## Azure Networking ### CIDR - The most commonly used subnet block size when creating a subnet in an Azure Virtual Network (VNet) is **/24** (which provides **256** IP addresses, with 251 usable for most workloads after Azure reserves 5 for internal use). This size is widely recommended for general-purpose workloads and allows for future growth and scaling. - /25= 128 IPs, /26 = 64 IPs, /27 = 32 IPs, /28 = 16 IPs, /29 = 8 IPs (smallest supported size in Azure) ## Useful command - WindowsでのDNSキャッシュの確認と消去方法 ```powershell ipconfig /displaydns ipconfig /flushdns ``` - TCP/TNC エンド ツー エンド のネットワーク遅延を確認する場合、クライアント環境によって利用できるツールがあります。 例えば、リアルタイムでPowerShellの「Test-NetConnection」とLinux環境の「telnet」など ```powershell Test-NetConnection xxxx.database.windows.net -Port 1433 -InformationLevel Detailed nc -zv 0.0.0.0 1433 telnet xxxx.database.windows.net 1433 curl -v telnet:xxxx.database.windows.net:1433 curl -v telnet://xxxx.database.windows.net:1433 Resolve-DnsName microsoft.com nslookup xxxx.database.windows.net ``` SQL-Connectivity-checker/SSMS/SQLCMD/Azure Query Editor - Latency ```bash # A buffer size is required to perform a TCP latency test. This example measures the round trip latency of sending an 8KB packet to the target server, printing a histogram with 100 buckets when completed: psping -l 8k -n 10000 -h 100 192.168.2.2:5000 time nc -zw30 lab-sql-single.database.windows.net 1433 • -z: This flag tells Netcat to scan for listening daemons without sending any data to them. It's often used for checking if a service is available and listening on a given port. -w30: This option sets the timeout for connections to 30 seconds. If the connection cannot be established within this time frame, Netcat will exit. ``` ## Useful link - Check whether [MicrosoftIPs](https://csstoolkit.azurewebsites.net/(S(ujxys54cucd4yhjzcfyg2hfn))/Home/MicrosoftIPs) - [microsoft/CSS_SQL_Networking_Tools: Tools used by the SQL Networking Customer Support Team](https://github.com/microsoft/CSS_SQL_Networking_Tools) ## Capture network trace Run powershell/cmd as Administartor [Refer Netsh Commands for Network Trace | Microsoft Learn](https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/jj129382%28v=ws.11%29) ```powershell netsh trace start capture=yes report=disabled netsh trace stop netsh trace start capture=yes tracefile=C:\NETTRACE_INETDBG.ETL scenario=InternetClient_dbg maxsize=3072 overwrite=yes netsh trace stop ``` TCPdump: `sudo tcpdump -s0 -i any -n -w outfile.pcap` - https://learn.microsoft.com/en-us/troubleshoot/azure/azure-kubernetes/logs/packet-capture-pod-level - https://learn.microsoft.com/en-us/troubleshoot/azure/azure-kubernetes/logs/capture-tcp-dump-linux-node-aks ProcDump - https://github.com/microsoft/ProcDump-for-Linux ### Wireshark <Capture network trace by Wireshark> https://www.wireshark.org/download.html - Menu[Capture] -> [Options]: select correct network interface. - Menu[Capture] -> [Start]: start capture and reproduce the connectivity issue. - Menu[Capture] -> [Stop]: stop capture. - Menu[File] -> [Save As]: start capture and reproduce the connectivity issue. Filter on IP: ip.addr == 0.0.0.0 port 1433 Review network trace *cap file View -> Time Display Format ### Check which interface the active connections are using 1 Connect to SQL Server, then run the following command to check local address. ```powershell # check LocalAddress Get-NetTCPConnection | Where-Object { $_.RemotePort -eq 1433 } LocalAddress LocalPort RemoteAddress RemotePort State AppliedSetting Own xxxxxx netstat -ano | findstr :1433 ``` 2. ipconfig to list all NIC and compare the IPv4 Address with the local address. 3. Some times the NIC in wireshark is not listed in ipconfig, we can try `Get-NetIPAddress | Select-Object InterfaceAlias, IPAddress` なぜ表示されないのか？ 「Local Area Connection」はVPNクライアントやセキュリティソフトが作成したNDISフィルタドライバベースの仮想NICで、Windowsの標準ネットワークAPIでは認識されないことがあります。Get-NetIPAddress は OS に正式に登録されたインターフェースのみ表示するため、Wireshark専用のキャプチャアダプターや特殊な仮想NICは出ません。 WAN Miniport は、Windows OS に組み込まれている 仮想ネットワークアダプターのドライバで、 物理 NIC ではなく、VPN やトンネル接続などの特殊なネットワーク機能を提供するために使われます。 <Wiresharkインターフェース管理>で詳細を確認できます。