Networking

On the face of it, Service Endpoints and Private Link seem very similar, whats the difference and when would you use which?

If you need your outbound traffic from an Azure vNet to use a consistent IP address there are a few different ways to achieve it. Here’s what they look like.

Azure has offered the ability to get static public IP addresses for many years now, however when you request an IP you will receive one from the general pool of available addresses and it is very unlikely you will receive multiple IPs in the same range. A new preview feature announced at Ignite changes this, called Public IP Address Prefixes. Instead of requesting a single static IP you can request a Prefix, which will give you a contiguous range of IP addresses.

At some point, I imagine most people working with Azure VMs have hit issues with being able to connect to services running inside a vNet. A lot of the time these issues boil down to the configuration of Network Security Groups to allow traffic into the VM. The process of troubleshooting these issues and determining which NSG and which NSG rule is at fault can be time-consuming, especially with complex networks.

Historically Azure Network Security Groups (NSG’s) have only allowed you to enter a single value for things things like source or destination IP and source or destination port. This has meant that for complex setups you end up with a very large amount of NSG’s. This is especially if you are trying to filter a large amount of IP’s, for example the Azure Data Center IP ranges, which is a common requirement if you want to restrict outbound access but allow access to PaaS resources.