Merge pull request #235648 from aimee-littleton/patch-142

AnnaMHuff · web-flow · commit 8e1c7c71fb62 · 2023-04-24T19:24:41.000-07:00
dual stack ref - overview
diff --git a/articles/virtual-network/nat-gateway/faq.yml b/articles/virtual-network/nat-gateway/faq.yml
@@ -13,36 +13,37 @@ sections:
     questions:
       - question: How can I use NAT gateway to connect outbound in a setup where load balancer outbound rules or virtual machine public IPs are being used?
         answer: |
-          NAT gateway will automatically be used to connect outbound to the internet as soon as it is associated with a public IP address or prefix and a subnet. NAT gateway will be used to connect outbound over load balancer or instance-level public IP addresses on virtual machines.
+          NAT gateway automatically connects outbound to the internet as soon as it's associated with a public IP address or prefix and a subnet. NAT gateway takes precedence over load balancer or instance-level public IP addresses on virtual machines for outbound connectivity.
      
       - question: Is there a drop in packets when a virtual network configured with Load balancer outbound rules switches to NAT gateway after being configured to a subnet?
         answer: |
-          No, there will be no drop in packets. Existing connections with Load balancer will continue to work until those connections officially close. After NAT gateway is added to the subnet of the virtual network, all new connections will then use NAT gateway for making outbound connections. 
+          No, there's no drop in packets. Existing connections with Load balancer continue to work until those connections officially close. After NAT gateway is added to the subnet of the virtual network, all new connections use NAT gateway for making outbound connections. 
      
       - question: Can NAT gateway be used to connect inbound?
         answer: |
           NAT gateway provides outbound connectivity from a virtual network. Return traffic in direct response to an outbound flow can also pass through NAT gateway. No inbound traffic directly from the internet can pass through NAT gateway.
       
       - question: Can a NAT gateway public IP connect directly to a private IP address over the internet?
         answer: |
-          No. A public IP address of NAT gateway cannot connect directly to a private IP over the internet. 
+          No. A public IP address of NAT gateway can't connect directly to a private IP over the internet. 
       
       - question: If multiple public IP addresses are assigned to a NAT gateway, is traffic flow disrupted when one of the IP addresses is removed?
         answer: |
-          Any active connections associated with a public IP address will terminate upon the public IP address being removed. If the NAT gateway resource has multiple public IPs, new traffic will be redistributed among the assigned IPs. It's advised that if you decide to remove one of the public IP addresses from the NAT gateway resource, use a maintenance window for the removal.
+          Any active connections associated with a public IP address terminate upon the public IP address being removed. If the NAT gateway resource has multiple public IPs, new traffic is distributed among the assigned IPs.
+          
+      - question: Can NAT gateway be used with IPv6 public IP addresses?
+        answer: |
+          No, NAT gateway doesn't support IPv6 public IP addresses at this time. You can configure dual stack outbound connectivity with NAT gateway and public Load balancer, see [configure dual stack outbound connectivity](./tutorial-dual-stack-outbound-nat-load-balancer.md?tabs=dual-stack-outbound-portal)
   
   - name: NAT gateway configurations
     questions:  
       - question: Is the NAT gateway public IP address static?  
         answer: |
           Yes. When NAT gateway is configured on a subnet, all outbound connectivity uses your specified static public IP address(es).  
 
-      - question: What is the maximum number of public IP addresses that can be used by NAT gateway?
+      - question: How many public IP addresses can be attached to NAT gateway?
         answer: |
-          The NAT gateway resource can use up to 16 public IP addresses. The NAT gateway can use any combination of public IP addresses and public IP address prefixes totaling to 16 addresses. The maximum prefix size that can be used by NAT gateway is /28 (16 addresses). Other public IP prefix sizes that can be used by NAT gateway include:
-          /29 (8 addresses), 
-          /30 (4 addresses), 
-          /31 (2 addresses).  
+          The NAT gateway resource can use up to 16 public IP addresses. The NAT gateway can use any combination of public IP addresses and public IP address prefixes totaling to 16 addresses. NAT gateway can support the following prefix sizes: /28 (16 addresses), /29 (8 addresses), /30 (4 addresses), and /31 (2 addresses).  
 
