {
58 | "addressPrefix": "188.113.88.193/32",
59 | "nextHopType": "VirtualAppliance",
60 | "nextHopIpAddress": "[parameters('nextHop')]"
61 | }
62 | }
63 | ]
64 | },
65 | "resources": [],
66 | "dependsOn": []
67 | },
68 | {
69 | "comments": "Routing for vnet2-subnet1",
70 | "type": "Microsoft.Network/routeTables",
71 | "name": "vnet2-subnet1",
72 | "apiVersion": "[variables('vnetApiVersion')]",
73 | "location": "[resourceGroup().location]",
74 | "properties": {
75 | "routes": [
76 | {
77 | "name": "vnet1",
78 | "properties": {
79 | "addressPrefix": "10.1.0.0/16",
80 | "nextHopType": "VirtualAppliance",
81 | "nextHopIpAddress": "[parameters('nextHop')]"
82 | }
83 | },
84 | {
85 | "name": "vnet3",
86 | "properties": {
87 | "addressPrefix": "10.3.0.0/16",
88 | "nextHopType": "VirtualAppliance",
89 | "nextHopIpAddress": "[parameters('nextHop')]"
90 | }
91 | },
92 | {
93 | "name": "vnet5",
94 | "properties": {
95 | "addressPrefix": "10.5.0.0/16",
96 | "nextHopType": "VirtualAppliance",
97 | "nextHopIpAddress": "[parameters('nextHop')]"
98 | }
99 | },
100 | {
101 | "name": "ifconfig",
102 | "properties": {
103 | "addressPrefix": "188.113.88.193/32",
104 | "nextHopType": "VirtualAppliance",
105 | "nextHopIpAddress": "[parameters('nextHop')]"
106 | }
107 | }
108 | ]
109 | },
110 | "resources": [],
111 | "dependsOn": []
112 | },
113 | {
114 | "comments": "Routing for vnet3-subnet1",
115 | "type": "Microsoft.Network/routeTables",
116 | "name": "vnet3-subnet1",
117 | "apiVersion": "[variables('vnetApiVersion')]",
118 | "location": "[resourceGroup().location]",
119 | "properties": {
120 | "routes": [
121 | {
122 | "name": "vnet1",
123 | "properties": {
124 | "addressPrefix": "10.1.0.0/16",
125 | "nextHopType": "VirtualAppliance",
126 | "nextHopIpAddress": "[parameters('nextHop')]"
127 | }
128 | },
129 | {
130 | "name": "vnet2",
131 | "properties": {
132 | "addressPrefix": "10.2.0.0/16",
133 | "nextHopType": "VirtualAppliance",
134 | "nextHopIpAddress": "[parameters('nextHop')]"
135 | }
136 | },
137 | {
138 | "name": "vnet5",
139 | "properties": {
140 | "addressPrefix": "10.5.0.0/16",
141 | "nextHopType": "VirtualAppliance",
142 | "nextHopIpAddress": "[parameters('nextHop')]"
143 | }
144 | },
145 | {
146 | "name": "ifconfig",
147 | "properties": {
148 | "addressPrefix": "188.113.88.193/32",
149 | "nextHopType": "VirtualAppliance",
150 | "nextHopIpAddress": "[parameters('nextHop')]"
151 | }
152 | }
153 | ]
154 | },
155 | "resources": [],
156 | "dependsOn": []
157 | },
158 | {
159 | "comments": "Routing for vnet4-GatewaySubnet",
160 | "type": "Microsoft.Network/routeTables",
161 | "name": "vnet4-GatewaySubnet",
162 | "apiVersion": "[variables('vnetApiVersion')]",
163 | "location": "[resourceGroup().location]",
164 | "properties": {
165 | "routes": [
166 | {
167 | "name": "vnet1",
168 | "properties": {
169 | "addressPrefix": "10.1.0.0/16",
170 | "nextHopType": "VirtualAppliance",
171 | "nextHopIpAddress": "[parameters('nextHop')]"
172 | }
173 | },
174 | {
175 | "name": "vnet2",
176 | "properties": {
177 | "addressPrefix": "10.2.0.0/16",
178 | "nextHopType": "VirtualAppliance",
179 | "nextHopIpAddress": "[parameters('nextHop')]"
180 | }
181 | },
182 | {
183 | "name": "vnet3",
184 | "properties": {
185 | "addressPrefix": "10.3.0.0/16",
186 | "nextHopType": "VirtualAppliance",
187 | "nextHopIpAddress": "[parameters('nextHop')]"
188 | }
189 | }
190 | ]
191 | },
192 | "resources": [],
193 | "dependsOn": []
194 | },
195 | {
196 | "comments": "Redeploy myVnet4 with UDR",
197 | "type": "Microsoft.Network/virtualNetworks",
198 | "name": "myVnet4",
199 | "apiVersion": "[variables('vnetApiVersion')]",
200 | "location": "[resourceGroup().location]",
201 | "properties": {
202 | "addressSpace": {
203 | "addressPrefixes": [
204 | "10.4.0.0/16"
205 | ]
206 | },
207 | "subnets": [
208 | {
209 | "name": "GatewaySubnet",
210 | "properties": {
211 | "addressPrefix": "10.4.0.0/24",
212 | "routeTable": {
213 | "id": "[resourceId('Microsoft.Network/routeTables', 'vnet4-GatewaySubnet')]"
214 | }
215 | }
216 | },
217 | {
218 | "name": "myVnet4Subnet1",
219 | "properties": {
220 | "addressPrefix": "10.4.1.0/24"
221 | }
222 | },
223 | {
224 | "name": "myVnet4Subnet1",
225 | "properties": {
226 | "addressPrefix": "10.4.3.0/24"
227 | }
228 | },
229 | {
230 | "name": "myVnet4Subnet3",
231 | "properties": {
232 | "addressPrefix": "10.4.3.0/24"
233 | }
234 | }
235 | ]
236 | },
237 | "resources": [],
238 | "dependsOn": [
239 | "vnet4-GatewaySubnet"
240 | ]
241 | },
242 | {
243 | "comments": "Redeploy myVnet1, myVnet2 and myVnet3 with UDR",
244 | "type": "Microsoft.Network/virtualNetworks",
245 | "name": "[concat('myVnet', copyIndex(1))]",
246 | "apiVersion": "[variables('vnetApiVersion')]",
247 | "location": "[resourceGroup().location]",
248 | "properties": {
249 | "addressSpace": {
250 | "addressPrefixes": [
251 | "[concat('10.', copyIndex(1), '.0.0/16')]"
252 | ]
253 | },
254 | "subnets": [
255 | {
256 | "name": "GatewaySubnet",
257 | "properties": {
258 | "addressPrefix": "[concat('10.', copyIndex(1), '.0.0/24')]"
259 | }
260 | },
261 | {
262 | "name": "[concat('myVnet', copyIndex(1), 'Subnet1')]",
263 | "properties": {
264 | "addressPrefix": "[concat('10.', copyIndex(1), '.1.0/24')]",
265 | "routeTable": {
266 | "id": "[resourceId('Microsoft.Network/routeTables', concat('vnet',copyIndex(1), '-subnet1'))]"
267 | }
268 | }
269 | },
270 | {
271 | "name": "[concat('myVnet', copyIndex(1), 'Subnet2')]",
272 | "properties": {
273 | "addressPrefix": "[concat('10.', copyIndex(1), '.2.0/24')]"
274 | }
275 | },
276 | {
277 | "name": "[concat('myVnet', copyIndex(1), 'Subnet3')]",
278 | "properties": {
279 | "addressPrefix": "[concat('10.', copyIndex(1), '.3.0/24')]"
280 | }
281 | }
282 | ]
283 | },
284 | "resources": [],
285 | "dependsOn": [
286 | "vnet1-subnet1",
287 | "vnet2-subnet1",
288 | "vnet3-subnet1"
289 | ],
290 | "copy": {
291 | "count": 3,
292 | "name": "vnets123"
293 | }
294 | }
295 | ]
296 | }
297 |
--------------------------------------------------------------------------------
/arm/cli_cheatsheet.sh:
--------------------------------------------------------------------------------
1 | # Azure CLI lab cheat sheet (for Linux)
2 |
3 | # Lab initialization
4 | az group create -n vnetTest -l westeurope
5 | az configure --defaults group=vnetTest
6 | url='https://raw.githubusercontent.com/erjosito/azure-networking-lab/master/arm/NetworkingLab_master.json'
7 | # Option 1: default (all vnets in one location)
8 | az group deployment create -n netLabDeployment --template-uri $url -g vnetTest --parameters '{"adminPassword":{"value":"Microsoft123!"}}'
9 | # Option 2: with Vnet 3 in a separate location
10 | az group deployment create -n netLabDeployment --template-uri $url -g vnetTest --parameters '{"adminPassword":{"value":"Microsoft123!"}, "location2ary":{"value": "westus2"}, "location2aryVnets":{"value": [3]}}'
11 |
12 | # Verify LB SKUs
13 | az network lb list --query [].[name,sku.name] -o table
14 |
15 | # Configure routing pointing to the ILB
16 | next_hop='10.4.2.100'
17 | az network route-table create --name vnet1-subnet1
18 | az network vnet subnet update -n myVnet1Subnet1 --vnet-name myVnet1 --route-table vnet1-subnet1
19 | az network route-table route create --address-prefix 10.2.0.0/16 --next-hop-ip-address $next_hop --next-hop-type VirtualAppliance --route-table-name vnet1-subnet1 -n vnet2
20 | az network route-table route create --address-prefix 10.1.1.0/24 --next-hop-ip-address $next_hop --next-hop-type VirtualAppliance --route-table-name vnet1-subnet1 -n vnet1-subnet1
21 |
22 | az network route-table create --name vnet2-subnet1
23 | az network vnet subnet update -n myVnet2Subnet1 --vnet-name myVnet2 --route-table vnet2-subnet1
24 | az network route-table route create --address-prefix 10.1.0.0/16 --next-hop-ip-address $next_hop --next-hop-type VirtualAppliance --route-table-name vnet2-subnet1 -n vnet1
25 | az network route-table route create --address-prefix 0.0.0.0/0 --next-hop-ip-address $next_hop --next-hop-type VirtualAppliance --route-table-name vnet2-subnet1 -n default
26 |
27 | az network route-table create --name vnet3-subnet1 -l westus2
28 | az network vnet subnet update -n myVnet3Subnet1 --vnet-name myVnet3 --route-table vnet3-subnet1
29 | az network route-table route create --address-prefix 10.1.0.0/16 --next-hop-ip-address $next_hop --next-hop-type VirtualAppliance --route-table-name vnet3-subnet1 -n vnet1
30 | az network route-table route create --address-prefix 10.2.0.0/16 --next-hop-ip-address $next_hop --next-hop-type VirtualAppliance --route-table-name vnet3-subnet1 -n vnet2
31 | az network route-table route create --address-prefix 10.3.0.0/16 --next-hop-ip-address $next_hop --next-hop-type VirtualAppliance --route-table-name vnet1-subnet1 -n vnet3
32 | az network route-table route create --address-prefix 10.3.0.0/16 --next-hop-ip-address $next_hop --next-hop-type VirtualAppliance --route-table-name vnet2-subnet1 -n vnet3
33 |
34 | # Verify effective routing
35 | az network nic show-effective-route-table -n myVnet3-vm1-nic
36 | az network nic show-effective-route-table -n myVnet3-vm1-nic | jq -r '.value[] | "\(.addressPrefix)\t\(.nextHopIpAddress)\t\(.nextHopType)"'
37 |
38 | # Configure ILB
39 | az network nic ip-config address-pool add --ip-config-name linuxnva-1-nic0-ipConfig --nic-name linuxnva-1-nic0 --address-pool linuxnva-slbBackend-int --lb-name linuxnva-slb-int
40 | az network nic ip-config address-pool add --ip-config-name linuxnva-2-nic0-ipConfig --nic-name linuxnva-2-nic0 --address-pool linuxnva-slbBackend-int --lb-name linuxnva-slb-int
41 | az network lb address-pool list --lb-name linuxnva-slb-int -o table --query [].backendIpConfigurations[].id
42 |
43 | # NSG (to bring one of the firewalls out of the ILB rotation)
44 | az network nsg rule create --nsg-name linuxnva-1-nic0-nsg -n deny_all_in --priority 100 --access Deny --direction Inbound --protocol "*" --source-address-prefixes "*" --source-port-ranges "*" --destination-address-prefixes "*" --destination-port-ranges "*"
45 | az network nsg rule list --nsg-name linuxnva-1-nic0-nsg -o table
46 | az network nsg rule delete -n deny_all_in --nsg-name linuxnva-1-nic0-nsg
47 |
48 | # Configure ELB (outbound NAT)
49 | az network nic ip-config address-pool add --ip-config-name linuxnva-1-nic0-ipConfig --nic-name linuxnva-1-nic0 --address-pool linuxnva-slbBackend-ext --lb-name linuxnva-slb-ext
50 | az network nic ip-config address-pool add --ip-config-name linuxnva-2-nic0-ipConfig --nic-name linuxnva-2-nic0 --address-pool linuxnva-slbBackend-ext --lb-name linuxnva-slb-ext
51 | az network lb address-pool list --lb-name linuxnva-slb-ext -o table --query [].backendIpConfigurations[].id
52 | az network nic update -n linuxnva-1-nic0 --network-security-group ""
53 | az network nic show -n linuxnva-1-nic0 --query networkSecurityGroup
54 | az network nic update -n linuxnva-2-nic0 --network-security-group ""
55 | az network nic show -n linuxnva-2-nic0 --query networkSecurityGroup
56 | az network nic update -n linuxnva-1-nic0 --network-security-group 'linuxnva-1-nic0-nsg'
57 | az network nic update -n linuxnva-2-nic0 --network-security-group 'linuxnva-2-nic0-nsg'
58 | az network nsg rule list --nsg-name linuxnva-1-nic0-nsg -o table --include-default
59 | az network nsg rule create --nsg-name linuxnva-1-nic0-nsg -n allow_vnet_internet --priority 110 --access Allow --direction Inbound --protocol "Tcp" --source-address-prefix "VirtualNetwork" --source-port-ranges "*" --destination-address-prefixes "*" --destination-port-ranges "80-80"
60 |
61 | # Additional tests (not in the lab guide)
62 | # Delete/Recreate outbound NAT rule in the ELB
63 | # You can use this to attach an ELB to a second NIC of an NVA
64 | az network lb outbound-rule delete -g vnetTest --lb-name linuxnva-slb-ext -n myrule
65 | az network lb rule create -g vnetTest --lb-name linxnva-slb-ext -n mylbrule --frontend-ip-name myFrontendConfig --backend-pool-name linuxnva-slbBackend-ext --protocol All --frontend-port 0 --backend-port 0
66 | # Create PIP/frontend/LB-rule in the external LB, and allow Internet SSH
67 | az network public-ip create -g vnetTest -n linuxnva-slbPip-ext2 --sku Standard --allocation-method Static
68 | az network lb frontend-ip create -g vnetTest -n myFrontendConfig2 --lb-name linuxnva-slb-ext --public-ip-addres linuxnva-slbPip-ext2
69 | az network lb rule create -g vnetTest --lb-name linuxnva-slb-ext -n mylbrule --frontend-ip-name myFrontendConfig2 --backend-pool-name linuxnva-slbBackend-ext --protocol Tcp --frontend-port 1022 --backend-port 22
70 | az network nsg rule create --nsg-name linuxnva-1-nic0-nsg -n allow_ssh_in --priority 120 --access Allow --direction Inbound --protocol "Tcp" --source-address-prefix Internet --source-port-ranges "*" --destination-address-prefixes "*" --destination-port-ranges "22-22"
71 | az network nsg rule create --nsg-name linuxnva-2-nic0-nsg -n allow_ssh_in --priority 120 --access Allow --direction Inbound --protocol "Tcp" --source-address-prefix Internet --source-port-ranges "*" --destination-address-prefixes "*" --destination-port-ranges "22-22"
72 |
73 | # Remove LB from IP Config
74 | lbname=linuxnva-slb-int
75 | nic=linuxnva-1-nic0
76 | az network nic ip-config address-pool remove -g vnetTest --ip-config-name "$nic-ipConfig" --nic-name $nic --address-pool linuxnva-slbBackend-int --lb-name $lbname
77 | az network lb address-pool list --lb-name $lbname -o table --query [].backendIpConfigurations[].id
78 |
79 | ########
80 | # VMSS #
81 | ########
82 | vmss_url='https://raw.githubusercontent.com/erjosito/azure-networking-lab/master/arm/nvaLinux_1nic_noVnet_ScaleSet.json'
83 | az group deployment create -n vmssDeployment -g vnetTest --template-uri $vmss_url --parameters '{"vmPwd":{"value":"Microsoft123!"}}'
84 | az network lb outbound-rule create --lb-name linuxnva-vmss-slb-ext -n myoutboundnat --frontend-ip-configs myFrontendConfig --protocol All --idle-timeout 15 --outbound-ports 10000 --address-pool linuxnva-vmss-slbBackend-ext
85 | az network route-table route update --route-table-name vnet1-subnet1 -n vnet1 --next-hop-ip-address 10.4.2.200 --next-hop-type VirtualAppliance
86 | az network route-table route update --route-table-name vnet1-subnet1 -n vnet2 --next-hop-ip-address 10.4.2.200 --next-hop-type VirtualAppliance
87 | az network route-table route update --route-table-name vnet2-subnet1 -n vnet1 --next-hop-ip-address 10.4.2.200 --next-hop-type VirtualAppliance
88 | az network route-table route update --route-table-name vnet2-subnet1 -n default --next-hop-ip-address 10.4.2.200
89 |
90 | # VMSS instances
91 | az vmss list-instances -n nva-vmss -o table
92 | az vmss nic list-vm-nics --vmss-name nva-vmss --instance-id 0 --query [].ipConfigurations[].privateIpAddress -o tsv
93 | az vmss nic list-vm-nics --vmss-name nva-vmss --instance-id 3 --query [].ipConfigurations[].privateIpAddress -o tsv
94 |
95 | # Verify ILB
96 | az network lb frontend-ip list --lb-name linuxnva-vmss-slb-int -o table # Next-hop of UDRs
97 | az network lb rule list --lb-name linuxnva-vmss-slb-int -o table # HA-Ports rule
98 | az network lb address-pool list --lb-name linuxnva-vmss-slb-int -o table --query [].backendIpConfigurations[].id # At least 2 NVAs
99 |
100 | # Verify ELB
101 | az network lb frontend-ip list --lb-name linuxnva-vmss-slb-ext -o table # For egress SNAT, for LB rule
102 | az network lb address-pool list --lb-name linuxnva-vmss-slb-ext -o table --query [].backendIpConfigurations[].id # At least 2 NVAs
103 | az network lb outbound-rule list --lb-name linuxnva-vmss-slb-ext -o table # Not in the README.md
104 | az network lb rule list --lb-name linuxnva-vmss-slb-ext -o table # For inbound traffic
105 | az network lb probe create --lb-name linuxnva-vmss-slb-ext -n myProbe --protocol tcp --port 1138
106 | az network lb rule create --lb-name linuxnva-vmss-slb-ext -n sshLbRule --disable-outbound-snat true --floating-ip false --frontend-ip-name myFrontendConfig --probe myProbe --backend-pool-name linuxnva-vmss-slbBackend-ext --protocol tcp --frontend-port 22 --backend-port 1022
107 | # Modify LB rule
108 | az network lb rule update --lb-name linuxnva-vmss-slb-ext -n sshLbRule --floating-ip true
109 |
110 | # NSG on VMSS (none assigned)
111 | az vmss show -n nva-vmss --query virtualMachineProfile.networkProfile.networkInterfaceConfigurations[0].networkSecurityGroup
112 | # Create one NSG and assign it to the VMSS
113 | az network nsg create -n nva-vmss-nsg
114 | az network nsg rule create --nsg-name nva-vmss-nsg -n HTTP --priority 500 --source-address-prefixes '*' --destination-port-ranges 80 --destination-address-prefixes '*' --access Allow --protocol Tcp --description "Allow Port 80"
115 | az network nsg rule create --nsg-name nva-vmss-nsg -n SSH --priority 520 --source-address-prefixes '*' --destination-port-ranges 22 --destination-address-prefixes '*' --access Allow --protocol Tcp --description "Allow Port 22"
116 | az network nsg rule create --nsg-name nva-vmss-nsg -n SSH1022 --priority 540 --source-address-prefixes '*' --destination-port-ranges 1022 --destination-address-prefixes '*' --access Allow --protocol Tcp --description "Allow Port 22"
117 | nsgid=$(az network nsg show -n nva-vmss-nsg -o tsv --query id)
118 | az vmss update -n nva-vmss --set virtualMachineProfile.networkProfile.networkInterfaceConfigurations[0].networkSecurityGroup="{ \"id\": \"$nsgid\" }"
119 | az vmss update-instances --name nva-vmss --instance-ids "*"
120 |
121 | ############
122 | # UDR #
123 | ############
124 |
125 | # Update to single NVA
126 | next_hop=10.4.2.101
127 | az network route-table route update --route-table-name vnet1-subnet1 -n vnet1-subnet1 --next-hop-ip-address $next_hop --next-hop-type VirtualAppliance
128 | az network route-table route update --route-table-name vnet1-subnet1 -n vnet2 --next-hop-ip-address $next_hop --next-hop-type VirtualAppliance
129 | az network route-table route update --route-table-name vnet1-subnet1 -n vnet3 --next-hop-ip-address $next_hop --next-hop-type VirtualAppliance
130 | az network route-table route update --route-table-name vnet2-subnet1 -n default --next-hop-ip-address $next_hop --next-hop-type VirtualAppliance
131 | az network route-table route update --route-table-name vnet2-subnet1 -n vnet1 --next-hop-ip-address $next_hop --next-hop-type VirtualAppliance
132 | az network route-table route update --route-table-name vnet2-subnet1 -n vnet3 --next-hop-ip-address $next_hop --next-hop-type VirtualAppliance
133 | az network route-table route update --route-table-name vnet3-subnet1 -n vnet1 --next-hop-ip-address $next_hop --next-hop-type VirtualAppliance
134 | az network route-table route update --route-table-name vnet3-subnet1 -n vnet2 --next-hop-ip-address $next_hop --next-hop-type VirtualAppliance
135 |
136 | ############
137 | # VPN #
138 | ############
139 | az network vnet-gateway create --name vnet4Gw --vnet myVnet4 --public-ip-addresses vnet4gwPip --sku VpnGw1 --asn 65504
140 | az network vnet-gateway create --name vnet5Gw --vnet myVnet5 --public-ip-addresses vnet5gwPip --sku VpnGw1 --asn 65505
