Merge pull request #89002 from IEvangelist/containerNetworking

[CogSvcs] Added details about container networking

Author: American-Dipper

articles/cognitive-services/containers/includes/cognitive-services-container-security.md

@@ -26,6 +26,23 @@ As an alternative and *secure* approach, consumers of Cognitive Services contain
 
 [Nginx][nginx] is another popular choice in the same category. Both Istio and Nginx act as a service mesh and offer additional features including things like load-balancing, routing, and rate-control.
 
+### Container networking
+
+The Cognitive Services containers are required to submit metering information for billing purposes. The only exception, is *Offline containers* as they follow a different billing methodology. Failure to allow list various network channels that the Cognitive Services containers rely on will prevent the container from working.
+
+#### Allow list Cognitive Services domains and ports
+
+The host should allow list **port 443** and the following domains:
+
+* `*.cognitive.microsoft.com`
+* `*.cognitiveservices.azure.com`
+
+#### Disable deep packet inspection
+
+> [Deep packet inspection](https://en.wikipedia.org/wiki/Deep_packet_inspection) (DPI) is a type of data processing that inspects in detail the data being sent over a computer network, and usually takes action by blocking, re-routing, or logging it accordingly.
+
+Disable DPI on the secure channels that the Cognitive Services containers create to Microsoft servers. Failure to do so will prevent the container from functioning correctly.
+
 [istio]: https://istio.io/
 [nginx]: https://www.nginx.com
 [request-authentication]: ../../authentication.md