       - question: How can I use custom IP prefixes (BYOIP) with NAT gateway?
         answer: |
@@ -54,31 +55,31 @@ sections:
       
       - question: Can public IPs of an existing NAT gateway be changed? 
         answer: |
-          No, the address of an existing public IP can't be changed. A different or additional IP can be added to NAT gateway.  Associate either an existing or newly created public IP address to the NAT gateway resource.  Disassociate the old IP address. See [add or remove a public IP address](./manage-nat-gateway.md?tabs=manage-nat-portal#add-or-remove-a-public-ip-address) for guidance.
+          No, the address of an existing public IP can't be changed.  Associate either an existing or newly created public IP address to the NAT gateway resource.  Disassociate the old IP address. See [add or remove a public IP address](./manage-nat-gateway.md?tabs=manage-nat-portal#add-or-remove-a-public-ip-address) for guidance.
 
-      - question: If multiple public IP addresses are assigned to a NAT gateway resource, which public IPs will be used by my subnet resources?
+      - question: If multiple public IP addresses are assigned to a NAT gateway resource, which public IPs does my subnet resources use?
         answer: |
-          Any of your subnet resources can use any of the public IP addresses configured to your NAT gateway resource for outbound connectivity. Each time a new outbound connection is made through NAT gateway, the outbound public IP is selected at random. 
+          Your subnet resources can use any of the public IP addresses configured to your NAT gateway resource for outbound connectivity. Each time a new outbound connection is made through NAT gateway, the outbound public IP is selected at random. 
       
       - question: Can the address of a public IP be known before the IP address is created and attached to NAT gateway?
         answer: |
-          No, you cannot know the address of a newly created public IP before the public IP is created and deployed.
+          No, you can't know the address of a newly created public IP before the public IP is created and deployed.
       
       - question: If NAT gateway has multiple public IP addresses, can one of those IPs be assigned to a specific VM to use explicitly for going outbound?
         answer: |
-          No. Explicit IP assignment to specific VM instances in a NAT gateway configured subnet is not supported.
+          No. Explicit IP assignment to specific VM instances in a NAT gateway configured subnet isn't supported.
       
       - question: Are basic SKU resources (Basic Load Balancer and Basic public IP addresses) compatible with NAT gateway?
         answer: |
-          No. NAT gateway can only be used with standard SKU resources. Learn more from [VNet NAT basics](./nat-overview.md#azure-nat-gateway-basics)
+          No. NAT gateway is compatible with standard SKU resources. Learn more from [VNet NAT basics](./nat-overview.md#azure-nat-gateway-basics)
           You can upgrade your basic Load balancer and basic public IP address to standard in order to work with NAT gateway.
           
           To upgrade a basic Load balancer to standard, see [Upgrade Azure Public Load Balancer](../../load-balancer/upgrade-basic-standard.md)
           To upgrade a basic public IP to standard, see [Upgrade a public IP address](../ip-services/public-ip-upgrade-portal.md)
       
       - question: Can NAT gateway be attached to multiple virtual networks?  
         answer: |
-          No. NAT gateway cannot be attached to multiple virtual networks.  
+          No. NAT gateway can't be attached to multiple virtual networks.  
 
       - question: Can NAT gateway be attached to multiple subnets? 
         answer: |
@@ -94,21 +95,21 @@ sections:
           
       - question: Can multiple NAT gateways be attached to a single subnet?
         answer: |
-          No. NAT gateway operates based on the properties of the subnet it is attached to, and so multiple NAT gateways cannot be attached to a single subnet.
+          No. NAT gateway operates based on the properties of the subnet it's attached to, and so multiple NAT gateways can't be attached to a single subnet.
 