141 |
142 | az network route-table route update --next-hop-ip-address 10.4.0.4 --route-table-name vnet1-subnet1 -n vnet2
143 | az network route-table route update --next-hop-ip-address 10.4.0.4 --route-table-name vnet2-subnet1 -n vnet1
144 |
145 | az network vpn-connection create -n 4to5 --vnet-gateway1 vnet4gw --enable-bgp --shared-key Microsoft123 --vnet-gateway2 vnet5gw
146 | az network vpn-connection create -n 5to4 --vnet-gateway1 vnet5gw --enable-bgp --shared-key Microsoft123 --vnet-gateway2 vnet4gw
147 |
148 | az network vnet peering update --vnet-name myVnet4 -g vnetTest --name LinkTomyVnet1 --set allowGatewayTransit=true
149 | az network vnet peering update --vnet-name myVnet4 -g vnetTest --name LinkTomyVnet2 --set allowGatewayTransit=true
150 | az network vnet peering update --vnet-name myVnet4 -g vnetTest --name LinkTomyVnet3 --set allowGatewayTransit=true
151 | az network vnet peering update --vnet-name myVnet1 -g vnetTest --name LinkTomyVnet4 --set useRemoteGateways=true
152 | az network vnet peering update --vnet-name myVnet2 -g vnetTest --name LinkTomyVnet4 --set useRemoteGateways=true
153 | az network vnet peering update --vnet-name myVnet3 -g vnetTest --name LinkTomyVnet4 --set useRemoteGateways=true
154 |
155 | ############
156 | # iptables #
157 | ############
158 | sudo iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
159 | sudo iptables -t nat -A POSTROUTING -o eth0 ! -s 10.0.0.0/255.0.0.0 -j MASQUERADE
160 | # DNAT:
161 | sudo iptables -t nat -A PREROUTING -p tcp --dport 1022 -j DNAT --to-destination 10.1.1.5:22
162 | sudo iptables -t nat -A PREROUTING -d 51.105.174.182 -p tcp --dport 1022 -j DNAT --to-destination 10.1.1.5:22 # Specifying the dst IP not strictly required
163 |
164 | #########
165 | # OTHER #
166 | #########
167 |
168 | # Deploy standard ELB
169 | lburl='https://raw.githubusercontent.com/erjosito/azure-networking-lab/master/arm/externalLB_standard.json'
170 | az group deployment create -n elbDeploy -g vnetTest --template-uri $lburl
171 |
172 | ############
173 | # Clean up #
174 | ############
175 | az group delete -n vnetTest -y --no-wait
176 |
--------------------------------------------------------------------------------
/arm/externalLB.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "vnetName": {
6 | "defaultValue": "myVnet",
7 | "type": "string"
8 | },
9 | "subnetName": {
10 | "defaultValue": "serverSubnet",
11 | "type": "string"
12 | },
13 | "slbName": {
14 | "defaultValue": "mySLB",
15 | "type": "string"
16 | },
17 | "backendConfigName": {
18 | "defaultValue": "myBackendConfig",
19 | "type": "string"
20 | },
21 | "ipPrefix": {
22 | "defaultValue": "not used",
23 | "type": "string"
24 | },
25 | "vipSuffix": {
26 | "defaultValue": "not used",
27 | "type": "string"
28 | },
29 | "pipName": {
30 | "defaultValue": "myPublicIp",
31 | "type": "string"
32 | },
33 | "pipSku": {
34 | "defaultValue": "basic",
35 | "type": "string",
36 | "allowedValues": ["basic", "standard"]
37 | },
38 | "frontendPort": {
39 | "defaultValue": 1022,
40 | "type": "int",
41 | "metadata": { "description": "Port that will configured in the TCP-based probe" }
42 | },
43 | "backendPort": {
44 | "defaultValue": 22,
45 | "type": "int",
46 | "metadata": { "description": "Backend TCP port" }
47 | },
48 | "probePort": {
49 | "defaultValue": 22,
50 | "type": "int",
51 | "metadata": { "description": "TCP port that will configured in the TCP-based probe" }
52 | },
53 | "ruleName": {
54 | "defaultValue": "ssh",
55 | "type": "string"
56 | },
57 | "dsr": {
58 | "defaultValue": "false",
59 | "type": "string",
60 | "metadata": { "description": "whether Direct Server Return, aka Floating IP, is enabled or not" }
61 | }
62 | },
63 | "variables": {
64 | "frontendConfigName": "myFrontendConfig",
65 | "probeName": "myProbe",
66 | "dsrBoolHash": {
67 | "true": true,
68 | "false": false
69 | },
70 | "dsrBool": "[variables('dsrBoolHash')[parameters('dsr')]]"
71 | },
72 | "resources": [
73 | {
74 | "comments": "Public IP address",
75 | "type": "Microsoft.Network/publicIPAddresses",
76 | "name": "[parameters('pipName')]",
77 | "sku": {
78 | "name": "[parameters('pipSku')]",
79 | "tier": "Regional"
80 | },
81 | "apiVersion": "2018-02-01",
82 | "location": "[resourceGroup().location]",
83 | "properties": {
84 | "publicIPAllocationMethod": "[if(equals(parameters('pipSku'), 'basic'), 'Dynamic', 'Static')]",
85 | "idleTimeoutInMinutes": 4
86 | },
87 | "resources": [],
88 | "dependsOn": []
89 | },
90 | {
91 | "comments": "External Load Balancer",
92 | "type": "Microsoft.Network/loadBalancers",
93 | "name": "[parameters('slbName')]",
94 | "apiVersion": "2017-08-01",
95 | "location": "[resourceGroup().location]",
96 | "properties": {
97 | "frontendIPConfigurations": [
98 | {
99 | "name": "[variables('frontendConfigName')]",
100 | "properties": {
101 | "privateIPAllocationMethod": "Dynamic",
102 | "publicIpAddress": {
103 | "id": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('pipName'))]"
104 | }
105 | }
106 | }
107 | ],
108 | "backendAddressPools": [
109 | {
110 | "name": "[parameters('backendConfigName')]"
111 | }
112 | ],
113 | "loadBalancingRules": [
114 | {
115 | "name": "[parameters('ruleName')]",
116 | "properties": {
117 | "frontendIPConfiguration": {
118 | "id": "[concat( resourceId('Microsoft.Network/loadBalancers', parameters('slbName')), '/frontendIPConfigurations/', variables('frontendConfigName'))]"
119 | },
120 | "frontendPort": "[parameters('frontendport')]",
121 | "backendPort": "[parameters('backendport')]",
122 | "enableFloatingIP": "[variables('dsrBool')]",
123 | "idleTimeoutInMinutes": 4,
124 | "protocol": "Tcp",
125 | "loadDistribution": "Default",
126 | "backendAddressPool": {
127 | "id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('slbName')), '/backendAddressPools/', parameters('backendConfigName'))]"
128 | },
129 | "probe": {
130 | "id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('slbName')), '/probes/', variables('probeName'))]"
131 | }
132 | }
133 | }
134 | ],
135 | "probes": [
136 | {
137 | "name": "[variables('probeName')]",
138 | "properties": {
139 | "protocol": "Tcp",
140 | "port": "[parameters('probePort')]",
141 | "intervalInSeconds": 15,
142 | "numberOfProbes": 2
143 | }
144 | }
145 | ],
146 | "inboundNatRules": [],
147 | "outboundNatRules": [],
148 | "inboundNatPools": []
149 | },
150 | "resources": [],
151 | "dependsOn": [
152 | "[parameters('pipName')]"
153 | ]
154 | }
155 | ]
156 | }
--------------------------------------------------------------------------------
/arm/externalLB_standard.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "vnetName": {
6 | "defaultValue": "myVnet",
7 | "type": "string"
8 | },
9 | "subnetName": {
10 | "defaultValue": "serverSubnet",
11 | "type": "string"
12 | },
13 | "slbName": {
14 | "defaultValue": "mySLB",
15 | "type": "string"
16 | },
17 | "backendConfigName": {
18 | "defaultValue": "myBackendConfig",
19 | "type": "string"
20 | },
21 | "ipPrefix": {
22 | "defaultValue": "not used",
23 | "type": "string"
24 | },
25 | "vipSuffix": {
26 | "defaultValue": "not used",
27 | "type": "string"
28 | },
29 | "pipName": {
30 | "defaultValue": "myPublicIp",
31 | "type": "string"
32 | },
33 | "frontendPort": {
34 | "defaultValue": 1022,
35 | "type": "int",
36 | "metadata": { "description": "Port that will configured in the TCP-based probe" }
37 | },
38 | "backendPort": {
39 | "defaultValue": 22,
40 | "type": "int",
41 | "metadata": { "description": "Backend TCP port" }
42 | },
43 | "probePort": {
44 | "defaultValue": 22,
45 | "type": "int",
46 | "metadata": { "description": "TCP port that will configured in the TCP-based probe" }
47 | },
48 | "ruleName": {
49 | "defaultValue": "ssh",
50 | "type": "string"
51 | },
52 | "dsr": {
53 | "defaultValue": "false",
54 | "type": "string",
55 | "metadata": { "description": "whether Direct Server Return, aka Floating IP, is enabled or not" }
56 | }
57 | },
58 | "variables": {
59 | "frontendConfigName": "myFrontendConfig"
60 | },
61 | "resources": [
62 | {
63 | "comments": "Public IP address",
64 | "type": "Microsoft.Network/publicIPAddresses",
65 | "name": "[parameters('pipName')]",
66 | "sku": {
67 | "name": "Standard",
68 | "tier": "Regional"
69 | },
70 | "apiVersion": "2018-02-01",
71 | "location": "[resourceGroup().location]",
72 | "properties": {
73 | "publicIPAllocationMethod": "Static",
74 | "idleTimeoutInMinutes": 4
75 | },
76 | "resources": [],
77 | "dependsOn": []
78 | },
79 | {
80 | "comments": "External Load Balancer",
81 | "type": "Microsoft.Network/loadBalancers",
82 | "name": "[parameters('slbName')]",
83 | "apiVersion": "2018-08-01",
84 | "location": "[resourceGroup().location]",
85 | "sku": {
86 | "name": "Standard"
87 | },
88 | "properties": {
89 | "frontendIPConfigurations": [
90 | {
91 | "name": "[variables('frontendConfigName')]",
92 | "properties": {
93 | "privateIPAllocationMethod": "Dynamic",
94 | "publicIpAddress": {
95 | "id": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('pipName'))]"
96 | }
97 | }
98 | }
99 | ],
100 | "backendAddressPools": [
101 | {
102 | "name": "[parameters('backendConfigName')]"
103 | }
104 | ],
105 | "loadBalancingRules": [
106 | ],
107 | "probes": [
108 | ],
109 | "inboundNatRules": [],
110 | "outboundRules": [
111 | {
112 | "name": "myrule",
113 | "properties": {
114 | "allocatedOutboundPorts": 10000,
115 | "protocol": "All",
116 | "enableTcpReset": false,
117 | "idleTimeoutInMinutes": 15,
118 | "backendAddressPool": {
119 | "id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('slbName')), '/backendAddressPools/', parameters('backendConfigName'))]"
120 | },
121 | "frontendIPConfigurations": [
122 | {
123 | "id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('slbName')), '/frontendIPConfigurations/', variables('frontendConfigName'))]"
124 | }
125 | ]
126 | }
127 | }
128 | ],
129 | "inboundNatPools": []
130 | },
131 | "resources": [],
132 | "dependsOn": [
133 | "[parameters('pipName')]"
134 | ]
135 | }
136 | ]
137 | }
--------------------------------------------------------------------------------
/arm/index.php:
--------------------------------------------------------------------------------
1 |
2 |
3 | Network Virtual Appliance
4 |
5 |
6 |
7 | Welcome to the Open Source Azure Networking Lab
8 |
9 |
10 | &1 | grep received");
15 | $pos = strpos ($result, "1 received");
16 | if ($pos === false) {
17 | $allReachable = false;
18 | break;
19 | }
20 | }
21 | if ($allReachable === false) {
22 | // Ping did not work
23 | http_response_code (299);
24 | print ("The target hosts do not seem to be all reachable (" . $host . ")\n");
25 | } else {
26 | // Ping did work
27 | http_response_code (200);
28 | print ("All target hosts seem to be reachable\n");
29 | }
30 | ?>
31 |
32 |
33 |
--------------------------------------------------------------------------------
/arm/internalLB.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "vnetName": {
6 | "defaultValue": "myVnet",
7 | "type": "string"
8 | },
9 | "subnetName": {
10 | "defaultValue": "serverSubnet",
11 | "type": "string"
12 | },
13 | "slbName": {
14 | "defaultValue": "mySLB",
15 | "type": "string"
16 | },
17 | "backendConfigName": {
18 | "defaultValue": "myBackendConfig",
19 | "type": "string"
20 | },
21 | "ipPrefix": {
22 | "defaultValue": "10.0.1",
23 | "type": "string"
24 | },
25 | "vipSuffix": {
26 | "defaultValue": "100",
27 | "type": "string"
28 | },
29 | "pipName": {
30 | "defaultValue": "not used",
31 | "type": "string"
32 | },
33 | "pipSku": {
34 | "defaultValue": "not used",
35 | "type": "string"
36 | },
37 | "frontendPort": {
38 | "defaultValue": 1022,
39 | "type": "int",
40 | "metadata": { "description": "Frontend TCP port" }
41 | },
42 | "backendPort": {
43 | "defaultValue": 22,
44 | "type": "int",
45 | "metadata": { "description": "Backend TCP port" }
46 | },
47 | "probePort": {
48 | "defaultValue": 22,
49 | "type": "int",
50 | "metadata": { "description": "TCP port that will configured in the TCP-based probe" }
51 | },
52 | "ruleName": {
53 | "defaultValue": "ssh",
54 | "type": "string"
55 | },
56 | "dsr": {
57 | "defaultValue": "false",
58 | "type": "string",
59 | "metadata": { "description": "whether Direct Server Return, aka Floating IP, is enabled or not" }
60 | }
61 | },
62 | "variables": {
63 | "vip": "[concat(parameters('ipPrefix'), '.', parameters('vipSuffix'))]",
64 | "frontendConfigName": "myFrontendConfig",
65 | "probeName": "myProbe",
66 | "dsrBoolHash": {
67 | "true": true,
68 | "false": false
69 | },
70 | "dsrBool": "[variables('dsrBoolHash')[parameters('dsr')]]"
71 | },
72 |
73 | "resources": [
74 | {
75 | "comments": "Internal Load Balancer",
76 | "type": "Microsoft.Network/loadBalancers",
77 | "name": "[parameters('slbName')]",
78 | "apiVersion": "2016-03-30",
79 | "location": "[resourceGroup().location]",
80 | "properties": {
81 | "frontendIPConfigurations": [
82 | {
83 | "name": "[variables('frontendConfigName')]",
84 | "properties": {
85 | "privateIPAddress": "[variables('vip')]",
86 | "privateIPAllocationMethod": "Static",
87 | "subnet": {
88 | "id": "[concat(resourceId('Microsoft.Network/virtualNetworks', parameters('vnetName')), '/subnets/', parameters('subnetName'))]"
89 | }
90 | }
91 | }
92 | ],
93 | "backendAddressPools": [
94 | {
95 | "name": "[parameters('backendConfigName')]"
96 | }
97 | ],
98 | "loadBalancingRules": [
99 | {
100 | "name": "[parameters('ruleName')]",
101 | "properties": {
102 | "frontendIPConfiguration": {
103 | "id": "[concat( resourceId('Microsoft.Network/loadBalancers', parameters('slbName')), '/frontendIPConfigurations/', variables('frontendConfigName'))]"
104 | },
105 | "frontendPort": "[parameters('frontendPort')]",
106 | "backendPort": "[parameters('backendPort')]",
107 | "enableFloatingIP": "[variables('dsrBool')]",
108 | "idleTimeoutInMinutes": 4,
109 | "protocol": "Tcp",
110 | "loadDistribution": "Default",
111 | "backendAddressPool": {
112 | "id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('slbName')), '/backendAddressPools/', parameters('backendConfigName'))]"
113 | },
114 | "probe": {
115 | "id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('slbName')), '/probes/', variables('probeName'))]"
116 | }
117 | }
118 | }
119 | ],
120 | "probes": [
121 | {
122 | "name": "[variables('probeName')]",
123 | "properties": {
124 | "protocol": "Tcp",
125 | "port": "[parameters('probePort')]",
126 | "intervalInSeconds": 15,
127 | "numberOfProbes": 2
128 | }
129 | }
130 | ],
131 | "inboundNatRules": [],
132 | "outboundNatRules": [],
133 | "inboundNatPools": []
134 | },
135 | "resources": [],
136 | "dependsOn": [
137 | ]
138 | }
139 | ]
140 | }
--------------------------------------------------------------------------------
/arm/internalLB_standard.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "vnetName": {
6 | "defaultValue": "myVnet",
7 | "type": "string"
8 | },
9 | "subnetName": {
10 | "defaultValue": "serverSubnet",
11 | "type": "string"
12 | },
13 | "slbName": {
14 | "defaultValue": "mySLB",
15 | "type": "string"
16 | },
17 | "backendConfigName": {
18 | "defaultValue": "myBackendConfig",
19 | "type": "string"
20 | },
21 | "ipPrefix": {
22 | "defaultValue": "10.0.1",
23 | "type": "string"
24 | },
25 | "vipSuffix": {
26 | "defaultValue": "100",
27 | "type": "string"
28 | },
29 | "pipName": {
30 | "defaultValue": "myPublicIp",
31 | "type": "string"
32 | },
33 | "frontendPort": {
34 | "defaultValue": 1022,
35 | "type": "int",
36 | "metadata": { "description": "Frontend TCP port" }
37 | },
38 | "backendPort": {
39 | "defaultValue": 22,
40 | "type": "int",
41 | "metadata": { "description": "Backend TCP port" }
42 | },
43 | "probePort": {
44 | "defaultValue": 22,
45 | "type": "int",
46 | "metadata": { "description": "TCP port that will configured in the TCP-based probe" }
47 | },
48 | "ruleName": {
49 | "defaultValue": "ssh",
50 | "type": "string"
51 | },
52 | "dsr": {
53 | "defaultValue": "false",
54 | "type": "string",
55 | "metadata": { "description": "whether Direct Server Return, aka Floating IP, is enabled or not" }
56 | }
57 | },
58 | "variables": {
59 | "vip": "[concat(parameters('ipPrefix'), '.', parameters('vipSuffix'))]",
60 | "frontendConfigName": "myFrontendConfig",
61 | "probeName": "myProbe",
62 | "dsrBoolHash": {
63 | "true": true,
64 | "false": false
65 | },
66 | "dsrBool": "[variables('dsrBoolHash')[parameters('dsr')]]"
67 | },
68 |
69 | "resources": [
70 | {
71 | "comments": "Internal Load Balancer",
72 | "type": "Microsoft.Network/loadBalancers",
73 | "name": "[parameters('slbName')]",
74 | "apiVersion": "2017-08-01",
75 | "location": "[resourceGroup().location]",
76 | "sku": {
77 | "name": "Standard"
78 | },
79 | "properties": {
80 | "frontendIPConfigurations": [
81 | {
82 | "name": "[variables('frontendConfigName')]",
83 | "properties": {
84 | "privateIPAddress": "[variables('vip')]",
85 | "privateIPAllocationMethod": "Static",
86 | "subnet": {
87 | "id": "[concat(resourceId('Microsoft.Network/virtualNetworks', parameters('vnetName')), '/subnets/', parameters('subnetName'))]"
88 | }
89 | }
90 | }
91 | ],
92 | "backendAddressPools": [
93 | {
94 | "name": "[parameters('backendConfigName')]"
95 | }
96 | ],
97 | "loadBalancingRules": [
98 | {
99 | "name": "HARule",
100 | "properties": {
101 | "frontendIPConfiguration": {
102 | "id": "[concat( resourceId('Microsoft.Network/loadBalancers', parameters('slbName')), '/frontendIPConfigurations/', variables('frontendConfigName'))]"
103 | },
104 | "frontendPort": 0,
105 | "backendPort": 0,
106 | "enableFloatingIP": true,
107 | "idleTimeoutInMinutes": 4,
108 | "protocol": "All",
109 | "enableTcpReset": false,
110 | "loadDistribution": "Default",
111 | "disableOutboundSnat": false,
112 | "backendAddressPool": {
113 | "id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('slbName')), '/backendAddressPools/', parameters('backendConfigName'))]"
114 | },
115 | "probe": {
116 | "id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('slbName')), '/probes/', variables('probeName'))]"
117 | }
118 | }
119 | }
120 | ],
121 | "probes": [
122 | {
123 | "name": "[variables('probeName')]",
124 | "properties": {
125 | "protocol": "Tcp",
126 | "port": "[parameters('probePort')]",
127 | "intervalInSeconds": 15,
128 | "numberOfProbes": 2
129 | }
130 | }
131 | ],
132 | "inboundNatRules": [],
133 | "outboundNatRules": [],
134 | "inboundNatPools": []
135 | },
136 | "resources": [],
137 | "dependsOn": [
138 | ]
139 | }
140 | ]
141 | }
--------------------------------------------------------------------------------
/arm/linuxNVAconfig-1nic.sh:
--------------------------------------------------------------------------------
1 | # These actions will be run at provisioning time
2 | # Most of these commands are ephemeral, so you will probably have to rerun them if you reboot the VM
3 |
4 | # Enable IP forwarding
5 | sudo -i sysctl -w net.ipv4.ip_forward=1
6 |
7 | # Enable a listener on port 1138 (for the internal LB, verify with netstat -lntp)
8 | while true; do nc -lk -p 1138; done &
9 | # while true; do nc -lk -p 1138; done & # We should know the IP for each NVA...
