Reputation: 304
Why can't I choose my subnet availability zone in an Azure VNET to ensure high availability?
I have been working with AWS for quite some time and recently started working on Azure for one of the projects. I started from Azure VNET and noticed many differences when it comes to virtual private cloud. I am having hard time finding the answers of these two questions:
Why there's no option to create a subnet on Azure to a specific availability zone? Lets suppose I want my frontend web server to be deployed on 3 different subnets across three different AZs to get high availability, is there a way I can acheive that on Azure?
How different is Azure NSG (Network Security Group) with AWS SG (Security Group)? As far as I have read, an Azure NSG is equivalent to AWS NACL, if so, do we have any equivalent service to get the AWS SGs feature on Azure? Also, can I bind multiple NSG to one VM?
Thanks!
Upvotes: 3
Views: 1724
Answers (2)
Reputation: 21
I want to dwell a little on this topic
I started studying the topic of AZUR and if I understand correctly, we have the following picture:
Let's say we need to deploy a scale set and make it fail-safe, what can we do:
- Create a virtual network
- Create a subnet
- Create a scale set and specify the availability zones (1,2,3) + bind to the subnet.
At this stage, we have a set of virtual machines that are geographically separated by availability zones, which is good, but these machines do not have access to the Internet.
- Ok, for this we can create a NAT gateway. Since we have one subnet and we can connect it to one NAT - we only need one NAT gateway. However, a NAT gateway can be deployed only in a certain (single) availability zone, let it be zone number 1.
As a result, we see a picture:
Let's assume that the scale set deployed three virtual machines and balanced them by AZ so that there is one VM per AZ. All VMs access the Internet through NAT in zone 1
And here the most interesting thing is that zone 1 is falling. In this case, we:
- We lose 1 VM and NAT
- As a result, 2 other VMs do not have access to the Internet
- the scale set node restarts in the available availability zone, but like the others, it does not have access to the Internet
The question is how to prevent this problem?
Upvotes: 2
Reputation: 238259
As far as I have read, an Azure NSG is equivalent to AWS NACL
Azure NSG combines both AWS SG and NACL functionality. They are statefull and can be applied at both subnet and NIC levels.
Why there's no option to create a subnet on Azure to a specific availability zone?
Azure subnets by default span all availability zones. This is one of the key differences on how AWS Subnet and Azure Subnet work.
Upvotes: 2
Related Questions
- Azure: Error while using Azure virtual network, It says subnet is not valid in virtual network
- RDS having 3 subnets of one AZ in AWS
- Why does an AWS RDS subnet group require multiple availability zones?
- Why can't a subnet span availability zones in AWS?
- creating multiple subnets per availability zone using terraform
- Why is it considered that availability zones do not provide High availability?
- Trying to create a VM to acess a SQL Azure Managed Instance - (The selected subnet is not supported)
- Creating subnet per availability zones in Azure using terraform
- High availability on Azure Cloud Services using Availability Zones
- How to move an AWS subnet into a different availability zone?