       - question: How does NAT gateway work with availability zones?   
         answer: |
           NAT gateway can be zonal or placed in "no zone". See [NAT gateway and availability zones](./nat-availability-zones.md) for more information. 
 
-          A "no zone" NAT gateway is placed into a zone for you by Azure and does not give a guarantee of redundancy.
+          A "no zone" NAT gateway is placed into a zone for you by Azure.
 
           A zonal NAT gateway is associated to a specific zone by the user when the NAT gateway is created.
           
-          After NAT gateway is deployed and placed in "no zone" or a specific zone, the zone selection cannot be changed.
+          The zonal configuration of NAT gateway can't be changed after deployment.
 
       - question: Can NAT gateway be moved from a region/subscription/resource group to another?
         answer: |
-          No. NAT gateway cannot be moved across subscriptions, regions, or resource groups. A new NAT gateway must be created for the other subscription, region, or resource group.
+          No. NAT gateway can't be moved across subscriptions, regions, or resource groups. A new NAT gateway must be created for the other subscription, region, or resource group.
       
       - question: How does NAT gateway work in a hub and spoke network architecture?
         answer: |
@@ -136,11 +137,11 @@ sections:
 
       - question: Can I use NAT gateway with Azure Firewall?
         answer: |
-          Yes. NAT gateway can be used with Azure Firewall. Azure Firewall when used with NAT gateway should be in a zonal configuration. NAT gateway will work with a zone redundant firewall, but it’s not a recommended deployment at this time. For more information about NAT gateway integration with Azure Firewall, see [Scale SNAT ports with Azure NAT Gateway](../../firewall/integrate-with-nat-gateway.md).
+          Yes. NAT gateway can be used with Azure Firewall. Azure Firewall when used with NAT gateway should be in a zonal configuration. NAT gateway works with a zone redundant firewall, but it’s not a recommended deployment at this time. For more information about NAT gateway integration with Azure Firewall, see [Scale SNAT ports with Azure NAT Gateway](../../firewall/integrate-with-nat-gateway.md).
 
       - question: Can I use NAT gateway with Virtual Network service endpoints or Private Link?
         answer: | 
-           Yes. The addition of a NAT gateway to a subnet with service endpoints does not affect the endpoints. [Virtual Network service endpoints](../virtual-network-service-endpoints-overview.md) enable a more specific route for the destination Azure service traffic they represent. Traffic for the service endpoint will continue to be routed toward the service and won't go via the NAT gateway. Private Link is recommended over service endpoints when connecting to Azure PaaS services directly from your Azure network.
+           Yes. The addition of a NAT gateway to a subnet with service endpoints doesn't affect the endpoints. [Virtual Network service endpoints](../virtual-network-service-endpoints-overview.md) enable a more specific route for the destination Azure service traffic they represent. Traffic for the service endpoint traverses the Azure backbone instead of the internet. Private Link is recommended over service endpoints when connecting to Azure PaaS services directly from your Azure network.
 
 additionalContent: |
 
diff --git a/articles/virtual-network/nat-gateway/nat-overview.md b/articles/virtual-network/nat-gateway/nat-overview.md
@@ -84,7 +84,7 @@ Virtual appliance UDR / ExpressRoute >> NAT gateway >> Instance-level public IP
 
   * Public IP addresses and prefixes derived from custom IP prefixes (BYOIP), to learn more, see [Custom IP address prefix (BYOIP)](../ip-services/custom-ip-address-prefix.md).
 
-* NAT gateway can’t be associated to an IPv6 public IP address or IPv6 public IP prefix. It can be associated to a dual stack subnet, but will only be able to direct outbound traffic with an IPv4 address.
+* NAT gateway can’t be associated to an IPv6 public IP address or IPv6 public IP prefix. It can be associated to a dual stack subnet, but will only be able to direct outbound traffic with an IPv4 address. To set up a dual stack outbound configuration, see [dual stack outbound connectivity with NAT gateway and Load balancer](/azure/virtual-network/nat-gateway/tutorial-dual-stack-outbound-nat-load-balancer?tabs=dual-stack-outbound-portal).
 