10 |
11 | # Enable a listener on port 1139 (for the external LB, verify with netstat -lntp)
12 | while true; do nc -lk -p 1139; done &
13 |
14 | # Install Apache and PHP
15 | sudo apt-get update
16 | sudo apt-get install apache2 -y
17 | sudo apt-get install php libapache2-mod-php php-mcrypt php-mysql -y
18 | sudo systemctl restart apache2
19 |
20 | # Delete default web site and download a new one
21 | sudo rm /var/www/html/index.html
22 | sudo apt-get install wget -you
23 | sudo wget https://raw.githubusercontent.com/erjosito/azure-networking-lab/master/arm/index.php -P /var/www/html/
24 |
25 |
26 | ###########################
27 | # Firewall config rules #
28 | ###########################
29 |
30 | # Allow incoming and outgoing traffic (TCP)
31 | sudo iptables -A INPUT -p tcp -j ACCEPT
32 | sudo iptables -A OUTPUT -p tcp -j ACCEPT
33 | # Deny forwarded ICMP
34 | sudo iptables -A FORWARD -p icmp -j DROP
35 | # Allow forwarded traffic
36 | sudo iptables -A FORWARD -j ACCEPT
37 | # SNAT for all traffic
38 | sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
39 |
--------------------------------------------------------------------------------
/arm/linuxNVAconfig.sh:
--------------------------------------------------------------------------------
1 | # These actions will be run at provisioning time
2 | # Most of these commands are ephemeral, so you will probably have to rerun them if you reboot the VM
3 |
4 | # Enable IP forwarding
5 | sudo -i sysctl -w net.ipv4.ip_forward=1
6 |
7 | # Enable eth1 and get an IP address
8 | sudo ifconfig eth1 up
9 | sudo dhclient
10 |
11 | # Enable a listener on port 1138 (for the internal LB, verify with netstat -lntp)
12 | while true; do nc -lk -p 1138; done &
13 | # while true; do nc -lk -p 1138; done & # We should know the IP for each NVA...
14 |
15 | # Enable a listener on port 1139 (for the external LB, verify with netstat -lntp)
16 | while true; do nc -lk -p 1139; done &
17 |
18 | # Install Apache and PHP
19 | sudo apt-get update
20 | sudo apt-get install apache2 -y
21 | sudo apt-get install php libapache2-mod-php php-mcrypt php-mysql -y
22 | sudo systemctl restart apache2
23 |
24 | # Delete default web site and download a new one
25 | sudo rm /var/www/html/index.html
26 | sudo apt-get install wget -you
27 | sudo wget https://raw.githubusercontent.com/erjosito/azure-networking-lab/master/arm/index.php -P /var/www/html/
28 |
29 | #############
30 | # Routing #
31 | #############
32 |
33 | # Set up a better routing metric on eth1 (external, 10.4.3.0/24)
34 | # Note that this is not persistent, so you will have to rerun it if you reboot the VM
35 | sudo apt-get install -y ifmetric
36 | sudo ifmetric eth0 100
37 | # sudo ifmetric eth1 10 # This breaks the ILB!!!!
38 | sudo ifmetric eth1 200
39 |
40 | # configure static routes for the vnet space to eth0
41 | sudo route add -net 10.0.0.0/13 gw 10.4.2.1 dev eth0
42 | # and the Internet default to eth1 (just to be sure)
43 | sudo route add -net 0.0.0.0/0 gw 10.4.3.1 dev eth0
44 | # route for internal LB to work properly (will break ext LB unless PBR is configured, see next lines)
45 | # sudo route add -host 168.63.129.16 gw 10.4.2.1 dev eth0
46 |
47 | # Get IP addresses
48 | ipaddint=`ip a | grep 10.4.2 | awk '{print $2}' | awk -F '/' '{print $1}'` # either 10.4.2.101 or .102
49 | ipaddext=`ip a | grep 10.4.3 | awk '{print $2}' | awk -F '/' '{print $1}'` # either 10.4.3.101 or .102
50 |
51 | # Create a custom routing table for internal LB probes
52 | #sudo sed -i '$a201 slbint' /etc/iproute2/rt_tables # an easier echo command would be denied by selinux
53 | #sudo ip rule add from $ipaddint to 168.63.129.16 lookup slbint # Note that this depends on the nva number!
54 | #sudo ip route add 168.63.129.16 via 10.4.2.1 dev eth0 table slbint
55 |
56 | # Create a custom routing table for external LB probes
57 | #sudo sed -i '$a202 slbext' /etc/iproute2/rt_tables # an easier echo command would be denied by selinux
58 | #sudo ip rule add from $ipaddext to 168.63.129.16 lookup slbext
59 | #sudo ip route add 168.63.129.16 via 10.4.3.1 dev eth1 table slbext
60 |
61 | ###########################
62 | # Firewall config rules #
63 | ###########################
64 |
65 | # Deny forwarded ICMP
66 | sudo iptables -A FORWARD -p icmp -j DROP
67 | # Deny specific IP address (ifconfig.co, but the IP address keeps changing anyway)
68 | #sudo iptables -A FORWARD -d 188.113.88.193 -j DROP
69 |
70 | # Allow forwarded outgoing traffic (port 80)
71 | # sudo iptables -A FORWARD -i eth0 -o eth0 -p tcp --dport 80 -j ACCEPT
72 | # sudo iptables -A FORWARD -i eth0 -o eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
73 |
74 | # Allow SSH traffic on eth0
75 | sudo iptables -A FORWARD -i eth0 -p tcp --dport ssh -j ACCEPT
76 | sudo iptables -A FORWARD -i eth0 -p tcp --dport 80 -j ACCEPT
77 | sudo iptables -A FORWARD -i eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
78 |
79 | # Allow forwarded traffic on eth1
80 | #sudo iptables -A FORWARD -i eth1 -j ACCEPT
81 | #sudo iptables -A FORWARD -o eth1 -j ACCEPT
82 |
83 | # Default deny
84 | sudo iptables -A FORWARD -j DROP
85 |
86 |
87 | # SNAT for traffic going to the vnets
88 | sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
89 | # SNAT for traffic going to the Internet
90 | sudo iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
91 |
92 |
--------------------------------------------------------------------------------
/arm/linuxVM.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "vnetName": {
6 | "defaultValue": "myVnet",
7 | "type": "string"
8 | },
9 | "location": {
10 | "defaultValue": "[resourceGroup().location]",
11 | "type": "string"
12 | },
13 | "subnetName": {
14 | "defaultValue": "serverSubnet",
15 | "type": "string"
16 | },
17 | "adminUsername": {
18 | "defaultValue": null,
19 | "type": "string"
20 | },
21 | "adminPassword": {
22 | "defaultValue": null,
23 | "type": "securestring"
24 | },
25 | "vmName": {
26 | "defaultValue": "myvm",
27 | "type": "string"
28 | },
29 | "vmType": {
30 | "defaultValue": "ubuntu",
31 | "type": "string",
32 | "allowedValues": [
33 | "ubuntu"
34 | ]
35 | },
36 | "vmSize": {
37 | "defaultValue": "Standard_B1s",
38 | "type": "string"
39 | },
40 | "createPip": {
41 | "defaultValue": "yes",
42 | "type": "string",
43 | "allowedValues": ["yes", "no"]
44 | }
45 | },
46 |
47 | "variables": {
48 | "nicName": "[concat(parameters('vmName'),'-nic')]",
49 | "pipName": "[concat(parameters('vmName'),'-pip')]",
50 | "diskName": "[concat(parameters('vmName'),'-disk')]",
51 | "apiVersion": "2023-07-01",
52 | "nicTemplateUriHash": {
53 | "yes": "[uri(deployment().properties.templateLink.uri, 'nic_noNSG_noSLB_PIP_dynamic.json')]",
54 | "no": "[uri(deployment().properties.templateLink.uri, 'nic_noNSG_noSLB_noPIP_dynamic.json')]"
55 | },
56 | "nicTemplateURI": "[variables('nicTemplateUriHash')[parameters('createPip')]]",
57 | "skuDataTable": {
58 | "ubuntu": {
59 | "sku": "22_04-lts-gen2",
60 | "publisher": "canonical",
61 | "offer": "0001-com-ubuntu-server-jammy",
62 | "size": "[parameters('vmSize')]"
63 | }
64 | },
65 | "skuData": "[variables('skuDataTable')[parameters('vmType')]]"
66 | },
67 | "resources": [
68 | {
69 | "comments": "VMs created and linked to NICs",
70 | "type": "Microsoft.Compute/virtualMachines",
71 | "name": "[parameters('vmName')]",
72 | "apiVersion": "[variables('apiVersion')]",
73 | "location": "[parameters('location')]",
74 | "properties": {
75 | "hardwareProfile": {
76 | "vmSize": "[variables('skuData')['size']]"
77 | },
78 | "storageProfile": {
79 | "imageReference": {
80 | "publisher": "[variables('skuData')['publisher']]",
81 | "offer": "[variables('skuData')['offer']]",
82 | "sku": "[variables('skuData')['sku']]",
83 | "version": "latest"
84 | },
85 | "osDisk": {
86 | "osType": "Linux",
87 | "createOption": "FromImage",
88 | "diskSizeGB": 31
89 | },
90 | "dataDisks": []
91 | },
92 | "osProfile": {
93 | "computerName": "[parameters('vmName')]",
94 | "adminUsername": "[parameters('adminUsername')]",
95 | "secrets": [],
96 | "adminPassword": "[parameters('adminPassword')]"
97 | },
98 | "networkProfile": {
99 | "networkInterfaces": [
100 | {
101 | "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('nicName'))]"
102 | }
103 | ]
104 | }
105 | },
106 | "resources": [
107 | ],
108 | "dependsOn": [
109 | "[variables('nicName')]"
110 | ]
111 | },
112 | {
113 | "comments": "Create NIC for the VM with or without public IP",
114 | "name": "[variables('nicName')]",
115 | "type": "Microsoft.Resources/deployments",
116 | "apiVersion": "2016-06-01",
117 | "properties": {
118 | "mode": "Incremental",
119 | "templateLink": {
120 | "uri": "[variables('nicTemplateUri')]",
121 | "contentVersion": "1.0.0.0"
122 | },
123 | "parameters": {
124 | "pipName": { "value": "[variables('pipName')]" },
125 | "location": { "value": "[parameters('location')]" },
126 | "nicName": { "value": "[variables('nicName')]" },
127 | "vnetName": { "value": "[parameters('vnetName')]" },
128 | "subnetName": { "value": "[parameters('subnetName')]"}
129 | }
130 | },
131 | "dependsOn": []
132 | }
133 | ]
134 | }
135 |
--------------------------------------------------------------------------------
/arm/linuxVM_diagExt.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "vnetName": {
6 | "defaultValue": "myVnet",
7 | "type": "string"
8 | },
9 | "subnetName": {
10 | "defaultValue": "serverSubnet",
11 | "type": "string"
12 | },
13 | "storageAccountName": {
14 | "defaultValue": "[concat('storage',uniqueString(resourceGroup().id))]",
15 | "type": "string"
16 | },
17 | "adminUsername": {
18 | "defaultValue": null,
19 | "type": "string"
20 | },
21 | "adminPassword": {
22 | "defaultValue": null,
23 | "type": "securestring"
24 | },
25 | "vmName": {
26 | "defaultValue": "myvm",
27 | "type": "string"
28 | },
29 | "vmType": {
30 | "defaultValue": "ubuntu",
31 | "type": "string",
32 | "allowedValues": [
33 | "ubuntu"
34 | ]
35 | }
36 | },
37 |
38 | "variables": {
39 | "nicName": "[concat(parameters('vmName'),'nic')]",
40 | "pipName": "[concat(parameters('vmName'),'pip')]",
41 | "diskName": "[concat(parameters('vmName'),'disk')]",
42 | "apiVersion": "2016-03-30",
43 | "nicTemplateURI": "[uri(deployment().properties.templateLink.uri, 'nic_noNSG_noSLB_PIP_dynamic.json')]",
44 | "skuDataTable": {
45 | "ubuntu": {
46 | "sku": "16.04.0-LTS",
47 | "publisher": "canonical",
48 | "offer": "UbuntuServer",
49 | "size": "Standard_A0"
50 | }
51 | },
52 | "skuData": "[variables('skuDataTable')[parameters('vmType')]]",
53 | "diagStorageAccountName": "[parameters('storageAccountName')]",
54 | "diagStorageAccountId": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/',resourceGroup().Name, '/providers/','Microsoft.Storage/storageAccounts/', variables('diagStorageAccountName'))]",
55 | "wadlogs": " ",
56 | "wadperfcounters1": "",
57 | "wadperfcounters2": "",
58 | "wadcfgxstart": "[concat(variables('wadlogs'), variables('wadperfcounters1'), variables('wadperfcounters2'), '" },
61 |
62 | "resources": [
63 | {
64 | "comments": "VMs created and linked to NICs and storage account",
65 | "type": "Microsoft.Compute/virtualMachines",
66 | "name": "[parameters('vmName')]",
67 | "apiVersion": "[variables('apiVersion')]",
68 | "location": "[resourceGroup().location]",
69 | "properties": {
70 | "hardwareProfile": {
71 | "vmSize": "[variables('skuData')['size']]"
72 | },
73 | "storageProfile": {
74 | "imageReference": {
75 | "publisher": "[variables('skuData')['publisher']]",
76 | "offer": "[variables('skuData')['offer']]",
77 | "sku": "[variables('skuData')['sku']]",
78 | "version": "latest"
79 | },
80 | "osDisk": {
81 | "name": "[parameters('vmName')]",
82 | "createOption": "FromImage",
83 | "vhd": {
84 | "uri": "[concat('https', '://', parameters('storageAccountName'), '.blob.core.windows.net', '/vhds/', variables('diskName'), uniqueString(resourceGroup().id),'.vhd')]"
85 | },
86 | "caching": "ReadWrite"
87 | },
88 | "dataDisks": []
89 | },
90 | "osProfile": {
91 | "computerName": "[parameters('vmName')]",
92 | "adminUsername": "[parameters('adminUsername')]",
93 | "secrets": [],
94 | "adminPassword": "[parameters('adminPassword')]"
95 | },
96 | "networkProfile": {
97 | "networkInterfaces": [
98 | {
99 | "id": "[resourceId('Microsoft.Network/networkInterfaces', variables('nicName'))]"
100 | }
101 | ]
102 | }
103 | },
104 | "resources": [
105 | {
106 | "comments": "Deploy VM with Azure Monitor extension",
107 | "name": "Microsoft.Insights.VMDiagnosticsSettings",
108 | "type": "extensions",
109 | "location": "[resourceGroup().location]",
110 | "apiVersion": "2015-06-15",
111 | "dependsOn": [
112 | "[concat('Microsoft.Compute/virtualMachines/', parameters('vmName'))]"
113 | ],
114 | "tags": {
115 | "displayName": "AzureDiagnostics"
116 | },
117 | "properties": {
118 | "publisher": "Microsoft.Azure.Diagnostics",
119 | "type": "IaaSDiagnostics",
120 | "typeHandlerVersion": "1.5",
121 | "autoUpgradeMinorVersion": true,
122 | "settings": {
123 | "xmlCfg": "[base64(concat(variables('wadcfgxstart'), variables('wadmetricsresourceid'), parameters('vmName'), variables('wadcfgxend')))]",
124 | "storageAccount": "[variables('diagStorageAccountName')]"
125 | },
126 | "protectedSettings": {
127 | "storageAccountName": "[variables('diagStorageAccountName')]",
128 | "storageAccountKey": "[listkeys(variables('diagStorageAccountId'), '2015-05-01-preview').key1]",
129 | "storageAccountEndPoint": "https://core.windows.net"
130 | }
131 | }
132 | }
133 | ],
134 | "dependsOn": [
135 | "[variables('nicName')]"
136 | ]
137 | },
138 | {
139 | "comments": "Create NIC for the VM with public IP",
140 | "name": "[variables('nicName')]",
141 | "type": "Microsoft.Resources/deployments",
142 | "apiVersion": "2016-06-01",
143 | "properties": {
144 | "mode": "Incremental",
145 | "templateLink": {
146 | "uri": "[variables('nicTemplateUri')]",
147 | "contentVersion": "1.0.0.0"
148 | },
149 | "parameters": {
150 | "pipName": { "value": "[variables('pipName')]" },
151 | "nicName": { "value": "[variables('nicName')]" },
152 | "vnetName": { "value": "[parameters('vnetName')]" },
153 | "subnetName": { "value": "[parameters('subnetName')]"}
154 | }
155 | },
156 | "dependsOn": []
157 | }
158 | ]
159 | }
--------------------------------------------------------------------------------
/arm/multiVnetLab.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "vnetNamePrefix": {
6 | "defaultValue": "myVnet",
7 | "type": "string",
8 | "metadata": { "description": "Name of the vNets that will be created containing the subnets and other objects. They will be suffixed by the vNet number: myVnet1, myVnet2, etc." }
9 | },
10 | "vnetOctet1": {
11 | "defaultValue": "10.",
12 | "type": "string",
13 | "metadata": { "description": "First octet of the vnet IP space. The second octet depends on the vnet instance (1, 2, 3, etc). Octets 3 and 4 are always 0.0, network mask is always /16" }
14 | },
15 | "vnetCount": {
16 | "defaultValue": 3,
17 | "type": "int",
18 | "metadata": { "description": "Number of identical vnets that will be created"}
19 | },
20 | "createGw": {
21 | "defaultValue": "no",
22 | "type": "string",
23 | "allowedValues": ["yes", "no"],
24 | "metadata": { "description": "Basic Vnet VPN Gateways will be created for all 5 Vnets. This has an impact if configuring peerings, since for some options gateways are required"}
25 | },
26 | "enableBgp": {
27 | "defaultValue": "false",
28 | "type": "string",
29 | "allowedValues": ["true", "false"]
30 | },
31 | "createVm": {
32 | "defaultValue": "no",
33 | "type": "string",
34 | "allowedValues": ["yes", "no"]
35 | },
36 | "vmType": {
37 | "defaultValue": "ubuntu",
38 | "type": "string",
39 | "allowedValues": [
40 | "ubuntu"
41 | ],
42 | "metadata": { "description": "Type of VM to optionally create in the first subnet in every vnet"}
43 | },
44 | "vmSize": {
45 | "defaultValue": "Standard_B1s",
46 | "type": "string"
47 | },
48 | "createPip": {
49 | "defaultValue": "yes",
50 | "type": "string",
51 | "allowedValues": ["yes", "no"]
52 | },
53 | "adminUsername": {
54 | "defaultValue": "lab-user",
55 | "type": "string",
56 | "metadata": { "description": "Username for the VMs"}
57 | },
58 | "adminPassword": {
59 | "defaultValue": null,
60 | "type": "securestring",
61 | "metadata": { "description": "Password for the VMs"}
62 | },
63 | "location2ary": {
64 | "defaultValue": "westus2",
65 | "type": "string",
66 | "metadata": { "description": "Secondary location for some of the VNets" }
67 | },
68 | "location2aryVnets": {
69 | "defaultValue": [],
70 | "type": "array",
71 | "metadata": { "description": "Array with Vnets to be deployed in the 2ary location" }
72 | }
73 | },
74 |
75 | "variables": {
76 | "apiVersion": "2016-03-30"
77 | },
78 |
79 | "resources": [
80 | {
81 | "comments": "vnet with 3 subnets",
82 | "name": "[concat(parameters('vnetNamePrefix'), '-template-', copyIndex(1))]",
83 | "type": "Microsoft.Resources/deployments",
84 | "apiVersion": "2016-06-01",
85 | "properties": {
86 | "mode": "Incremental",
87 | "templateLink": {
88 | "uri": "[uri(deployment().properties.templateLink.uri, 'vnet3Subnets.json')]",
89 | "contentVersion": "1.0.0.0"
90 | },
91 | "parameters": {
92 | "vnetName": { "value": "[concat(parameters('vnetNamePrefix'), copyIndex(1))]" },
93 | "vnetOctets12": { "value": "[concat(parameters('vnetOctet1'), copyIndex(1), '.')]" },
94 | "subnetNamePrefix": { "value": "[concat(parameters('vnetNamePrefix'), copyIndex(1), 'Subnet')]"},
95 | "gwName": { "value": "[concat(parameters('vnetNamePrefix'), copyIndex(1), 'GW')]" },
96 | "gwPIPName": { "value": "[concat(parameters('vnetNamePrefix'), copyIndex(1), 'gwPip')]" },
97 | "createGw": { "value": "[parameters('createGw')]"},
98 | "enableBgp": { "value": "[parameters('enableBgp')]"},
99 | "createVm": { "value": "[parameters('createVm')]"},
100 | "vmType": { "value": "[parameters('vmType')]"},
101 | "vmSize": { "value": "[parameters('vmSize')]"},
102 | "createPip": { "value": "[parameters('createPip')]"},
103 | "adminUsername": { "value": "[parameters('adminUsername')]"},
104 | "adminPassword": { "value": "[parameters('adminPassword')]"},
105 | "location": {"value": "[if(contains(parameters('location2aryVnets'), copyIndex(1)), parameters('location2ary'), resourceGroup().location)]"}
106 | }
107 | },
108 | "dependsOn": [],
109 | "copy": {
110 | "name": "vnetCopy",
111 | "count": "[parameters('vnetCount')]"
112 | }
113 | }
114 | ]
115 | }
116 |
--------------------------------------------------------------------------------
/arm/nic_NSG_noSLB_PIP_static.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "nicName": {
6 | "defaultValue": "myNic",
7 | "type": "string"
8 | },
9 | "vnetName": {
10 | "defaultValue": "myVnet",
11 | "type": "string"
12 | },
13 | "subnetName": {
14 | "defaultValue": "serverSubnet",
15 | "type": "string"
16 | },
17 | "ipAddress": {
18 | "defaultValue": "10.0.0.1",
19 | "type": "string"
20 | },
21 | "pipName": {
22 | "defaultValue": "myPIP",
23 | "type": "string"
24 | },
25 | "pipSku": {
26 | "defaultValue": "basic",
27 | "type": "string"
28 | }
29 | },
30 | "variables": {
31 | "networkApiVersion": "2016-03-30"
32 | },
33 | "resources": [
34 | {
35 | "comments": "Public IP address",
36 | "type": "Microsoft.Network/publicIPAddresses",
37 | "sku": {
38 | "name": "[parameters('pipSku')]",
39 | "tier": "Regional"
40 | },
41 | "name": "[parameters('pipName')]",
42 | "apiVersion": "2018-02-01",
43 | "location": "[resourceGroup().location]",
44 | "properties": {
45 | "publicIPAllocationMethod": "[if(equals(parameters('pipSku'), 'basic'), 'Dynamic', 'Static')]",
