Notes from MS Learn AZ-700 Module 1: Introduction to Azure Virtual Networks – Unit 10: Configure Internet Access with Azure Virtual NAT
NAT came out of aa need for internal resources on private networks to gain access to external resource on a public network with public IPv4 addresses being in short supply. NAT is an alternative to a public IP for each internal resource and allows multiple resources to share a single public IP.
NAT provides mapping a single IP or range of IP (defined by prefixes) and ports. It is compatible with the Azure standard SKU for public IP address resources or public IP prefix resources (or both). Use a public IP prefix directly or distribute address from that prefix with multiple NAT gateway resources. NAT maps all traffic to the range of IP’s in that prefix. Flows are created outbound and inbound traffic is only allowed for an active flow.
Defined for each subnet within a VNet by specifying with NAT gateway resource to use. Once configured, UDP and TCP outbound flows from an VM will utilize NAT for internet connectivity with no further configuration needed. No need for user-define routes. NAT takes over other outbound and replaces the default Internet destination of the subnet
- Support dynamic workloads y scaling NAT
- No need for extensive preplanning or. Preallocation of addresses – NAT scales to support dymaic workloads
- Using Port Network Address Translation (PNAT/PAT) allows up to 64000 concurrent flows for both UDP and TCP (each)
- Supports up to 16 public IP addresses
- Deploying NAT
- Create regional or zonal (zone-isolated) NAT Gateway Resource
- Assign IP addresses
- Modify TCP idle timeout if needed (optional)
- Coexistence of inbound and outbound
- NAT compatible with following standard SKU resources
- Load Balancer
- Public IP Address
- Public IP Prefix
- NAT and the SKU’s aware of direction flow started – inbound and outbound can coexist
- NAT compatible with following standard SKU resources
- Limitations
- Compatible with standard SKU Public IP, Public IP Prefix, Load Balancers but no basic SKU’s
- IPv4 only with NAT. Can’t be on a subnet with an IPv6 prefix
- Can’t span multiple VNets
- IP fragmentation not supported