 * NAT gateway can be associated to an Azure Firewall subnet in a hub virtual network and provide outbound connectivity from spoke virtual networks peered to the hub. To learn more, see [Azure Firewall integration with NAT gateway](../../firewall/integrate-with-nat-gateway.md).
 
diff --git a/articles/virtual-network/nat-gateway/troubleshoot-nat.md b/articles/virtual-network/nat-gateway/troubleshoot-nat.md
@@ -55,7 +55,7 @@ Refer to the table below for which tools to use to validate NAT gateway connecti
 
 ### How to analyze outbound connectivity
 
-To analyze outbound traffic from NAT gateway, use NSG flow logs. NSG flow logs provide connection information for your virtual machines. The connection information contains the source IP and port and the destination IP and port and the state of the connection. The traffic flow direction and the size of the traffic in number of packets and bytes sent is also logged.
+To analyze outbound traffic from NAT gateway, use NSG flow logs. NSG flow logs provide connection information for your virtual machines. The connection information contains the source IP and port and the destination IP and port and the state of the connection. The traffic flow direction and the size of the traffic in number of packets and bytes sent is also logged. The source IP and port specified in the NSG flow log will be that of the virtual machine and not of the NAT gateway.
 
 * To learn more about NSG flow logs, see [NSG flow log overview](../../network-watcher/network-watcher-nsg-flow-logging-overview.md).
 
@@ -151,7 +151,9 @@ To get your virtual machine NIC out of a failed state, you can use one of the tw
 
 ### Can't exceed 16 public IP addresses on NAT gateway 
 
-NAT gateway can't be associated with more than 16 public IP addresses. You can use any combination of public IP addresses and prefixes with NAT gateway up to a total of 16 IP addresses. The following IP prefix sizes can be used with NAT gateway: 
+NAT gateway can't be associated with more than 16 public IP addresses. You can use any combination of public IP addresses and prefixes with NAT gateway up to a total of 16 IP addresses. To add or remove a public IP, see [add or remove a public IP address](/azure/virtual-network/nat-gateway/manage-nat-gateway?tabs=manage-nat-portal#add-or-remove-a-public-ip-address). 
+
+The following IP prefix sizes can be used with NAT gateway: 
 
 * /28 (sixteen addresses) 
 
@@ -163,7 +165,7 @@ NAT gateway can't be associated with more than 16 public IP addresses. You can u
 
 ### IPv6 coexistence
 
-[NAT gateway](nat-overview.md) supports IPv4 UDP and TCP protocols. NAT gateway can't be associated to an IPv6 Public IP address or IPv6 Public IP Prefix. NAT gateway can be deployed on a dual stack subnet, but will still only use IPv4 Public IP addresses for directing outbound traffic. Deploy NAT gateway on a dual stack subnet when you need IPv6 resources to exist in the same subnet as IPv4 resources.
+[NAT gateway](nat-overview.md) supports IPv4 UDP and TCP protocols. NAT gateway can't be associated to an IPv6 Public IP address or IPv6 Public IP Prefix. NAT gateway can be deployed on a dual stack subnet, but will still only use IPv4 Public IP addresses for directing outbound traffic. Deploy NAT gateway on a dual stack subnet when you need IPv6 resources to exist in the same subnet as IPv4 resources. See [Configure dual stack outbound connectivity with NAT gateway and public Load balancer](/azure/virtual-network/nat-gateway/tutorial-dual-stack-outbound-nat-load-balancer?tabs=dual-stack-outbound-portal) to learn how to provide IPv4 and IPv6 outbound connectivity from your dual stack subnet.
 
 ### Can't use basic SKU public IPs with NAT gateway 
 