46 | "idleTimeoutInMinutes": 4
47 | },
48 | "resources": [],
49 | "dependsOn": []
50 | },
51 | {
52 | "comments": "NSG with no custom rules, only the default rules",
53 | "type": "Microsoft.Network/networkSecurityGroups",
54 | "name": "[concat(parameters('nicName'), '-nsg')]",
55 | "apiVersion": "[variables('networkApiVersion')]",
56 | "location": "[resourceGroup().location]",
57 | "properties": {
58 | "securityRules": []
59 | },
60 | "resources": [],
61 | "dependsOn": []
62 | },
63 | {
64 | "comments": "NIC created with static IP address, no public IP and IP Forwarding",
65 | "type": "Microsoft.Network/networkInterfaces",
66 | "name": "[parameters('nicName')]",
67 | "apiVersion": "[variables('networkApiVersion')]",
68 | "location": "[resourceGroup().location]",
69 | "properties": {
70 | "ipConfigurations": [
71 | {
72 | "name": "[concat(parameters('nicName'), '-ipConfig')]",
73 | "properties": {
74 | "privateIPAddress": "[parameters('ipAddress')]",
75 | "privateIPAllocationMethod": "Static",
76 | "publicIPAddress": {
77 | "id": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('pipName'))]"
78 | },
79 | "subnet": {
80 | "id": "[concat(resourceId('Microsoft.Network/virtualNetworks', parameters('vnetName')), '/subnets/', parameters('subnetName'))]"
81 | }
82 | }
83 | }
84 | ],
85 | "dnsSettings": {
86 | "dnsServers": []
87 | },
88 | "enableIPForwarding": true,
89 | "networkSecurityGroup": {
90 | "id": "[resourceId('Microsoft.Network/networkSecurityGroups', concat(parameters('nicName'), '-nsg'))]"
91 | }
92 | },
93 | "resources": [],
94 | "dependsOn": [
95 | "[concat(parameters('nicName'), '-nsg')]"
96 | ]
97 | }
98 | ]
99 | }
--------------------------------------------------------------------------------
/arm/nic_NSG_noSLB_noPIP_static.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "nicName": {
6 | "defaultValue": "myNic",
7 | "type": "string"
8 | },
9 | "vnetName": {
10 | "defaultValue": "myVnet",
11 | "type": "string"
12 | },
13 | "subnetName": {
14 | "defaultValue": "serverSubnet",
15 | "type": "string"
16 | },
17 | "ipAddress": {
18 | "defaultValue": "10.0.0.1",
19 | "type": "string"
20 | },
21 | "pipName": {
22 | "defaultValue": "left for parameter compatibility",
23 | "type": "string"
24 | },
25 | "pipSku": {
26 | "defaultValue": "left for parameter compatibility",
27 | "type": "string"
28 | }
29 | },
30 | "variables": {
31 | "networkApiVersion": "2016-03-30"
32 | },
33 | "resources": [
34 | {
35 | "comments": "NSG with no custom rules, only the default rules",
36 | "type": "Microsoft.Network/networkSecurityGroups",
37 | "name": "[concat(parameters('nicName'), '-nsg')]",
38 | "apiVersion": "[variables('networkApiVersion')]",
39 | "location": "[resourceGroup().location]",
40 | "properties": {
41 | "securityRules": []
42 | },
43 | "resources": [],
44 | "dependsOn": []
45 | },
46 | {
47 | "comments": "NIC created with static IP address, no public IP and IP Forwarding",
48 | "type": "Microsoft.Network/networkInterfaces",
49 | "name": "[parameters('nicName')]",
50 | "apiVersion": "[variables('networkApiVersion')]",
51 | "location": "[resourceGroup().location]",
52 | "properties": {
53 | "ipConfigurations": [
54 | {
55 | "name": "[concat(parameters('nicName'), '-ipConfig')]",
56 | "properties": {
57 | "privateIPAddress": "[parameters('ipAddress')]",
58 | "privateIPAllocationMethod": "Static",
59 | "subnet": {
60 | "id": "[concat(resourceId('Microsoft.Network/virtualNetworks', parameters('vnetName')), '/subnets/', parameters('subnetName'))]"
61 | }
62 | }
63 | }
64 | ],
65 | "dnsSettings": {
66 | "dnsServers": []
67 | },
68 | "enableIPForwarding": true,
69 | "networkSecurityGroup": {
70 | "id": "[resourceId('Microsoft.Network/networkSecurityGroups', concat(parameters('nicName'), '-nsg'))]"
71 | }
72 | },
73 | "resources": [],
74 | "dependsOn": [
75 | "[concat(parameters('nicName'), '-nsg')]"
76 | ]
77 | }
78 | ]
79 | }
--------------------------------------------------------------------------------
/arm/nic_noNSG_noSLB_PIP_dynamic.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "nicName": {
6 | "defaultValue": "myNic",
7 | "type": "string"
8 | },
9 | "location": {
10 | "defaultValue": "[resourceGroup().location]",
11 | "type": "string"
12 | },
13 | "vnetName": {
14 | "defaultValue": "myVnet",
15 | "type": "string"
16 | },
17 | "subnetName": {
18 | "defaultValue": "serverSubnet",
19 | "type": "string"
20 | },
21 | "pipName": {
22 | "defaultValue": "myPIP",
23 | "type": "string"
24 | }
25 | },
26 | "variables": {
27 | "ipConfigName": "[concat(parameters('nicName'),'-ipConfig')]",
28 | "apiVersion": "2016-03-30"
29 | },
30 | "resources": [
31 | {
32 | "comments": "Public IP address",
33 | "type": "Microsoft.Network/publicIPAddresses",
34 | "name": "[parameters('pipName')]",
35 | "apiVersion": "[variables('apiVersion')]",
36 | "location": "[parameters('location')]",
37 | "properties": {
38 | "publicIPAllocationMethod": "Dynamic",
39 | "idleTimeoutInMinutes": 4
40 | },
41 | "resources": [],
42 | "dependsOn": []
43 | },
44 | {
45 | "comments": "NIC created with dynamic IP addresses",
46 | "type": "Microsoft.Network/networkInterfaces",
47 | "name": "[parameters('nicName')]",
48 | "apiVersion": "[variables('apiVersion')]",
49 | "location": "[parameters('location')]",
50 | "properties": {
51 | "ipConfigurations": [
52 | {
53 | "name": "[variables('ipConfigName')]",
54 | "properties": {
55 | "privateIPAllocationMethod": "dynamic",
56 | "publicIPAddress": {
57 | "id": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('pipName'))]"
58 | },
59 | "subnet": {
60 | "id": "[concat(resourceId('Microsoft.Network/virtualNetworks', parameters('vnetName')), '/subnets/', parameters('subnetName'))]"
61 | }
62 | }
63 | }
64 | ],
65 | "dnsSettings": {
66 | "dnsServers": []
67 | },
68 | "enableIPForwarding": false
69 | },
70 | "resources": [],
71 | "dependsOn": [
72 | "[parameters('pipName')]"
73 | ]
74 | }
75 | ]
76 | }
--------------------------------------------------------------------------------
/arm/nic_noNSG_noSLB_PIP_static.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "nicName": {
6 | "defaultValue": "myNic",
7 | "type": "string"
8 | },
9 | "vnetName": {
10 | "defaultValue": "myVnet",
11 | "type": "string"
12 | },
13 | "subnetName": {
14 | "defaultValue": "serverSubnet",
15 | "type": "string"
16 | },
17 | "ipAddress": {
18 | "defaultValue": "10.0.0.1",
19 | "type": "string"
20 | },
21 | "pipName": {
22 | "defaultValue": "myPIP",
23 | "type": "string"
24 | },
25 | "pipSku": {
26 | "defaultValue": "basic",
27 | "type": "string"
28 | }
29 | },
30 | "variables": {
31 | "ipConfigName": "[concat(parameters('nicName'),'-ipConfig')]",
32 | "apiVersion": "2016-03-30"
33 | },
34 | "resources": [
35 | {
36 | "comments": "Public IP address",
37 | "type": "Microsoft.Network/publicIPAddresses",
38 | "sku": {
39 | "name": "[parameters('pipSku')]",
40 | "tier": "Regional"
41 | },
42 | "name": "[parameters('pipName')]",
43 | "apiVersion": "2018-02-01",
44 | "location": "[resourceGroup().location]",
45 | "properties": {
46 | "publicIPAllocationMethod": "[if(equals(parameters('pipSku'), 'basic'), 'Dynamic', 'Static')]",
47 | "idleTimeoutInMinutes": 4
48 | },
49 | "resources": [],
50 | "dependsOn": []
51 | },
52 | {
53 | "comments": "NIC created with static IP address",
54 | "type": "Microsoft.Network/networkInterfaces",
55 | "name": "[parameters('nicName')]",
56 | "apiVersion": "[variables('apiVersion')]",
57 | "location": "[resourceGroup().location]",
58 | "properties": {
59 | "ipConfigurations": [
60 | {
61 | "name": "[variables('ipConfigName')]",
62 | "properties": {
63 | "privateIPAddress": "[parameters('ipAddress')]",
64 | "privateIPAllocationMethod": "Static",
65 | "publicIPAddress": {
66 | "id": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('pipName'))]"
67 | },
68 | "subnet": {
69 | "id": "[concat(resourceId('Microsoft.Network/virtualNetworks', parameters('vnetName')), '/subnets/', parameters('subnetName'))]"
70 | }
71 | }
72 | }
73 | ],
74 | "dnsSettings": {
75 | "dnsServers": []
76 | },
77 | "enableIPForwarding": true
78 | },
79 | "resources": [],
80 | "dependsOn": [
81 | "[parameters('pipName')]"
82 | ]
83 | }
84 | ]
85 | }
--------------------------------------------------------------------------------
/arm/nic_noNSG_noSLB_noPIP_dynamic.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "nicName": {
6 | "defaultValue": "myNic",
7 | "type": "string"
8 | },
9 | "location": {
10 | "defaultValue": "[resourceGroup().location]",
11 | "type": "string"
12 | },
13 | "vnetName": {
14 | "defaultValue": "myVnet",
15 | "type": "string"
16 | },
17 | "subnetName": {
18 | "defaultValue": "serverSubnet",
19 | "type": "string"
20 | },
21 | "pipName": {
22 | "defaultValue": "not used, mantained for compatibility",
23 | "type": "string"
24 | }
25 | },
26 | "variables": {
27 | "ipConfigName": "[concat(parameters('nicName'),'-ipConfig')]",
28 | "apiVersion": "2016-03-30"
29 | },
30 | "resources": [
31 | {
32 | "comments": "NIC created with dynamic IP addresses",
33 | "type": "Microsoft.Network/networkInterfaces",
34 | "name": "[parameters('nicName')]",
35 | "apiVersion": "[variables('apiVersion')]",
36 | "location": "[parameters('location')]",
37 | "properties": {
38 | "ipConfigurations": [
39 | {
40 | "name": "[variables('ipConfigName')]",
41 | "properties": {
42 | "privateIPAllocationMethod": "dynamic",
43 | "subnet": {
44 | "id": "[concat(resourceId('Microsoft.Network/virtualNetworks', parameters('vnetName')), '/subnets/', parameters('subnetName'))]"
45 | }
46 | }
47 | }
48 | ],
49 | "dnsSettings": {
50 | "dnsServers": []
51 | },
52 | "enableIPForwarding": false
53 | },
54 | "resources": [],
55 | "dependsOn": []
56 | }
57 | ]
58 | }
--------------------------------------------------------------------------------
/arm/nic_noNSG_noSLB_noPIP_static.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "nicName": {
6 | "defaultValue": "myNic",
7 | "type": "string"
8 | },
9 | "vnetName": {
10 | "defaultValue": "myVnet",
11 | "type": "string"
12 | },
13 | "subnetName": {
14 | "defaultValue": "serverSubnet",
15 | "type": "string"
16 | },
17 | "ipAddress": {
18 | "defaultValue": "10.0.0.1",
19 | "type": "string"
20 | },
21 | "pipName": {
22 | "defaultValue": "left for parameter compatibility",
23 | "type": "string"
24 | },
25 | "pipSku": {
26 | "defaultValue": "left for parameter compatibility",
27 | "type": "string"
28 | }
29 | },
30 | "variables": {
31 | "ipConfigName": "[concat(parameters('nicName'),'-ipConfig')]",
32 | "apiVersion": "2016-03-30"
33 | },
34 | "resources": [
35 | {
36 | "comments": "NIC created with static IP addresses",
37 | "type": "Microsoft.Network/networkInterfaces",
38 | "name": "[parameters('nicName')]",
39 | "apiVersion": "[variables('apiVersion')]",
40 | "location": "[resourceGroup().location]",
41 | "properties": {
42 | "ipConfigurations": [
43 | {
44 | "name": "[variables('ipConfigName')]",
45 | "properties": {
46 | "privateIPAddress": "[parameters('ipAddress')]",
47 | "privateIPAllocationMethod": "Static",
48 | "subnet": {
49 | "id": "[concat(resourceId('Microsoft.Network/virtualNetworks', parameters('vnetName')), '/subnets/', parameters('subnetName'))]"
50 | }
51 | }
52 | }
53 | ],
54 | "dnsSettings": {
55 | "dnsServers": []
56 | },
57 | "enableIPForwarding": true
58 | },
59 | "resources": [],
60 | "dependsOn": []
61 | }
62 | ]
63 | }
--------------------------------------------------------------------------------
/arm/nic_nsg.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "nicName": {
6 | "defaultValue": "myNic",
7 | "type": "string"
8 | },
9 | "nsgName": {
10 | "defaultValue": "myNsg",
11 | "type": "string"
12 | },
13 | "ipConfigName": {
14 | "defaultValue": "myIpConfig",
15 | "type": "string"
16 | },
17 | "vnetName": {
18 | "defaultValue": "myVnet",
19 | "type": "string"
20 | },
21 | "subnetName": {
22 | "defaultValue": "serverSubnet",
23 | "type": "string"
24 | },
25 | "slbName": {
26 | "defaultValue": "mySLB",
27 | "type": "string"
28 | },
29 | "backendConfigName": {
30 | "defaultValue": "myBackendConfig",
31 | "type": "string"
32 | }
33 | },
34 | "variables": {
35 | "apiVersion": "2016-03-30"
36 | },
37 | "resources": [
38 | {
39 | "comments": "NSGs not required, but here for extra security",
40 | "type": "Microsoft.Network/networkSecurityGroups",
41 | "name": "[parameters('nsgName')]",
42 | "apiVersion": "[variables('apiVersion')]",
43 | "location": "[resourceGroup().location]",
44 | "properties": {
45 | "securityRules": [
46 | {
47 | "name": "default-allow-ssh",
48 | "properties": {
49 | "protocol": "TCP",
50 | "sourcePortRange": "*",
51 | "destinationPortRange": "22",
52 | "sourceAddressPrefix": "*",
53 | "destinationAddressPrefix": "*",
54 | "access": "Allow",
55 | "priority": 1000,
56 | "direction": "Inbound"
57 | }
58 | },
59 | {
60 | "name": "default-allow-web",
61 | "properties": {
62 | "protocol": "TCP",
63 | "sourcePortRange": "*",
64 | "destinationPortRange": "80",
65 | "sourceAddressPrefix": "*",
66 | "destinationAddressPrefix": "*",
67 | "access": "Allow",
68 | "priority": 1010,
69 | "direction": "Inbound"
70 | }
71 | }
72 | ]
73 | },
74 | "resources": [],
75 | "dependsOn": []
76 | },
77 | {
78 | "comments": "NICs created with dynamic IP addresses",
79 | "type": "Microsoft.Network/networkInterfaces",
80 | "name": "[parameters('nicName')]",
81 | "apiVersion": "[variables('apiVersion')]",
82 | "location": "[resourceGroup().location]",
83 | "properties": {
84 | "ipConfigurations": [
85 | {
86 | "name": "[parameters('ipConfigName')]",
87 | "properties": {
88 | "privateIPAllocationMethod": "Dynamic",
89 | "subnet": {
90 | "id": "[concat(resourceId('Microsoft.Network/virtualNetworks', parameters('vnetName')), '/subnets/', parameters('subnetName'))]"
91 | }
92 | }
93 | }
94 | ],
95 | "dnsSettings": {
96 | "dnsServers": []
97 | },
98 | "enableIPForwarding": false,
99 | "networkSecurityGroup": {
100 | "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgName'))]"
101 | }
102 | },
103 | "resources": [],
104 | "dependsOn": [
105 | "[parameters('nsgName')]"
106 | ]
107 | }
108 | ]
109 | }
--------------------------------------------------------------------------------
/arm/nic_nsg_slb.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "nicName": {
6 | "defaultValue": "myNic",
7 | "type": "string"
8 | },
9 | "nsgName": {
10 | "defaultValue": "myNsg",
11 | "type": "string"
12 | },
13 | "ipConfigName": {
14 | "defaultValue": "myIpConfig",
15 | "type": "string"
16 | },
17 | "vnetName": {
18 | "defaultValue": "myVnet",
19 | "type": "string"
20 | },
21 | "subnetName": {
22 | "defaultValue": "serverSubnet",
23 | "type": "string"
24 | },
25 | "slbName": {
26 | "defaultValue": "mySLB",
27 | "type": "string"
28 | },
29 | "backendConfigName": {
30 | "defaultValue": "myBackendConfig",
31 | "type": "string"
32 | }
33 | },
34 | "variables": {
35 | "apiVersion": "2016-03-30"
36 | },
37 | "resources": [
38 | {
39 | "comments": "NSGs not required, but here for extra security",
40 | "type": "Microsoft.Network/networkSecurityGroups",
41 | "name": "[parameters('nsgName')]",
42 | "apiVersion": "[variables('apiVersion')]",
43 | "location": "[resourceGroup().location]",
44 | "properties": {
45 | "securityRules": [
46 | {
47 | "name": "default-allow-ssh",
48 | "properties": {
49 | "protocol": "TCP",
50 | "sourcePortRange": "*",
51 | "destinationPortRange": "22",
52 | "sourceAddressPrefix": "*",
53 | "destinationAddressPrefix": "*",
54 | "access": "Allow",
55 | "priority": 1000,
56 | "direction": "Inbound"
57 | }
58 | },
59 | {
60 | "name": "default-allow-web",
61 | "properties": {
62 | "protocol": "TCP",
63 | "sourcePortRange": "*",
64 | "destinationPortRange": "80",
65 | "sourceAddressPrefix": "*",
66 | "destinationAddressPrefix": "*",
67 | "access": "Allow",
68 | "priority": 1010,
69 | "direction": "Inbound"
70 | }
71 | }
72 | ]
73 | },
74 | "resources": [],
75 | "dependsOn": []
76 | },
77 | {
78 | "comments": "NICs created with dynamic IP addresses",
79 | "type": "Microsoft.Network/networkInterfaces",
80 | "name": "[parameters('nicName')]",
81 | "apiVersion": "[variables('apiVersion')]",
82 | "location": "[resourceGroup().location]",
83 | "properties": {
84 | "ipConfigurations": [
85 | {
86 | "name": "[parameters('ipConfigName')]",
87 | "properties": {
88 | "privateIPAllocationMethod": "Dynamic",
89 | "subnet": {
90 | "id": "[concat(resourceId('Microsoft.Network/virtualNetworks', parameters('vnetName')), '/subnets/', parameters('subnetName'))]"
91 | },
92 | "loadBalancerBackendAddressPools": [
93 | {
94 | "id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('slbName')), '/backendAddressPools/', parameters('backendConfigName'))]"
95 | }
96 | ]
97 | }
98 | }
99 | ],
100 | "dnsSettings": {
101 | "dnsServers": []
102 | },
103 | "enableIPForwarding": false,
104 | "networkSecurityGroup": {
105 | "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgName'))]"
106 | }
107 | },
108 | "resources": [],
109 | "dependsOn": [
110 | "[parameters('nsgName')]"
111 | ]
112 | }
113 | ]
114 | }
--------------------------------------------------------------------------------
/arm/nothing.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {},
5 | "variables": {},
6 | "resources": []
7 | }
--------------------------------------------------------------------------------
/arm/nvaLinux_1nic_noVnet_ScaleSet_ILBonly.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "vnetName": {
6 | "defaultValue": "myVnet4",
7 | "type": "string"
8 | },
9 | "vmType": {
10 | "defaultValue": "ubuntu",
11 | "type": "string",
12 | "allowedValues": ["ubuntu"]
13 | },
14 | "vmCount": {
15 | "defaultValue": 2,
16 | "type": "int"
17 | },
18 | "vmName": {
19 | "defaultValue": "linuxnva-vmss",
20 | "type": "string"
21 | },
22 | "vmSSName": {
23 | "defaultValue": "nva-vmss",
24 | "type": "string"
25 | },
26 | "vmSize": {
27 | "defaultValue": "Standard_B2ms",
28 | "type": "string"
29 | },
30 | "scaleSettingsName": {
31 | "defaultValue": "VMSSsettings",
32 | "type": "string"
33 | },
34 | "vmUsr": {
35 | "defaultValue": "lab-user",
36 | "type": "string"
37 | },
38 | "vmPwd": {
39 | "defaultValue": null,
40 | "type": "securestring"
41 | },
42 | "pipName": {
43 | "defaultValue": "nva-publicIP",
44 | "type": "string"
45 | },
46 | "subnet0Name": {
47 | "defaultValue": "myVnet4subnet2",
48 | "type": "string"
49 | },
50 | "subnet1Name": {
51 | "defaultValue": "myVnet4subnet3",
52 | "type": "string"
53 | },
54 | "ip0": {
55 | "defaultValue": "10.0.0.10",
56 | "type": "string",
57 | "metadata": { "description": "This string will be completed with the copyIndex: .101, .102, etc" }
58 | },
59 | "ip1": {
60 | "defaultValue": "10.0.1.10",
61 | "type": "string",
62 | "metadata": { "description": "This string will be completed with the copyIndex: .101, .102, etc" }
63 | },
64 | "scriptUri": {
65 | "defaultValue": "[uri(deployment().properties.templateLink.uri, 'linuxNVAconfig.sh')]",
66 | "type": "string",
67 | "metadata": { "description": "Script that will be executed" }
68 | },
69 | "scriptCmd": {
70 | "defaultValue": "sh linuxNVAconfig.sh",
71 | "type": "string",
72 | "metadata": { "description": "Command to run the script" }
73 | },
74 | "deployLBYesNo": {
75 | "defaultValue": "yes",
76 | "type": "string"
77 | }
78 | },
79 | "variables": {
80 | "deploymentApiVersion": "2022-09-01",
81 | "computeApiVersion": "2023-03-01",
82 | "vnetID": "[resourceId('Microsoft.Network/virtualNetworks', parameters('vnetName'))]",
83 | "subnet0Id": "[concat(variables('vnetID'), '/subnets/', parameters('subnet0Name'))]",
84 | "subnet1Id": "[concat(variables('vnetID'), '/subnets/', parameters('subnet1Name'))]",
85 | "settingsTable": {
86 | "ubuntu": {
87 | "product": "0001-com-ubuntu-server-jammy",
88 | "publisher": "Canonical",
89 | "sku": "22_04-lts-gen2",
90 | "vmSize": "[parameters('vmSize')]"
91 | }
92 | },
93 | "settings": "[variables('settingsTable')[parameters('vmType')]]",
94 | "slbName": "[concat(parameters('vmName'), '-slb')]",
95 | "slbBackendName": "[concat(parameters('vmName'), '-slbBackend')]",
96 | "ipPrefix": "10.4.2",
97 | "vipSuffix": "200",
98 | "slbSubnet": "[parameters('subnet0Name')]",
99 | "deployLBTemplate": {
100 | "yes": "[uri(deployment().properties.templateLink.uri, 'slb.json')]",
101 | "no": "[uri(deployment().properties.templateLink.uri, 'nothing.json')]"
102 | },
103 | "LBTemplateURI": "[variables('deployLBTemplate')[parameters('deployLBYesNo')]]",
104 | "deployLBintParametersHash": {
105 | "yes": {
106 | "externalInternal": {
107 | "value": "internal"
108 | },
109 | "vnetName": {
110 | "value": "[parameters('vnetName')]"
111 | },
112 | "subnetName": {
113 | "value": "[variables('slbSubnet')]"
114 | },
115 | "slbName": {
116 | "value": "[concat(variables('slbName'), '-int')]"
117 | },
118 | "lbSku": {
119 | "value": "standard"
120 | },
121 | "backendConfigName": {
122 | "value": "[concat(variables('slbBackendName'), '-int')]"
123 | },
124 | "ipPrefix": {
125 | "value": "[variables('ipPrefix')]"
126 | },
127 | "vipSuffix": {
128 | "value": "[variables('vipSuffix')]"
129 | },
130 | "probePort": {
131 | "value": 1138
132 | },
133 | "frontendPort": {
134 | "value": 22
135 | },
136 | "backendPort": {
137 | "value": 22
138 | },
139 | "ruleName": {
140 | "value": "ssh"
141 | },
142 | "dsr": {
143 | "value": "true"
144 | }
145 | },
146 | "no": {
147 | }
148 | },
149 | "deployLBintParameters": "[variables('deployLBintParametersHash')[parameters('deployLBYesNo')]]"
150 | },
151 | "resources": [
152 | {
153 | "comments": "Optionally, create an internal load balancer",
154 | "name": "slb-int",
155 | "type": "Microsoft.Resources/deployments",
156 | "apiVersion": "[variables('deploymentApiVersion')]",
157 | "properties": {
158 | "mode": "Incremental",
159 | "templateLink": {
160 | "uri": "[variables('LBTemplateUri')]",
161 | "contentVersion": "1.0.0.0"
162 | },
163 | "parameters": "[variables('deployLBintParameters')]"
164 | }
165 | },
166 | {
167 | "comments": "Create Scale Set for NVAs",
168 | "type": "Microsoft.Compute/virtualMachineScaleSets",
169 | "name": "[parameters('vmSSName')]",
170 | "location": "[resourceGroup().location]",
171 | "apiVersion": "[variables('computeApiVersion')]",
172 | "dependsOn": [
173 | "slb-int"
174 | ],
175 | "sku": {
176 | "name": "[variables('settings')['vmSize']]",
177 | "capacity": "[parameters('vmCount')]"
178 | },
179 | "properties": {
180 | "overprovision": true,
181 | "upgradePolicy": {
182 | "mode": "Manual"
183 | },
184 | "virtualMachineProfile": {
185 | "storageProfile": {
186 | "osDisk": {
187 | "createOption": "FromImage"
188 | },
189 | "imageReference": {
190 | "publisher": "[variables('settings')['publisher']]",
191 | "offer": "[variables('settings')['product']]",
192 | "sku": "[variables('settings')['sku']]",
193 | "version": "latest"
194 | }
195 | },
196 | "osProfile": {
197 | "computerNamePrefix": "[parameters('vmName')]",
198 | "adminUsername": "[parameters('vmUsr')]",
199 | "adminPassword": "[parameters('vmPwd')]"
200 | },
201 | "networkProfile": {
202 | "networkInterfaceConfigurations": [
203 | {
204 | "name": "nic0",
205 | "properties": {
206 | "primary": true,
207 | "enableIPForwarding": true,
208 | "ipConfigurations": [
209 | {
210 | "name": "ipconfig0",
211 | "properties": {
212 | "subnet": {
213 | "id": "[variables('subnet0Id')]"
214 | },
215 | "publicIPAddressconfiguration": {
216 | "name": "nvavmsspip",
217 | "properties": {
218 | "publicIPAllocationMethod": "Static",
219 | "idleTimeoutInMinutes": 4
220 | }
221 | },
222 | "loadBalancerBackendAddressPools": [
223 | {
224 | "id": "[concat(resourceId('Microsoft.Network/loadBalancers', concat(variables('slbName'), '-int')), '/backendAddressPools/', concat(variables('slbBackendName'), '-int'))]"
225 | }
226 | ]
227 | }
228 | }
229 | ]
230 | }
231 | }
232 | ]
233 | },
234 | "extensionProfile": {
235 | "extensions": [
236 | {
237 | "name": "VMSScustomScript",
238 | "properties": {
239 | "publisher": "Microsoft.Azure.Extensions",
240 | "settings": {
241 | "fileUris": [
242 | "[parameters('scriptUri')]"
243 | ]
244 | },
245 | "protectedSettings": {
246 | "commandToExecute": "[parameters('scriptCmd')]"
247 | },
248 | "typeHandlerVersion": "2.0",
249 | "autoUpgradeMinorVersion": true,
250 | "type": "CustomScript"
251 | }
252 | }
253 | ]
254 | }
255 | }
256 | }
257 | },
258 | {
259 | "comments": "Create the autoscale settings for the VM scale set",
260 | "type": "Microsoft.Insights/autoscaleSettings",
261 | "apiVersion": "2022-10-01",
262 | "name": "[parameters('scaleSettingsName')]",
263 | "location": "[resourceGroup().location]",
264 | "dependsOn": [
265 | "[concat('Microsoft.Compute/virtualMachineScaleSets/', parameters('vmSSName'))]"
266 | ],
267 | "properties": {
268 | "name": "[parameters('scaleSettingsName')]",
269 | "targetResourceUri": "[concat('/subscriptions/',subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Compute/virtualMachineScaleSets/', parameters('vmSSName'))]",
270 | "enabled": true,
271 | "profiles": [
272 | {
273 | "name": "Profile1",
274 | "capacity": {
275 | "minimum": "2",
276 | "maximum": "10",
277 | "default": "2"
278 | },
279 | "rules": [
280 | {
281 | "metricTrigger": {
282 | "metricName": "Percentage CPU",
283 | "metricNamespace": "",
284 | "metricResourceUri": "[concat('/subscriptions/',subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Compute/virtualMachineScaleSets/', parameters('vmSSName'))]",
285 | "timeGrain": "PT1M",
286 | "statistic": "Average",
287 | "timeWindow": "PT5M",
288 | "timeAggregation": "Average",
289 | "operator": "GreaterThan",
290 | "threshold": 60.0
291 | },
292 | "scaleAction": {
293 | "direction": "Increase",
294 | "type": "ChangeCount",
295 | "value": "1",
296 | "cooldown": "PT1M"
297 | }
298 | },
299 | {
300 | "metricTrigger": {
301 | "metricName": "Percentage CPU",
302 | "metricNamespace": "",
303 | "metricResourceUri": "[concat('/subscriptions/',subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Compute/virtualMachineScaleSets/', parameters('vmSSName'))]",
304 | "timeGrain": "PT1M",
305 | "statistic": "Average",
306 | "timeWindow": "PT5M",
307 | "timeAggregation": "Average",
308 | "operator": "LessThan",
309 | "threshold": 30.0
310 | },
311 | "scaleAction": {
312 | "direction": "Decrease",
313 | "type": "ChangeCount",
314 | "value": "1",
315 | "cooldown": "PT5M"
316 | }
317 | }
318 | ]
319 | }
320 | ]
321 | }
322 | }
323 | ]
324 | }
325 |
--------------------------------------------------------------------------------
/arm/nvaLinux_2nic_noVnet.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "apiVersion": {
6 | "defaultValue": "2015-06-15",
7 | "type": "string"
8 | },
9 | "vnetName": {
10 | "defaultValue": "myVnet4",
11 | "type": "string"
12 | },
13 | "vmType": {
14 | "defaultValue": "ubuntu",
15 | "type": "string",
16 | "allowedValues": ["ubuntu"]
17 | },
18 | "vmCount": {
19 | "defaultValue": 1,
20 | "type": "int"
21 | },
22 | "vmName": {
23 | "defaultValue": "myNva",
24 | "type": "string"
25 | },
26 | "vmUsr": {
27 | "defaultValue": "myadmin",
28 | "type": "string"
29 | },
30 | "vmSize": {
31 | "defaultValue": "Standard_B2ms",
32 | "type": "string"
33 | },
34 | "vmPwd": {
35 | "defaultValue": null,
36 | "type": "securestring"
37 | },
38 | "pipName": {
39 | "defaultValue": "nva-publicIP",
40 | "type": "string"
41 | },
42 | "createPip": {
43 | "defaultValue": "no",
44 | "type": "string",
45 | "allowedValues": ["yes", "no"]
46 | },
47 | "subnet0Name": {
48 | "defaultValue": "subnet1",
49 | "type": "string"
50 | },
51 | "subnet1Name": {
52 | "defaultValue": "subnet2",
53 | "type": "string"
54 | },
55 | "ip0": {
56 | "defaultValue": "10.0.0.10",
57 | "type": "string",
58 | "metadata": { "description": "This string will be completed with the copyIndex: .101, .102, etc" }
59 | },
60 | "ip1": {
61 | "defaultValue": "10.0.1.10",
62 | "type": "string",
63 | "metadata": { "description": "This string will be completed with the copyIndex: .101, .102, etc" }
64 | },
65 | "scriptUri": {
66 | "defaultValue": "[uri(deployment().properties.templateLink.uri, 'linuxNVAconfig.sh')]",
67 | "type": "string",
68 | "metadata": { "description": "Script that will be executed" }
69 | },
70 | "scriptCmd": {
71 | "defaultValue": "sh linuxNVAconfig.sh",
72 | "type": "string",
73 | "metadata": { "description": "Command to run the script" }
74 | },
75 | "deployLBYesNo": {
76 | "defaultValue": "no",
77 | "type": "string"
78 | },
79 | "lbSku": {
80 | "defaultValue": "basic",
81 | "type": "string",
82 | "allowedValues": [ "basic","standard" ],
83 | "metadata": { "description": "Whether Load Balancers should be Basic or Standard" }
84 | }
85 | },
86 | "variables": {
87 | "deploymentApiVersion": "2022-09-01",
88 | "computeApiVersion": "2023-03-01",
89 | "vmExtensionApiVersion": "2023-07-01",
90 | "nicTemplatePipNsg": "[uri(deployment().properties.templateLink.uri, 'nic_NSG_noSLB_PIP_static.json')]",
91 | "nicTemplateNoPipNsg": "[uri(deployment().properties.templateLink.uri, 'nic_NSG_noSLB_noPIP_static.json')]",
92 | "nicTemplateNoPipNoNsg": "[uri(deployment().properties.templateLink.uri, 'nic_noNSG_noSLB_noPIP_static.json')]",
93 | "nic0Template": "[if(equals(parameters('createPip'), 'yes'), variables('nicTemplatePipNsg'), variables('nicTemplateNoPipNsg'))]",
94 | "nic1Template": "[variables('nicTemplateNoPipNoNsg')]",
95 | "defaultGw": {
96 | "nic0": "[concat(parameters('ip0'), '1')]",
97 | "nic1": "[concat(parameters('ip1'), '1')]"
98 | },
99 | "settingsTable": {
100 | "ubuntu": {
101 | "product": "0001-com-ubuntu-server-jammy",
102 | "publisher": "Canonical",
103 | "sku": "22_04-lts-gen2",
104 | "vmSize": "[parameters('vmSize')]"
105 | }
106 | },
107 | "settings": "[variables('settingsTable')[parameters('vmType')]]",
108 | "slbName": "[concat(parameters('vmName'), '-slb')]",
109 | "slbBackendName": "[concat(parameters('vmName'), '-slbBackend')]",
110 | "slbPipName": "[concat(parameters('vmName'), '-slbPip')]",
111 | "ipPrefix": "10.4.2",
112 | "vipSuffix": "100",
113 | "slbSubnet": "[parameters('subnet0Name')]",
114 | "deployLBTemplate": {
115 | "yes": "[uri(deployment().properties.templateLink.uri, 'slb.json')]",
116 | "no": "[uri(deployment().properties.templateLink.uri, 'nothing.json')]"
117 | },
118 | "LBTemplateURI": "[variables('deployLBTemplate')[parameters('deployLBYesNo')]]",
119 | "deployLBintParametersHash": {
120 | "yes": {
121 | "externalInternal": {
122 | "value": "internal"
123 | },
124 | "vnetName": {
125 | "value": "[parameters('vnetName')]"
126 | },
127 | "subnetName": {
128 | "value": "[variables('slbSubnet')]"
129 | },
130 | "slbName": {
131 | "value": "[concat(variables('slbName'), '-int')]"
132 | },
133 | "lbSku": {
134 | "value": "[parameters('lbSku')]"
135 | },
136 | "backendConfigName": {
137 | "value": "[concat(variables('slbBackendName'), '-int')]"
138 | },
139 | "ipPrefix": {
140 | "value": "[variables('ipPrefix')]"
141 | },
142 | "vipSuffix": {
143 | "value": "[variables('vipSuffix')]"
144 | },
145 | "probePort": {
146 | "value": 1138
147 | },
148 | "frontendPort": {
149 | "value": 22
150 | },
151 | "backendPort": {
152 | "value": 22
153 | },
154 | "ruleName": {
155 | "value": "ssh"
156 | }
157 | },
158 | "no": {
159 | }
160 | },
161 | "deployLBintParameters": "[variables('deployLBintParametersHash')[parameters('deployLBYesNo')]]",
162 | "deployLBextParametersHash": {
163 | "yes": {
164 | "externalInternal": {
165 | "value": "external"
166 | },
167 | "vnetName": {
168 | "value": "[parameters('vnetName')]"
169 | },
170 | "subnetName": {
171 | "value": "[variables('slbSubnet')]"
172 | },
173 | "slbName": {
174 | "value": "[concat(variables('slbName'), '-ext')]"
175 | },
176 | "lbSku": {
177 | "value": "[parameters('lbSku')]"
178 | },
179 | "backendConfigName": {
180 | "value": "[concat(variables('slbBackendName'), '-ext')]"
181 | },
182 | "pipName": {
183 | "value": "[concat(variables('slbPipName'), '-ext')]"
184 | },
185 | "probePort": {
186 | "value": 1139
187 | },
188 | "frontendPort": {
189 | "value": 1022
190 | },
191 | "backendPort": {
192 | "value": 22
193 | },
194 | "ruleName": {
195 | "value": "ssh"
196 | }
197 | },
198 | "no": {
199 | }
200 | },
201 | "deployLBextParameters": "[variables('deployLBextParametersHash')[parameters('deployLBYesNo')]]"
202 | },
203 | "resources": [
204 | {
205 | "comments": "Optionally, create an internal load balancer",
206 | "name": "nva-slb-int",
207 | "type": "Microsoft.Resources/deployments",
208 | "apiVersion": "[variables('deploymentApiVersion')]",
209 | "properties": {
210 | "mode": "Incremental",
211 | "templateLink": {
212 | "uri": "[variables('LBTemplateUri')]",
213 | "contentVersion": "1.0.0.0"
214 | },
215 | "parameters": "[variables('deployLBintParameters')]"
216 | }
217 | },
218 | {
219 | "comments": "Optionally, create an external load balancer. Wait until the internal has been created, there seems to be some conflict when creating both at the same time",
220 | "name": "nva-slb-ext",
221 | "type": "Microsoft.Resources/deployments",
222 | "apiVersion": "[variables('deploymentApiVersion')]",
223 | "properties": {
224 | "mode": "Incremental",
225 | "templateLink": {
226 | "uri": "[variables('LBTemplateUri')]",
227 | "contentVersion": "1.0.0.0"
228 | },
229 | "parameters": "[variables('deployLBextParameters')]"
230 | },
231 | "dependsOn": [
232 | "nva-slb-int"
233 | ]
234 | },
235 | {
236 | "comments": "Deploy Linux VM as Virtual Network Appliance",
237 | "type": "Microsoft.Compute/virtualMachines",
238 | "name": "[concat(parameters('vmName'), '-', copyIndex(1))]",
239 | "apiVersion": "[variables('computeApiVersion')]",
240 | "location": "[resourceGroup().location]",
241 | "zones": [
242 | "[add(mod(copyIndex(1), 3),1)]"
243 | ],
244 | "properties": {
245 | "hardwareProfile": {
246 | "vmSize": "[variables('settings')['vmSize']]"
247 | },
248 | "storageProfile": {
249 | "imageReference": {
250 | "publisher": "[variables('settings')['publisher']]",
251 | "offer": "[variables('settings')['product']]",
252 | "sku": "[variables('settings')['sku']]",
253 | "version": "latest"
254 | },
255 | "osDisk": {
256 | "osType": "Linux",
257 | "createOption": "FromImage",
258 | "diskSizeGB": 31
259 | },
260 | "dataDisks": []
261 | },
262 | "osProfile": {
263 | "computerName": "[concat(parameters('vmName'), '-', copyIndex(1))]",
264 | "adminUsername": "[parameters('vmUsr')]",
265 | "linuxConfiguration": {
266 | "disablePasswordAuthentication": false
267 | },
268 | "secrets": [],
269 | "adminPassword": "[parameters('vmPwd')]"
270 | },
271 | "networkProfile": {
272 | "networkInterfaces": [
273 | {
274 | "id": "[resourceId('Microsoft.Network/networkInterfaces', concat(parameters('vmName'), '-', copyIndex(1), '-nic0'))]",
275 | "properties": {
276 | "primary": true
277 | }
278 | },
279 | {
280 | "id": "[resourceId('Microsoft.Network/networkInterfaces', concat(parameters('vmName'), '-', copyIndex(1), '-nic1'))]",
281 | "properties": {
282 | "primary": false
283 | }
284 | }
285 | ]
286 | }
287 | },
288 | "resources": [],
289 | "copy": {
290 | "name": "[parameters('vmName')]",
291 | "count": "[parameters('vmCount')]"
292 | },
293 | "dependsOn": [
294 | "[concat(parameters('vmName'), '-nic0')]",
295 | "[concat(parameters('vmName'), '-nic1')]"
296 | ]
297 | },
298 | {
299 | "comments": "Create eth0 with or without PIP, depending on the template",
300 | "name": "[concat(parameters('vmName'), '-', copyIndex(1), '-nic0')]",
301 | "type": "Microsoft.Resources/deployments",
302 | "apiVersion": "[variables('deploymentApiVersion')]",
303 | "properties": {
304 | "mode": "Incremental",
305 | "templateLink": {
306 | "uri": "[variables('nic0Template')]",
307 | "contentVersion": "1.0.0.0"
308 | },
309 | "parameters": {
310 | "nicName": {"value": "[concat(parameters('vmName'), '-', copyIndex(1), '-nic0')]"},
311 | "ipAddress": { "value": "[concat(parameters('ip0'), copyIndex(1))]" },
312 | "vnetName": { "value": "[parameters('vnetName')]" },
313 | "subnetName": { "value": "[parameters('subnet0Name')]"},
314 | "pipSku": { "value": "[parameters('lbSku')]"},
315 | "pipName": { "value": "[concat(parameters('pipName'), '-', copyIndex(1))]" }
316 | }
317 | },
318 | "dependsOn": [
319 | ],
320 | "copy": {
321 | "name": "[concat(parameters('vmName'), '-nic0')]",
322 | "count": "[parameters('vmCount')]"
323 | }
324 | },
325 | {
326 | "comments": "Create eth1",
327 | "name": "[concat(parameters('vmName'), '-', copyIndex(1), '-nic1')]",
328 | "type": "Microsoft.Resources/deployments",
329 | "apiVersion": "[variables('deploymentApiVersion')]",
330 | "properties": {
331 | "mode": "Incremental",
332 | "templateLink": {
333 | "uri": "[variables('nic1Template')]",
334 | "contentVersion": "1.0.0.0"
335 | },
336 | "parameters": {
337 | "nicName": {"value": "[concat(parameters('vmName'), '-', copyIndex(1), '-nic1')]"},
338 | "ipAddress": { "value": "[concat(parameters('ip1'), copyIndex(1))]" },
339 | "vnetName": { "value": "[parameters('vnetName')]" },
340 | "subnetName": { "value": "[parameters('subnet1Name')]"}
341 | }
342 | },
343 | "dependsOn": [
344 | "[concat(parameters('vmName'), '-nic0')]"
345 | ],
346 | "copy": {
347 | "name": "[concat(parameters('vmName'), '-nic1')]",
348 | "count": "[parameters('vmCount')]"
349 | }
350 | },
351 | {
352 | "type": "Microsoft.Compute/virtualMachines/extensions",
353 | "name": "[concat(parameters('vmName'), '-', copyIndex(1), '/installcustomscript')]",
354 | "apiVersion": "[variables('vmExtensionApiVersion')]",
355 | "location": "[resourceGroup().location]",
356 | "properties": {
357 | "publisher": "Microsoft.Azure.Extensions",
358 | "type": "CustomScript",
359 | "typeHandlerVersion": "2.0",
360 | "autoUpgradeMinorVersion": true,
361 | "settings": {
362 | "fileUris": [
363 | "[parameters('scriptUri')]"
364 | ],
365 | "commandToExecute": "[parameters('scriptCmd')]"
366 | }
367 | },
368 | "dependsOn": [
369 | "[parameters('vmName')]"
370 | ],
371 | "copy": {
372 | "name": "[concat(parameters('vmName'), '-script')]",
373 | "count": "[parameters('vmCount')]"
374 | }
375 | }
376 | ]
377 | }
378 |
--------------------------------------------------------------------------------
/arm/nvaLinux_2nic_noVnet_ScaleSet.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "vnetName": {
6 | "defaultValue": "myVnet4",
7 | "type": "string"
8 | },
9 | "vmType": {
10 | "defaultValue": "ubuntu",
11 | "type": "string",
12 | "allowedValues": ["ubuntu"]
13 | },
14 | "vmCount": {
15 | "defaultValue": 2,
16 | "type": "int"
17 | },
18 | "vmName": {
19 | "defaultValue": "linuxnva-vmss",
20 | "type": "string"
21 | },
22 | "vmSSName": {
23 | "defaultValue": "[concat('nvaSS',uniqueString(resourceGroup().id))]",
24 | "type": "string"
25 | },
26 | "vmSize": {
27 | "defaultValue": "Standard_B2ms",
28 | "type": "string"
29 | },
30 | "vmUsr": {
31 | "defaultValue": "lab-user",
32 | "type": "string"
33 | },
34 | "vmPwd": {
35 | "defaultValue": null,
36 | "type": "securestring"
37 | },
38 | "pipName": {
39 | "defaultValue": "[concat(parameters('vmName'), '-pip')]",
40 | "type": "string"
41 | },
42 | "subnet0Name": {
43 | "defaultValue": "myVnet4subnet2",
44 | "type": "string"
45 | },
46 | "subnet1Name": {
47 | "defaultValue": "myVnet4subnet3",
48 | "type": "string"
49 | },
50 | "ip0": {
51 | "defaultValue": "10.4.2.20",
52 | "type": "string",
53 | "metadata": { "description": "This string will be completed with the copyIndex: .101, .102, etc" }
54 | },
55 | "ip1": {
56 | "defaultValue": "10.4.3.20",
57 | "type": "string",
58 | "metadata": { "description": "Not used, this scale set uses single-NIC VMs" }
59 | },
60 | "scriptUri": {
61 | "defaultValue": "[uri(deployment().properties.templateLink.uri, 'linuxNVAconfig.sh')]",
62 | "type": "string",
63 | "metadata": { "description": "Script that will be executed" }
64 | },
65 | "scriptCmd": {
66 | "defaultValue": "sh linuxNVAconfig.sh",
67 | "type": "string",
68 | "metadata": { "description": "Command to run the script" }
69 | },
70 | "deployLBYesNo": {
71 | "defaultValue": "yes",
72 | "type": "string"
73 | }
74 | },
75 | "variables": {
76 | "deploymentApiVersion": "2022-09-01",
77 | "computeApiVersion": "2023-03-01",
78 | "autoscaleApiVersion": "2022-10-01",
79 | "vnetID": "[resourceId('Microsoft.Network/virtualNetworks', parameters('vnetName'))]",
80 | "subnet0Id": "[concat(variables('vnetID'), '/subnets/', parameters('subnet0Name'))]",
81 | "subnet1Id": "[concat(variables('vnetID'), '/subnets/', parameters('subnet1Name'))]",
82 | "settingsTable": {
83 | "ubuntu": {
84 | "product": "0001-com-ubuntu-server-jammy",
85 | "publisher": "Canonical",
86 | "sku": "22_04-lts-gen2",
87 | "vmSize": "[parameters('vmSize')]"
88 | }
89 | },
90 | "settings": "[variables('settingsTable')[parameters('vmType')]]",
91 | "slbName": "[concat(parameters('vmName'), '-slb')]",
92 | "slbBackendName": "[concat(parameters('vmName'), '-slbBackend')]",
93 | "slbPipName": "[concat(parameters('vmName'), '-slbPip')]",
94 | "ipPrefix": "10.4.2",
95 | "vipSuffix": "200",
96 | "slbSubnet": "[parameters('subnet0Name')]",
97 | "deployLBTemplate": {
98 | "yes": "[uri(deployment().properties.templateLink.uri, 'slb.json')]",
99 | "no": "[uri(deployment().properties.templateLink.uri, 'nothing.json')]"
100 | },
101 | "LBTemplateURI": "[variables('deployLBTemplate')[parameters('deployLBYesNo')]]",
102 | "deployLBintParametersHash": {
103 | "yes": {
104 | "externalInternal": {
105 | "value": "internal"
106 | },
107 | "vnetName": {
108 | "value": "[parameters('vnetName')]"
109 | },
110 | "subnetName": {
111 | "value": "[variables('slbSubnet')]"
112 | },
113 | "slbName": {
114 | "value": "[concat(variables('slbName'), '-int')]"
115 | },
116 | "backendConfigName": {
117 | "value": "[concat(variables('slbBackendName'), '-int')]"
118 | },
119 | "ipPrefix": {
120 | "value": "[variables('ipPrefix')]"
121 | },
122 | "vipSuffix": {
123 | "value": "[variables('vipSuffix')]"
124 | },
125 | "probePort": {
126 | "value": 1138
127 | }
128 | },
129 | "no": {
130 | }
131 | },
132 | "deployLBintParameters": "[variables('deployLBintParametersHash')[parameters('deployLBYesNo')]]",
133 | "deployLBextParametersHash": {
134 | "yes": {
135 | "externalInternal": {
136 | "value": "external"
137 | },
138 | "vnetName": {
139 | "value": "[parameters('vnetName')]"
140 | },
141 | "subnetName": {
142 | "value": "[variables('slbSubnet')]"
143 | },
144 | "slbName": {
145 | "value": "[concat(variables('slbName'), '-ext')]"
146 | },
147 | "backendConfigName": {
148 | "value": "[concat(variables('slbBackendName'), '-ext')]"
149 | },
150 | "pipName": {
151 | "value": "[concat(variables('slbPipName'), '-ext')]"
152 | },
153 | "probePort": {
154 | "value": 1139
155 | }
156 | },
157 | "no": {
158 | }
159 | },
160 | "deployLBextParameters": "[variables('deployLBextParametersHash')[parameters('deployLBYesNo')]]"
161 | },
162 | "resources": [
163 | {
164 | "comments": "Optionally, create an internal load balancer",
165 | "name": "slb-int",
166 | "type": "Microsoft.Resources/deployments",
167 | "apiVersion": "[variables('deploymentApiVersion')]",
168 | "properties": {
169 | "mode": "Incremental",
170 | "templateLink": {
171 | "uri": "[variables('LBTemplateUri')]",
172 | "contentVersion": "1.0.0.0"
173 | },
174 | "parameters": "[variables('deployLBintParameters')]"
175 | }
176 | },
177 | {
178 | "comments": "Create Scale Set for NVAs",
179 | "type": "Microsoft.Compute/virtualMachineScaleSets",
180 | "name": "[parameters('vmSSName')]",
181 | "location": "[resourceGroup().location]",
182 | "apiVersion": "[variables('computeApiVersion')]",
183 | "dependsOn": [
184 | "slb-int"
185 | ],
186 | "sku": {
187 | "name": "[variables('settings')['vmSize']]",
188 | "capacity": "[parameters('vmCount')]"
189 | },
190 | "properties": {
191 | "overprovision": "true",
192 | "upgradePolicy": {
193 | "mode": "Manual"
194 | },
195 | "virtualMachineProfile": {
196 | "storageProfile": {
197 | "osDisk": {
198 | "createOption": "FromImage"
199 | },
200 | "imageReference": {
201 | "publisher": "[variables('settings')['publisher']]",
202 | "offer": "[variables('settings')['product']]",
203 | "sku": "[variables('settings')['sku']]",
204 | "version": "latest"
205 | }
206 | },
207 | "osProfile": {
208 | "computerNamePrefix": "[parameters('vmName')]",
209 | "adminUsername": "[parameters('vmUsr')]",
210 | "adminPassword": "[parameters('vmPwd')]"
211 | },
212 | "networkProfile": {
213 | "networkInterfaceConfigurations": [
214 | {
215 | "name": "nic0",
216 | "properties": {
217 | "primary": "true",
218 | "ipConfigurations": [
219 | {
220 | "name": "ipconfig0",
221 | "enableIPForwarding": "true",
222 | "properties": {
223 | "subnet": {
224 | "id": "[variables('subnet0Id')]"
225 | },
226 | "loadBalancerBackendAddressPools": [
227 | {
228 | "id": "[concat(resourceId('Microsoft.Network/loadBalancers', concat(variables('slbName'), '-int')), '/backendAddressPools/', concat(variables('slbBackendName'), '-int'))]"
229 | }
230 | ]
231 | }
232 | }
233 | ]
234 | }
235 | },
236 | {
237 | "name": "nic1",
238 | "properties": {
239 | "primary": "false",
240 | "enableIPForwarding": "true",
241 | "ipConfigurations": [
242 | {
243 | "name": "ipconfig1",
244 | "properties": {
245 | "subnet": {
246 | "id": "[variables('subnet1Id')]"
247 | },
248 | "loadBalancerBackendAddressPools": [
249 | {
250 | "id": "[concat(resourceId('Microsoft.Network/loadBalancers', concat(variables('slbName'), '-ext')), '/backendAddressPools/', concat(variables('slbBackendName'), '-ext'))]"
251 | }
252 | ]
253 | }
254 | }
255 | ]
256 | }
257 | }
258 | ]
259 | },
260 | "extensionProfile": {
261 | "extensions": [
262 | {
263 | "name": "customScript",
264 | "properties": {
265 | "publisher": "Microsoft.Compute",
266 | "settings": {
267 | "fileUris": [
268 | "[parameters('scriptUri')]"
269 | ]
270 | },
271 | "typeHandlerVersion": "2.0",
272 | "autoUpgradeMinorVersion": true,
273 | "protectedSettings": {
274 | "commandToExecute": "[parameters('scriptCmd')]"
275 | },
276 | "type": "CustomScriptExtension"
277 | }
278 | }
279 | ]
280 | }
281 | }
282 | }
283 | }
284 | ]
285 | }
286 |
--------------------------------------------------------------------------------
/arm/nva_2nic_noVnet.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "apiVersion": {
6 | "defaultValue": "2015-06-15",
7 | "type": "string"
8 | },
9 | "vnetName": {
10 | "defaultValue": "myVnet",
11 | "type": "string"
12 | },
13 | "vmType": {
14 | "defaultValue": "csr",
15 | "type": "string",
16 | "allowedValues": ["csr", "ubuntu"]
17 | },
18 | "vmCount": {
19 | "defaultValue": 1,
20 | "type": "int"
21 | },
22 | "vmName": {
23 | "defaultValue": "myCsr",
24 | "type": "string"
25 | },
26 | "vmUsr": {
27 | "defaultValue": "myadmin",
28 | "type": "string"
29 | },
30 | "vmPwd": {
31 | "defaultValue": null,
32 | "type": "securestring"
33 | },
34 | "pipName": {
35 | "defaultValue": "csr-publicIP",
36 | "type": "string"
37 | },
38 | "subnet0Name": {
39 | "defaultValue": "subnet1",
40 | "type": "string"
41 | },
42 | "subnet1Name": {
43 | "defaultValue": "subnet2",
44 | "type": "string"
45 | },
46 | "ip0": {
47 | "defaultValue": "10.0.0.10",
48 | "type": "string",
49 | "metadata": { "description": "This string will be completed with the copyIndex: .101, .102, etc" }
50 | },
51 | "ip1": {
52 | "defaultValue": "10.0.1.10",
53 | "type": "string",
54 | "metadata": { "description": "This string will be completed with the copyIndex: .101, .102, etc" }
55 | },
56 | "scriptUri": {
57 | "defaultValue": "",
58 | "type": "string",
59 | "metadata": { "description": "Not used, included for parameter-compatibility with nvaLinux_2nic_noVnet.json" }
60 | },
61 | "scriptCmd": {
62 | "defaultValue": "",
63 | "type": "string",
64 | "metadata": { "description": "Not used, included for parameter-compatibility with nvaLinux_2nic_noVnet.json" }
65 | }
66 | },
67 | "variables": {
68 | "deploymentApiVersion": "2022-09-01",
69 | "computeApiVersion": "2023-03-01",
70 | "defaultGw": {
71 | "nic0": "[concat(parameters('ip0'), '1')]",
72 | "nic1": "[concat(parameters('ip1'), '1')]"
73 | },
74 | "settingsTable": {
75 | "asa": {
76 | "planName": "asav-azure-byol",
77 | "product": "cisco-asav",
78 | "publisher": "cisco",
79 | "sku": "asav-azure-byol",
80 | "vmSize": "Standard_D3_v2"
81 | },
82 | "csr": {
83 | "planName": "csr-azure-byol",
84 | "product": "cisco-csr-1000v",
85 | "publisher": "cisco",
86 | "sku": "csr-azure-byol",
87 | "vmSize": "Standard_D3_v2"
88 | },
89 | "ubuntu": {
90 | "planName": "Ubuntu Server 16.04 LTS",
91 | "product": "0001-com-ubuntu-server-jammy",
92 | "publisher": "Canonical",
93 | "sku": "22_04-lts-gen2",
94 | "vmSize": "Standard_D2_v2"
95 | }
96 | },
97 | "settings": "[variables('settingsTable')[parameters('vmType')]]",
98 | },
99 | "resources": [
100 | {
101 | "comments": "Deploy Virtual Network Appliance",
102 | "type": "Microsoft.Compute/virtualMachines",
103 | "name": "[concat(parameters('vmName'), '-', copyIndex(1))]",
104 | "apiVersion": "[variables('computeApiVersion')]",
105 | "location": "[resourceGroup().location]",
106 | "zones": [
107 | "[add(mod(copyIndex(1), 3),1)]"
108 | ],
109 | "plan": {
110 | "name": "[variables('settings')['planName']]",
111 | "product": "[variables('settings')['product']]",
112 | "publisher": "[variables('settings')['publisher']]"
113 | },
114 | "properties": {
115 | "hardwareProfile": {
116 | "vmSize": "[variables('settings')['vmSize']]"
117 | },
118 | "storageProfile": {
119 | "imageReference": {
120 | "publisher": "[variables('settings')['publisher']]",
121 | "offer": "[variables('settings')['product']]",
122 | "sku": "[variables('settings')['sku']]",
123 | "version": "latest"
124 | },
125 | "osDisk": {
126 | "osType": "Linux",
127 | "createOption": "FromImage",
128 | "diskSizeGB": 31
129 | },
130 | "dataDisks": []
131 | },
132 | "osProfile": {
133 | "computerName": "[parameters('vmName')]",
134 | "adminUsername": "[parameters('vmUsr')]",
135 | "linuxConfiguration": {
136 | "disablePasswordAuthentication": false
137 | },
138 | "secrets": [],
139 | "adminPassword": "[parameters('vmPwd')]"
140 | },
141 | "networkProfile": {
142 | "networkInterfaces": [
143 | {
144 | "id": "[resourceId('Microsoft.Network/networkInterfaces', concat(parameters('vmName'), '-', copyIndex(1), '-nic0'))]",
145 | "properties": {
146 | "primary": true
147 | }
148 | },
149 | {
150 | "id": "[resourceId('Microsoft.Network/networkInterfaces', concat(parameters('vmName'), '-', copyIndex(1), '-nic1'))]",
151 | "properties": {
152 | "primary": false
153 | }
154 | }
155 | ]
156 | }
157 | },
158 | "resources": [],
159 | "copy": {
160 | "name": "[parameters('vmName')]",
161 | "count": "[parameters('vmCount')]"
162 | },
163 | "dependsOn": [
164 | "[concat(parameters('vmName'), '-nic0')]",
165 | "[concat(parameters('vmName'), '-nic1')]"
166 | ]
167 | },
168 | {
169 | "comments": "Deploy the virtual interfaces",
170 | "name": "[concat(parameters('vmName'), '-', copyIndex(1), '-nic0')]",
171 | "type": "Microsoft.Resources/deployments",
172 | "apiVersion": "2016-06-01",
173 | "properties": {
174 | "mode": "Incremental",
175 | "templateLink": {
176 | "uri": "[uri(deployment().properties.templateLink.uri, 'nic_noNSG_noSLB_PIP_static.json')]",
177 | "contentVersion": "1.0.0.0"
178 | },
179 | "parameters": {
180 | "nicName": {"value": "[concat(parameters('vmName'), '-', copyIndex(1), '-nic0')]"},
181 | "ipAddress": { "value": "[concat(parameters('ip0'), copyIndex(1))]" },
182 | "vnetName": { "value": "[parameters('vnetName')]" },
183 | "subnetName": { "value": "[parameters('subnet0Name')]"},
184 | "pipName": { "value": "[parameters('pipName')]" }
185 | }
186 | },
187 | "dependsOn": [
188 | ],
189 | "copy": {
190 | "name": "[concat(parameters('vmName'), '-nic0')]",
191 | "count": "[parameters('vmCount')]"
192 | }
193 | },
194 | {
195 | "name": "[concat(parameters('vmName'), '-', copyIndex(1), '-nic1')]",
196 | "type": "Microsoft.Resources/deployments",
197 | "apiVersion": "[variables('deploymentApiVersion')]",
198 | "properties": {
199 | "mode": "Incremental",
200 | "templateLink": {
201 | "uri": "[uri(deployment().properties.templateLink.uri, 'nic_noNSG_noSLB_noPIP_static.json')]",
202 | "contentVersion": "1.0.0.0"
203 | },
204 | "parameters": {
205 | "nicName": {"value": "[concat(parameters('vmName'), '-', copyIndex(1), '-nic1')]"},
206 | "ipAddress": { "value": "[concat(parameters('ip1'), copyIndex(1))]" },
207 | "vnetName": { "value": "[parameters('vnetName')]" },
208 | "subnetName": { "value": "[parameters('subnet1Name')]"}
209 | }
210 | },
211 | "dependsOn": [
212 | ],
213 | "copy": {
214 | "name": "[concat(parameters('vmName'), '-nic1')]",
215 | "count": "[parameters('vmCount')]"
216 | }
217 | }
218 | ]
219 | }
220 |
--------------------------------------------------------------------------------
/arm/pipDynamic.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "pipName": {
6 | "defaultValue": "myPIP",
7 | "type": "string"
8 | },
9 | "location": {
10 | "defaultValue": "[resourceGroup().location]",
11 | "type": "string"
12 | }
13 | },
14 | "variables": {
15 | },
16 | "resources": [
17 | {
18 | "comments": "Create public IP address",
19 | "apiVersion": "2015-05-01-preview",
20 | "type": "Microsoft.Network/publicIPAddresses",
21 | "name": "[parameters('pipName')]",
22 | "location": "[parameters('location')]",
23 | "properties": {
24 | "publicIPAllocationMethod": "Dynamic"
25 | }
26 | }
27 | ]
28 | }
--------------------------------------------------------------------------------
/arm/slb.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "externalInternal": {
6 | "defaultValue": "internal",
7 | "type": "string"
8 | },
9 | "vnetName": {
10 | "defaultValue": "myVnet",
11 | "type": "string"
12 | },
13 | "subnetName": {
14 | "defaultValue": "serverSubnet",
15 | "type": "string"
16 | },
17 | "slbName": {
18 | "defaultValue": "mySLB",
19 | "type": "string"
20 | },
21 | "backendConfigName": {
22 | "defaultValue": "myBackendConfig",
23 | "type": "string"
24 | },
25 | "ipPrefix": {
26 | "defaultValue": "10.0.1",
27 | "type": "string"
28 | },
29 | "vipSuffix": {
30 | "defaultValue": "100",
31 | "type": "string"
32 | },
33 | "pipName": {
34 | "defaultValue": "myPublicIp",
35 | "type": "string"
36 | },
37 | "frontendPort": {
38 | "defaultValue": 1022,
39 | "type": "int",
40 | "metadata": { "description": "Frontend TCP port" }
41 | },
42 | "backendPort": {
43 | "defaultValue": 22,
44 | "type": "int",
45 | "metadata": { "description": "Backend TCP port" }
46 | },
47 | "probePort": {
48 | "defaultValue": 22,
49 | "type": "int",
50 | "metadata": { "description": "TCP port that will configured in the TCP-based probe" }
51 | },
52 | "ruleName": {
53 | "defaultValue": "ssh",
54 | "type": "string"
55 | },
56 | "dsr": {
57 | "defaultValue": "false",
58 | "type": "string",
59 | "metadata": { "description": "whether Direct Server Return, aka Floating IP, is enabled or not" }
60 | },
61 | "lbSku": {
62 | "defaultValue": "standard",
63 | "type": "string",
64 | "allowedValues": [ "basic","standard" ],
65 | "metadata": { "description": "Whether Load Balancers should be Basic or Standard" }
66 | }
67 | },
68 |
69 | "variables": {
70 | "deployBasicLBTemplate": {
71 | "internal": "[uri(deployment().properties.templateLink.uri, 'internalLB.json')]",
72 | "external": "[uri(deployment().properties.templateLink.uri, 'externalLB.json')]"
73 | },
74 | "BasicLBTemplateUri": "[variables('deployBasicLBTemplate')[parameters('externalInternal')]]",
75 | "deployStandardLBTemplate": {
76 | "internal": "[uri(deployment().properties.templateLink.uri, 'internalLB_standard.json')]",
77 | "external": "[uri(deployment().properties.templateLink.uri, 'externalLB_standard.json')]"
78 | },
79 | "StandardLBTemplateUri": "[variables('deployStandardLBTemplate')[parameters('externalInternal')]]",
80 | },
81 |
82 |
83 | "resources": [
84 | {
85 | "comments": "Azure Load Balancer, Basic SKU internal or external",
86 | "condition": "[equals(parameters('lbSku'), 'basic')]",
87 | "name": "AzureLBbasic",
88 | "type": "Microsoft.Resources/deployments",
89 | "apiVersion": "2017-05-10",
90 | "properties": {
91 | "mode": "Incremental",
92 | "templateLink": {
93 | "uri": "[variables('BasicLBTemplateUri')]",
94 | "contentVersion": "1.0.0.0"
95 | },
96 | "parameters": {
97 | "vnetName": { "value": "[parameters('vnetName')]" },
98 | "subnetName": { "value": "[parameters('subnetName')]"},
99 | "slbName": { "value": "[parameters('slbName')]" },
100 | "backendPort": { "value": "[parameters('backendPort')]"},
101 | "frontendPort": { "value": "[parameters('frontendPort')]"},
102 | "probePort": { "value": "[parameters('probePort')]"},
103 | "ruleName": { "value": "[parameters('ruleName')]"},
104 | "dsr": { "value": "[parameters('dsr')]"},
105 | "backendConfigName": { "value": "[parameters('backendConfigName')]"},
106 | "ipPrefix": { "value": "[parameters('ipPrefix')]"},
107 | "vipSuffix": { "value": "[parameters('vipSuffix')]"},
108 | "pipName": { "value": "[parameters('pipName')]"}
109 | }
110 | }
111 | },
112 | {
113 | "comments": "Azure Load Balancer, Standard SKU, internal or external",
114 | "condition": "[equals(parameters('lbSku'), 'standard')]",
115 | "name": "AzureLBstandard",
116 | "type": "Microsoft.Resources/deployments",
117 | "apiVersion": "2017-05-10",
118 | "properties": {
119 | "mode": "Incremental",
120 | "templateLink": {
121 | "uri": "[variables('StandardLBTemplateUri')]",
122 | "contentVersion": "1.0.0.0"
123 | },
124 | "parameters": {
125 | "vnetName": { "value": "[parameters('vnetName')]" },
126 | "subnetName": { "value": "[parameters('subnetName')]"},
127 | "slbName": { "value": "[parameters('slbName')]" },
128 | "backendPort": { "value": "[parameters('backendPort')]"},
129 | "frontendPort": { "value": "[parameters('frontendPort')]"},
130 | "probePort": { "value": "[parameters('probePort')]"},
131 | "ruleName": { "value": "[parameters('ruleName')]"},
132 | "dsr": { "value": "[parameters('dsr')]"},
133 | "backendConfigName": { "value": "[parameters('backendConfigName')]"},
134 | "ipPrefix": { "value": "[parameters('ipPrefix')]"},
135 | "vipSuffix": { "value": "[parameters('vipSuffix')]"},
136 | "pipName": { "value": "[parameters('pipName')]"}
137 | }
138 | }
139 | }
140 | ]
141 | }
--------------------------------------------------------------------------------
/arm/subnet.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "vmCount": {
6 | "defaultValue": 2,
7 | "type": "int"
8 | },
9 | "deployLBYesNo": {
10 | "defaultValue": "yes",
11 | "type": "string"
12 | },
13 | "LBexternalInternal": {
14 | "defaultValue": "external",
15 | "type": "string"
16 | },
17 | "vnetName": {
18 | "defaultValue": "myVnet",
19 | "type": "string"
20 | },
21 | "storageAccountName": {
22 | "defaultValue": "[concat('storage',uniqueString(resourceGroup().id))]",
23 | "type": "string"
24 | },
25 | "subnetName": {
26 | "defaultValue": "serverSubnet",
27 | "type": "string"
28 | },
29 | "adminUsername": {
30 | "defaultValue": "jose",
31 | "type": "string"
32 | },
33 | "adminPassword": {
34 | "defaultValue": "Microsoft123!",
35 | "type": "securestring"
36 | },
37 | "vmPrefix": {
38 | "defaultValue": "slb-test-",
39 | "type": "string"
40 | },
41 | "slbName": {
42 | "defaultValue": "myLB",
43 | "type": "string"
44 | },
45 | "backendConfigName": {
46 | "defaultValue": "myBackendConfig",
47 | "type": "string"
48 | },
49 | "pipName": {
50 | "defaultValue": "myPublicIp",
51 | "type": "string"
52 | },
53 | "slbIpPrefix": {
54 | "defaultValue": "10.0.1",
55 | "type": "string"
56 | },
57 | "slbVipSuffix": {
58 | "defaultValue": "100",
59 | "type": "string"
60 | }
61 | },
62 |
63 | "variables": {
64 | "nicName": "[concat(parameters('vmPrefix'),'nic')]",
65 | "nsgName": "[concat(parameters('vmPrefix'),'nsg')]",
66 | "diskName": "[concat(parameters('vmPrefix'),'disk')]",
67 | "apiVersion": "2016-03-30",
68 | "deployLBTemplate": {
69 | "yes": "[uri(deployment().properties.templateLink.uri, 'slb.json')]",
70 | "no": "[uri(deployment().properties.templateLink.uri, 'nothing.json')]"
71 | },
72 | "LBTemplateURI": "[variables('deployLBTemplate')[parameters('deployLBYesNo')]]",
73 | "deployLBParametersHash": {
74 | "yes": {
75 | "externalInternal": {
76 | "value": "[parameters('LBexternalInternal')]"
77 | },
78 | "vnetName": {
79 | "value": "[parameters('vnetName')]"
80 | },
81 | "subnetName": {
82 | "value": "[parameters('subnetName')]"
83 | },
84 | "slbName": {
85 | "value": "[parameters('slbName')]"
86 | },
87 | "backendConfigName": {
88 | "value": "[parameters('backendConfigName')]"
89 | },
90 | "ipPrefix": {
91 | "value": "[parameters('slbIpPrefix')]"
92 | },
93 | "vipSuffix": {
94 | "value": "[parameters('slbVipSuffix')]"
95 | },
96 | "pipName": {
97 | "value": "[parameters('pipName')]"
98 | }
99 | },
100 | "no": {
101 | }
102 | },
103 | "deployLBParameters": "[variables('deployLBParametersHash')[parameters('deployLBYesNo')]]",
104 | "deployNicTemplate": {
105 | "yes": "[uri(deployment().properties.templateLink.uri, 'nic_nsg_slb.json')]",
106 | "no": "[uri(deployment().properties.templateLink.uri, 'nic_nsg.json')]"
107 | },
108 | "nicTemplateURI": "[variables('deployNicTemplate')[parameters('deployLBYesNo')]]"
109 | },
110 |
111 | "resources": [
112 | {
113 | "comments": "VMs created and linked to NICs and storage account",
114 | "type": "Microsoft.Compute/virtualMachines",
115 | "name": "[concat(parameters('vmPrefix'), copyIndex(1))]",
116 | "apiVersion": "[variables('apiVersion')]",
117 | "location": "[resourceGroup().location]",
118 | "zones": [
119 | "[add(mod(copyIndex(1), 3),1)]"
120 | ],
121 | "properties": {
122 | "hardwareProfile": {
123 | "vmSize": "Standard_A0"
124 | },
125 | "storageProfile": {
126 | "imageReference": {
127 | "publisher": "Canonical",
128 | "offer": "UbuntuServer",
129 | "sku": "16.04.0-LTS",
130 | "version": "latest"
131 | },
132 | "osDisk": {
133 | "name": "[concat(parameters('vmPrefix'), copyIndex(1))]",
134 | "createOption": "FromImage",
135 | "vhd": {
136 | "uri": "[concat('https', '://', parameters('storageAccountName'), '.blob.core.windows.net', concat('/vhds/', parameters('vmPrefix'), copyIndex(1)), uniqueString(resourceGroup().id),'.vhd')]"
137 | },
138 | "caching": "ReadWrite"
139 | },
140 | "dataDisks": []
141 | },
142 | "osProfile": {
143 | "computerName": "[concat(parameters('vmPrefix'),copyIndex(1))]",
144 | "adminUsername": "[parameters('adminUsername')]",
145 | "secrets": [],
146 | "adminPassword": "[parameters('adminPassword')]",
147 | "linuxConfiguration": {
148 | "disablePasswordAuthentication": false
149 | }
150 | },
151 | "networkProfile": {
152 | "networkInterfaces": [
153 | {
154 | "id": "[resourceId('Microsoft.Network/networkInterfaces', concat(variables('nicName'),copyIndex(1)))]"
155 | }
156 | ]
157 | }
158 | },
159 | "resources": [],
160 | "dependsOn": [
161 | "[concat(variables('nicName'), 'Copy')]"
162 | ],
163 | "copy": {
164 | "name": "[concat(parameters('vmPrefix'), 'Copy')]",
165 | "count": "[parameters('vmCount')]"
166 | }
167 | },
168 | {
169 | "comments": "Create the internal or external loadbalancer",
170 | "name": "internalLB",
171 | "type": "Microsoft.Resources/deployments",
172 | "apiVersion": "2016-06-01",
173 | "properties": {
174 | "mode": "Incremental",
175 | "templateLink": {
176 | "uri": "[variables('LBTemplateUri')]",
177 | "contentVersion": "1.0.0.0"
178 | },
179 | "parameters": "[variables('deployLBParameters')]"
180 | }
181 | },
182 | {
183 | "comments": "Create all NICs for the VMs",
184 | "name": "[concat(variables('nicName'), copyIndex(1))]",
185 | "type": "Microsoft.Resources/deployments",
186 | "apiVersion": "2016-06-01",
187 | "properties": {
188 | "mode": "Incremental",
189 | "templateLink": {
190 | "uri": "[variables('nicTemplateUri')]",
191 | "contentVersion": "1.0.0.0"
192 | },
193 | "parameters": {
194 | "nsgName": { "value": "[concat(variables('nsgName'), copyIndex(1))]" },
195 | "nicName": { "value": "[concat(variables('nicName'), copyIndex(1))]" },
196 | "vnetName": { "value": "[parameters('vnetName')]" },
197 | "subnetName": { "value": "[parameters('subnetName')]"},
198 | "slbName": { "value": "[parameters('slbName')]" },
199 | "backendConfigName": { "value": "[parameters('backendConfigName')]"}
200 | }
201 | },
202 | "dependsOn": [],
203 | "copy": {
204 | "name": "[concat(variables('nicName'), 'Copy')]",
205 | "count": "[parameters('vmCount')]"
206 | }
207 | }
208 | ]
209 | }
--------------------------------------------------------------------------------
/arm/udr.sh:
--------------------------------------------------------------------------------
1 | # Variables
2 | inetIp=188.113.88.193
3 | defGw=10.4.2.100
4 | rg=vnetTest
5 |
6 | # Set default resource group
7 | az configure --defaults group=$rg
8 |
9 | # Create route tables
10 | az network route-table create --name vnet1-subnet1
11 | az network route-table create --name vnet2-subnet1
12 | az network route-table create --name vnet3-subnet1
13 | az network route-table create --name vnet4-gw
14 |
15 | # Create routes in vnet1
16 | az network route-table route create --address-prefix 10.1.1.0/24 --next-hop-ip-address $defGw --next-hop-type VirtualAppliance --route-table-name vnet1-subnet1 -n subnet1
17 | az network route-table route create --address-prefix 10.2.0.0/16 --next-hop-ip-address $defGw --next-hop-type VirtualAppliance --route-table-name vnet1-subnet1 -n vnet2
18 | az network route-table route create --address-prefix 10.3.0.0/16 --next-hop-ip-address $defGw --next-hop-type VirtualAppliance --route-table-name vnet1-subnet1 -n vnet3
19 | az network route-table route create --address-prefix 10.5.0.0/16 --next-hop-ip-address $defGw --next-hop-type VirtualAppliance --route-table-name vnet1-subnet1 -n vnet5
20 | az network route-table route create --address-prefix $inetIp/32 --next-hop-ip-address $defGw --next-hop-type VirtualAppliance --route-table-name vnet1-subnet1 -n ifconfig
21 |
22 | # Create routes in vnet2
23 | az network route-table route create --address-prefix 10.1.0.0/16 --next-hop-ip-address $defGw --next-hop-type VirtualAppliance --route-table-name vnet2-subnet1 -n vnet1
24 | az network route-table route create --address-prefix 10.3.0.0/16 --next-hop-ip-address $defGw --next-hop-type VirtualAppliance --route-table-name vnet2-subnet1 -n vnet3
25 | az network route-table route create --address-prefix 10.5.0.0/16 --next-hop-ip-address $defGw --next-hop-type VirtualAppliance --route-table-name vnet2-subnet1 -n vnet5
26 | az network route-table route create --address-prefix $inetIp/32 --next-hop-ip-address $defGw --next-hop-type VirtualAppliance --route-table-name vnet2-subnet1 -n ifconfig
27 |
28 | # Create routes in vnet3
29 | az network route-table route create --address-prefix 10.1.0.0/16 --next-hop-ip-address $defGw --next-hop-type VirtualAppliance --route-table-name vnet3-subnet1 -n vnet1
30 | az network route-table route create --address-prefix 10.2.0.0/16 --next-hop-ip-address $defGw --next-hop-type VirtualAppliance --route-table-name vnet3-subnet1 -n vnet2
31 | az network route-table route create --address-prefix 10.5.0.0/16 --next-hop-ip-address $defGw --next-hop-type VirtualAppliance --route-table-name vnet3-subnet1 -n vnet5
32 | az network route-table route create --address-prefix $inetIp/32 --next-hop-ip-address $defGw --next-hop-type VirtualAppliance --route-table-name vnet3-subnet1 -n ifconfig
33 |
34 | # Create routes in vnet4
35 | az network route-table route create --address-prefix 10.1.0.0/16 --next-hop-ip-address $defGw --next-hop-type VirtualAppliance --route-table-name vnet4-gw -n vnet1
36 | az network route-table route create --address-prefix 10.2.0.0/16 --next-hop-ip-address $defGw --next-hop-type VirtualAppliance --route-table-name vnet4-gw -n vnet2
37 | az network route-table route create --address-prefix 10.3.0.0/16 --next-hop-ip-address $defGw --next-hop-type VirtualAppliance --route-table-name vnet4-gw -n vnet3
38 |
39 | # Associate route tables to subnets
40 | az network vnet subnet update -n myVnet1Subnet1 --vnet-name myVnet1 --route-table vnet1-subnet1
41 | az network vnet subnet update -n myVnet2Subnet1 --vnet-name myVnet2 --route-table vnet2-subnet1
42 | az network vnet subnet update -n myVnet3Subnet1 --vnet-name myVnet3 --route-table vnet3-subnet1
43 | az network vnet subnet update -n GatewaySubnet --vnet-name myVnet4 --route-table vnet4-gw
44 |
--------------------------------------------------------------------------------
/arm/vnet3Subnets.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "location": {
6 | "defaultValue": "[resourceGroup().location]",
7 | "type": "string"
8 | },
9 | "vnetName": {
10 | "defaultValue": "myVnet",
11 | "type": "string"
12 | },
13 | "vnetOctets12": {
14 | "defaultValue": "10.0.",
15 | "type": "string"
16 | },
17 | "subnetNamePrefix": {
18 | "defaultValue": "Subnet",
19 | "type": "string"
20 | },
21 | "gwName": {
22 | "defaultValue": "myGw",
23 | "type": "string",
24 | "metadata": { "description": "Name for the VPN gateway"}
25 | },
26 | "enableBgp": {
27 | "type": "string",
28 | "metadata": { "description": "Enable or disable BGP" },
29 | "defaultValue": "false",
30 | "allowedValues": ["true", "false"]
31 | },
32 | "gwPIPName": {
33 | "defaultValue": "myGwPIP",
34 | "type": "string",
35 | "metadata": { "description": "Public IP address for the VPN gateway"}
36 | },
37 | "createGw": {
38 | "defaultValue": "no",
39 | "type": "string",
40 | "allowedValues": ["yes", "no"]
41 | },
42 | "createVm": {
43 | "defaultValue": "no",
44 | "type": "string",
45 | "allowedValues": ["yes", "no"]
46 | },
47 | "vmType": {
48 | "defaultValue": "ubuntu",
49 | "type": "string",
50 | "allowedValues": [
51 | "ubuntu"
52 | ],
53 | "metadata": { "description": "Type of VM to optionally create in the first subnet in every vnet"}
54 | },
55 | "vmSize": {
56 | "defaultValue": "Standard_B1s",
57 | "type": "string"
58 | },
59 | "createPip": {
60 | "defaultValue": "yes",
61 | "type": "string",
62 | "allowedValues": ["yes", "no"]
63 | },
64 | "adminUsername": {
65 | "defaultValue": null,
66 | "type": "string"
67 | },
68 | "adminPassword": {
69 | "defaultValue": null,
70 | "type": "securestring"
71 | }
72 | },
73 | "variables": {
74 | "networkApiVersion": "2016-03-30",
75 | "deploymentApiVersion": "2016-09-01",
76 | "vnetSpace": "[concat(parameters('vnetOctets12'), '0.0/16')]",
77 | "gwTemplateUri": "[uri(deployment().properties.templateLink.uri, 'vpnGw.json')]",
78 | "gwTemplateParam": {
79 | "vnetName": { "value": "[parameters('vnetName')]" },
80 | "location": { "value": "[parameters('location')]" },
81 | "gwName": { "value": "[parameters('gwName')]" },
82 | "PIPName": { "value": "[parameters('gwPIPName')]" },
83 | "enableBgp": { "value": "[parameters('enableBgp')]" }
84 | },
85 | "gwPipUri": "[uri(deployment().properties.templateLink.uri, 'pipDynamic.json')]",
86 | "gwPipParam": {
87 | "pipName": { "value": "[parameters('gwPIPName')]" },
88 | "location": { "value": "[parameters('location')]" }
89 | },
90 | "vmTemplateUri": "[uri(deployment().properties.templateLink.uri, 'linuxVM.json')]",
91 | "vmName": "[concat(parameters('vnetName'), '-vm')]",
92 | "vmTemplateParam": {
93 | "vmName": { "value": "[concat(variables('vmName'), '1')]" },
94 | "location": { "value": "[parameters('location')]" },
95 | "vnetName": { "value": "[parameters('vnetName')]" },
96 | "subnetName": { "value": "[concat(parameters('subnetNamePrefix'), '1')]" },
97 | "vmType": { "value": "[parameters('vmType')]"},
98 | "vmSize": { "value": "[parameters('vmSize')]"},
99 | "createPip": { "value": "[parameters('createPip')]"},
100 | "adminUsername": { "value": "[parameters('adminUsername')]" },
101 | "adminPassword": { "value": "[parameters('adminPassword')]" }
102 | }
103 | },
104 | "resources": [
105 | {
106 | "comments": "Create Vnet with three subnets and one gateway subnet",
107 | "type": "Microsoft.Network/virtualNetworks",
108 | "name": "[parameters('vnetName')]",
109 | "apiVersion": "[variables('networkApiVersion')]",
110 | "location": "[parameters('location')]",
111 | "properties": {
112 | "addressSpace": {
113 | "addressPrefixes": [
114 | "[variables('vnetSpace')]"
115 | ]
116 | },
117 | "subnets": [
118 | {
119 | "name": "GatewaySubnet",
120 | "properties": {
121 | "addressPrefix": "[concat(parameters('vnetOctets12'), '0.0/24')]"
122 | }
123 | },
124 | {
125 | "name": "[concat(parameters('subnetNamePrefix'), '1')]",
126 | "properties": {
127 | "addressPrefix": "[concat(parameters('vnetOctets12'), '1.0/24')]"
128 | }
129 | },
130 | {
131 | "name": "[concat(parameters('subnetNamePrefix'), '2')]",
132 | "properties": {
133 | "addressPrefix": "[concat(parameters('vnetOctets12'), '2.0/24')]"
134 | }
135 | },
136 | {
137 | "name": "[concat(parameters('subnetNamePrefix'), '3')]",
138 | "properties": {
139 | "addressPrefix": "[concat(parameters('vnetOctets12'), '3.0/24')]"
140 | }
141 | }
142 | ]
143 | },
144 | "resources": [],
145 | "dependsOn": []
146 | },
147 | {
148 | "comments": "Optionally create a public IP address, if createGw equals 'yes'",
149 | "condition": "[equals(parameters('createGw'), 'yes')]",
150 | "name": "[parameters('gwPIPName')]",
151 | "type": "Microsoft.Resources/deployments",
152 | "apiVersion": "[variables('deploymentApiVersion')]",
153 | "properties": {
154 | "mode": "Incremental",
155 | "templateLink": {
156 | "uri": "[variables('gwPipUri')]",
157 | "contentVersion": "1.0.0.0"
158 | },
159 | "parameters": "[variables('gwPipParam')]"
160 | },
161 | "dependsOn": [
162 | "[parameters('vnetName')]"
163 | ]
164 | },
165 | {
166 | "comments": "Optionally create VPN gateway, if createGw equals 'yes'",
167 | "condition": "[equals(parameters('createGw'), 'yes')]",
168 | "name": "[concat(parameters('vnetName'), 'VpnGw')]",
169 | "type": "Microsoft.Resources/deployments",
170 | "apiVersion": "[variables('deploymentApiVersion')]",
171 | "properties": {
172 | "mode": "Incremental",
173 | "templateLink": {
174 | "uri": "[variables('gwTemplateUri')]",
175 | "contentVersion": "1.0.0.0"
176 | },
177 | "parameters": "[variables('gwTemplateParam')]"
178 | },
179 | "dependsOn": [
180 | "[parameters('gwPIPName')]",
181 | "[parameters('vnetName')]"
182 | ]
183 | },
184 | {
185 | "comments": "Optionally create a VM in first subnet, if createVm equals 'yes'",
186 | "condition": "[equals(parameters('createVm'), 'yes')]",
187 | "name": "[variables('vmName')]",
188 | "type": "Microsoft.Resources/deployments",
189 | "apiVersion": "[variables('deploymentApiVersion')]",
190 | "properties": {
191 | "mode": "Incremental",
192 | "templateLink": {
193 | "uri": "[variables('vmTemplateUri')]",
194 | "contentVersion": "1.0.0.0"
195 | },
196 | "parameters": "[variables('vmTemplateParam')]"
197 | },
198 | "dependsOn": [
199 | "[parameters('vnetName')]"
200 | ]
201 | }
202 | ]
203 | }
--------------------------------------------------------------------------------
/arm/vnetPeeringHubNSpoke.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "spokeVnetName": {
6 | "defaultValue": "spokeVnet",
7 | "type": "string",
8 | "metadata": { "description": "Name of the spoke Vnet" }
9 | },
10 | "hubVnetName": {
11 | "defaultValue": "hubVnet",
12 | "type": "string",
13 | "metadata": { "description": "Name of the hub Vnet" }
14 | },
15 | "useRemoteGateways": {
16 | "defaultValue": true,
17 | "type":"bool",
18 | "allowedValues": [
19 | true, false
20 | ],
21 | "metadata": { "description": "Required to cope for peerings without VPN gateway" }
22 | }
23 | },
24 | "variables": {
25 | "networkApiVersion": "2018-08-01"
26 | },
27 | "resources": [
28 | {
29 | "comments": "allowGatewayTransit set to true only if parameter useRemoteGateways set to true",
30 | "apiVersion": "[variables('networkApiVersion')]",
31 | "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings",
32 | "name": "[concat(parameters('hubVnetName'), '/LinkTo', parameters('spokeVnetName'))]",
33 | "location": "[resourceGroup().location]",
34 | "properties": {
35 | "allowVirtualNetworkAccess": true,
36 | "allowForwardedTraffic": true,
37 | "allowGatewayTransit": "[parameters('useRemoteGateways')]",
38 | "useRemoteGateways": "[parameters('useRemoteGateways')]",
39 | "remoteVirtualNetwork": {
40 | "id": "[resourceId('Microsoft.Network/virtualNetworks', parameters('spokeVnetName'))]"
41 | }
42 | }
43 | },
44 | {
45 | "apiVersion": "[variables('networkApiVersion')]",
46 | "type": "Microsoft.Network/virtualNetworks/virtualNetworkPeerings",
47 | "name": "[concat(parameters('spokeVnetName'), '/LinkTo', parameters('hubVnetName'))]",
48 | "location": "[resourceGroup().location]",
49 | "properties": {
50 | "allowVirtualNetworkAccess": true,
51 | "allowForwardedTraffic": true,
52 | "allowGatewayTransit": false,
53 | "useRemoteGateways": "[parameters('useRemoteGateways')]",
54 | "remoteVirtualNetwork": {
55 | "id": "[resourceId('Microsoft.Network/virtualNetworks', parameters('hubVnetName'))]"
56 | }
57 | }
58 | }
59 | ]
60 | }
--------------------------------------------------------------------------------
/arm/vpnGw.json:
--------------------------------------------------------------------------------
1 | {
2 | "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
3 | "contentVersion": "1.0.0.0",
4 | "parameters": {
5 | "vnetName": {
6 | "defaultValue": "myVnet",
7 | "type": "string"
8 | },
9 | "location": {
10 | "defaultValue": "[resourceGroup().location]",
11 | "type": "string"
12 | },
13 | "gwName": {
14 | "defaultValue": "myGw",
15 | "type": "string",
16 | "metadata": { "description": "Name for the VPN gateway"}
17 | },
18 | "enableBgp": {
19 | "type": "string",
20 | "metadata": { "description": "Enable or disable BGP" },
21 | "defaultValue": "false",
22 | "allowedValues": ["true", "false"]
23 | },
24 | "PIPName": {
25 | "defaultValue": "myGwPIP",
26 | "type": "string",
27 | "metadata": { "description": "Public IP address for the VPN gateway"}
28 | }
29 | },
30 | "variables": {
31 | "networkApiVersion": "2016-09-01",
32 | "string2bool": {
33 | "true": true,
34 | "false": false
35 | }
36 | },
37 | "resources": [
38 | {
39 | "comments": "Create VPN gateway",
40 | "apiVersion": "[variables('networkApiVersion')]",
41 | "type": "Microsoft.Network/virtualNetworkGateways",
42 | "name": "[parameters('gwName')]",
43 | "location": "[parameters('location')]",
44 | "properties": {
45 | "ipConfigurations": [
46 | {
47 | "properties": {
48 | "privateIPAllocationMethod": "Dynamic",
49 | "subnet": {
50 | "id": "[concat(resourceId('Microsoft.Network/virtualNetworks', parameters('vnetName')), '/subnets/', 'GatewaySubnet')]"
51 | },
52 | "publicIPAddress": {
53 | "id": "[resourceId('Microsoft.Network/publicIPAddresses',parameters('PIPName'))]"
54 | }
55 | },
56 | "name": "[concat(parameters('vnetName'), 'vnetGwConfig')]"
57 | }
58 | ],
59 | "gatewayType": "Vpn",
60 | "gatewaySize": "Default",
61 | "vpnType": "RouteBased",
62 | "enableBgp": "[variables('string2bool')[parameters('enableBgp')]]"
63 | }
64 | }
65 | ]
66 | }
--------------------------------------------------------------------------------
/diagrams [Autosaved].pptx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/diagrams [Autosaved].pptx
--------------------------------------------------------------------------------
/diagrams.pptx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/diagrams.pptx
--------------------------------------------------------------------------------
/monitoring.md:
--------------------------------------------------------------------------------
1 | # Azure Networking Lab - Monitoring
2 |
3 | Network management and monitoring is a complex discipline. The tools for network monitoring in the public cloud are very different to what network administrators know from the onprem world, so it is not trivial knowing which tool to use in which case. This Azure networking lab presents a good number of challenges where you will need monitoring and troubleshooting skills that will be relevant for any production environment.
4 |
5 | This document will present those tools in the context of the lab environment deployed following the instructions in the [README.md](./README.md) file.
6 |
7 | ## Azure Resource Topology
8 |
9 | There are plenty of ways to explore your Azure resources. In this lab we used the Azure CLI, but you can use the Azure portal too. One interesting way of exploring resources is using the Azure Resource Topology, part of Azure Network Watcher. For example, this view shows the subnets in the hub VNet, the number of NICs existing in each subnet, and the VNets peered to it (the spokes):
10 |
11 | 
12 |
13 | ## Connection Monitor
14 |
15 | Both across this lab and in your production network you will need to keep track of which virtual machine has connectivity to which other. In most cases you want to provide connectivity, but in certain cases you want to make sure that certain flows are not possible. For example, if a firewall should filter them out.
16 |
17 | Azure Connection Monitor, part of Network Watcher, is a tool that can help you do that: you can define sources, destinations and protocols, and synthetic traffic will be generated that you can use to verify if connectivity is what you expect it to be.
18 |
19 | 
20 |
21 | For example, the previous screenshot shows the relevant connectivity for the lab, where the jump host VM (`myVnet1-vm2`) generates traffic to the other virtual machines in the environment using two protocols: ICMP and TCP port 22. We want TCP traffic to work, but we want ICMP traffic not to, since it should be blocked by the firewall appliances. Should ICMP traffic work, that would be an indication that an incorrect routing configuration is causing some traffic to bypass the firewall.
22 |
23 | Looking at the previous screenshot, there are some interesting conclusions you can take:
24 |
25 | - Most ICMP traffic is not working. The exception is ICMP to the external world, so we might want to make sure that outbound traffic is indeed going through the firewall, and that the firewall is configured to drop it.
26 | - Most SSH traffic is working. One notable exception is SSH between Vnet1 and VNet3.
27 |
28 | ### Connection Monitor - Topology
29 |
30 | Let's have a deeper look at the connectivity. First, we can have a look at how it should work, looking at the SSH test topology between VNet1 and VNet2:
31 |
32 | 
33 |
34 | Even if the linux NVA NIC is marked red, opening the context menu reveals that there are no issues with it:
35 |
36 | 
37 |
38 | Now we can have a look at the topology for the failed communication:
39 |
40 | 
41 |
42 | Now the context menu in the VM will indeed reveal the issue "Destination is not reachable", which seems to indicate a routing problem:
43 |
44 | 
45 |
46 | ## Next Hop
47 |
48 | Following up from the next section, the problem seems to be routing, so you would probably want to check the routing back from the destination to the source (the topology seems to indicate that routing forward is fine). The **Next Hop** tool of Network Watcher allows to do that:
49 |
50 | 
51 |
52 | Looking at the previous screenshot, it is apparent that the next hop for the return traffic is not `10.4.2.100`, as the Connection Monitor topology was showing, which explains the problem. You can now go and fix the routing table for VNet3 (you even find the resource ID for the route table in the output, even though a link would have been better).
53 |
54 | ## Network Insights
55 |
56 | If you want to have a quick look at your assets and verify that all are running smoothly, Network Insights (reachable in one of Azure Monitor's blades) is what you are looking for. The following example shows a description of part of the lab (you can set the scope of Network Insights to a specific resource group), where one of the load balancers is not fully healthy:
57 |
58 | 
59 |
60 | You can drill into the load balancer section, which will take you to another page where you can see further details about each of the load balancers and NAT gateways that you have deployed. The graphs at the bottom of the screen display useful details that can help you decide where to investigate further:
61 |
62 | 
63 |
64 | ## Load Balancer Insights
65 |
66 | You can click of one of the load balancers of the previous section, which will take you to the main control page for that particular resource. Load Balancers have a very useful Insights blade as well, that show different things from the topology of the machines connected to that particular load balancers to multiple metrics charted together for easy correlation of events.
67 |
68 | Here some sample screenshots, that indicate that one of the backends of this particular load balancer is not answering to the health checks:
69 |
70 | 
71 |
72 | 
73 |
74 | ## Packet capture
75 |
76 | It is very useful logging into a virtual machine and initiate a packet capture with Wireshark or `tcpdump`, but sometimes you don't have access to the OS of the virtual machine in question, or you don't want to bother with the installation of new packages. You can use Network Watcher's **Packet Capture** to capture traffic right from the Azure Portal, and store the results in a storage account.
77 |
78 | There are multiple options you can define, in this example we want to look into traffic that one of our virtual machines (in VNet5) is seeing. You can create a packet capture restricted to a number of seconds or packets:
79 |
80 | 
81 |
82 | You will get your packet capture stored in an Azure Storage Account, that you can easily download and analyze locally, for example with Wireshark:
83 |
84 | 
85 |
86 | ## IP Flow Verify and NSG Diagnostics
87 |
88 | NSG problems are common in NVA setups, because the NVAs receive traffic which is not addressed for them, and hence it is not covered by the default rules in NSGs. The **IP Flow Verify** tool in Network Watcher is great to verify access to individual virtual machines and check that the required application ports are open in the NSG:
89 |
90 | 
91 |
92 | However, IP Flow Verify is not going to help troubleshooting NVAs, since it assumes that the source or destination IP address of packets always the VM is, as the previous screenshot showed.
93 |
94 | Instead, NSG diagnostics can be a very useful tool for troubleshooting NSGs in NVAs, because they allow to inspect flows with any IP address, even from/to IP addresses different than the ones from NVA. For example, if you suspect that the NSGs might be dropping inter-spoke traffic at the NVA, you could easily run the NSG Diagnostics tool and supply IP addresses of two different spokes as endpoints:
95 |
96 | 
97 |
98 | The first output of the tool will be whether the traffic is allowed or not:
99 |
100 | 
101 |
102 | You can click on the "View details" link to see exactly which rule of the NSG let the inter-spoke inbound traffic through. In this case, the traffic didn't match on the first one, but the second rule:
103 |
104 | 
105 |
106 | Same thing for output traffic: if you change the traffic direction from "Inbound" to "Outbound", you can verify that one of the default NSG rules is doing the trick for us.
107 |
108 | 
109 |
110 | If you want to understand why is that rule allowing traffic, you can follow the link from NSG Diagnostics to the actual NSG and inspect there the effective rules. As you can see in the screenshot below, the `Virtual network` service tag contains the prefixes of the spoke VNets, since they are peered to the hub VNet where the firewall NVA is deployed:
111 |
112 | 
113 |
--------------------------------------------------------------------------------
/nested_templates_info.md:
--------------------------------------------------------------------------------
1 | # ARM Template schema
2 |
3 | This project uses a relatively complex schema of nested templates, here you can find a summary of the templates used. Note that not necessarily all templates are used, since in some cases they are only triggered if certain parameter conditions are met:
4 |
5 | * NetworkingLab_master
6 | * multiVnetLab
7 | * vnet3Subnets
8 | * vpnGw
9 | * pipDynamic
10 | * linuxVM
11 | * nic_noNSG_noSLB_PIP_dynamic
12 | * linuxVM
13 | * nic_noNSG_noSLB_PIP_dynamic
14 | * vnetPeeringHubNSpoke
15 | * nvaLinux_2nic_noVnet
16 | * nic_noNSG_noSLB_noPIP_static
17 | * nic_noNSG_noSLB_PIP_static
18 | * slb
19 | * internalLB
20 | * externalLB
21 | * internalLB_standard
22 | * vpnGw
--------------------------------------------------------------------------------
/open-source-azure-networking-READY.docx:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/open-source-azure-networking-READY.docx
--------------------------------------------------------------------------------
/pictures/az_shell_tmux.PNG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/az_shell_tmux.PNG
--------------------------------------------------------------------------------
/pictures/figure01.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/figure01.png
--------------------------------------------------------------------------------
/pictures/figure01v2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/figure01v2.png
--------------------------------------------------------------------------------
/pictures/figure02.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/figure02.png
--------------------------------------------------------------------------------
/pictures/figure02v2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/figure02v2.png
--------------------------------------------------------------------------------
/pictures/figure03.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/figure03.png
--------------------------------------------------------------------------------
/pictures/figure03v2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/figure03v2.png
--------------------------------------------------------------------------------
/pictures/figure04.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/figure04.png
--------------------------------------------------------------------------------
/pictures/figure04v2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/figure04v2.png
--------------------------------------------------------------------------------
/pictures/figure05.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/figure05.png
--------------------------------------------------------------------------------
/pictures/figure05v2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/figure05v2.png
--------------------------------------------------------------------------------
/pictures/figure06.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/figure06.png
--------------------------------------------------------------------------------
/pictures/figure08.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/figure08.png
--------------------------------------------------------------------------------
/pictures/figure08v2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/figure08v2.png
--------------------------------------------------------------------------------
/pictures/figure09.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/figure09.png
--------------------------------------------------------------------------------
/pictures/figureConnectedDevices.PNG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/figureConnectedDevices.PNG
--------------------------------------------------------------------------------
/pictures/figureRG.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/figureRG.png
--------------------------------------------------------------------------------
/pictures/figureVpn.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/figureVpn.png
--------------------------------------------------------------------------------
/pictures/figure_nva_elb.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/figure_nva_elb.png
--------------------------------------------------------------------------------
/pictures/figure_nva_elbv2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/figure_nva_elbv2.png
--------------------------------------------------------------------------------
/pictures/labLogo.PNG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/labLogo.PNG
--------------------------------------------------------------------------------
/pictures/lb_health_metrics.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/lb_health_metrics.png
--------------------------------------------------------------------------------
/pictures/lb_monitoring.PNG:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/lb_monitoring.PNG
--------------------------------------------------------------------------------
/pictures/monitor/art_01.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/monitor/art_01.png
--------------------------------------------------------------------------------
/pictures/monitor/art_02.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/monitor/art_02.png
--------------------------------------------------------------------------------
/pictures/monitor/art_03.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/monitor/art_03.png
--------------------------------------------------------------------------------
/pictures/monitor/art_04.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/monitor/art_04.png
--------------------------------------------------------------------------------
/pictures/monitor/art_05_vnet4.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/monitor/art_05_vnet4.png
--------------------------------------------------------------------------------
/pictures/monitor/connection_monitor.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/monitor/connection_monitor.png
--------------------------------------------------------------------------------
/pictures/monitor/connection_monitor_02.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/monitor/connection_monitor_02.png
--------------------------------------------------------------------------------
/pictures/monitor/connection_monitor_02b.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/monitor/connection_monitor_02b.png
--------------------------------------------------------------------------------
/pictures/monitor/connection_monitor_03.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/monitor/connection_monitor_03.png
--------------------------------------------------------------------------------
/pictures/monitor/connection_monitor_03b.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/monitor/connection_monitor_03b.png
--------------------------------------------------------------------------------
/pictures/monitor/effective_rules.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/monitor/effective_rules.png
--------------------------------------------------------------------------------
/pictures/monitor/insights_dark.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/monitor/insights_dark.png
--------------------------------------------------------------------------------
/pictures/monitor/ip_flow_verify_nva.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/monitor/ip_flow_verify_nva.png
--------------------------------------------------------------------------------
/pictures/monitor/lb01_dark.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/monitor/lb01_dark.png
--------------------------------------------------------------------------------
/pictures/monitor/lb_health50_dark.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/monitor/lb_health50_dark.png
--------------------------------------------------------------------------------
/pictures/monitor/lbinsights_metrics01_dark.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/monitor/lbinsights_metrics01_dark.png
--------------------------------------------------------------------------------
/pictures/monitor/lbinsights_topology01_dark.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/monitor/lbinsights_topology01_dark.png
--------------------------------------------------------------------------------
/pictures/monitor/lbinsights_topology02_dark.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/monitor/lbinsights_topology02_dark.png
--------------------------------------------------------------------------------
/pictures/monitor/lbinsights_topology03_dark.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/monitor/lbinsights_topology03_dark.png
--------------------------------------------------------------------------------
/pictures/monitor/next_hop.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/monitor/next_hop.png
--------------------------------------------------------------------------------
/pictures/monitor/nsg_diagnostics_01.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/monitor/nsg_diagnostics_01.png
--------------------------------------------------------------------------------
/pictures/monitor/nsg_diagnostics_02.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/monitor/nsg_diagnostics_02.png
--------------------------------------------------------------------------------
/pictures/monitor/nsg_diagnostics_03.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/monitor/nsg_diagnostics_03.png
--------------------------------------------------------------------------------
/pictures/monitor/nsg_diagnostics_04.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/monitor/nsg_diagnostics_04.png
--------------------------------------------------------------------------------
/pictures/monitor/packet_capture01.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/monitor/packet_capture01.png
--------------------------------------------------------------------------------
/pictures/monitor/packet_capture01_vm5.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/monitor/packet_capture01_vm5.png
--------------------------------------------------------------------------------
/pictures/monitor/packet_capture02.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/erjosito/azure-networking-lab/7cacf511c5aa03824e00ee49506bf51282a65918/pictures/monitor/packet_capture02.png
--------------------------------------------------------------------------------