Merge pull request #267485 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)

Author: Taojunshen

articles/aks/azure-cni-overview.md

@@ -15,7 +15,11 @@ ms.date: 9/13/2023
 
 By default, AKS clusters use [kubenet][kubenet] and create a virtual network and subnet. With *kubenet*, nodes get an IP address from a virtual network subnet. Network address translation (NAT) is then configured on the nodes, and pods receive an IP address "hidden" behind the node IP. This approach reduces the number of IP addresses that you need to reserve in your network space for pods to use.
 
-With [Azure Container Networking Interface (CNI)][cni-networking], every pod gets an IP address from the subnet and can be accessed directly. Systems in the same virtual network as the AKS cluster see the pod IP as the source address for any traffic from the pod. Systems outside the AKS cluster virtual network see the node IP as the source address for any traffic from the pod. These IP addresses must be unique across your network space and must be planned in advance. Each node has a configuration parameter for the maximum number of pods that it supports. The equivalent number of IP addresses per node are then reserved up front for that node. This approach requires more planning, and often leads to IP address exhaustion or the need to rebuild clusters in a larger subnet as your application demands grow.
+With [Azure Container Networking Interface (CNI)][cni-networking], every pod gets an IP address from the subnet and can be accessed directly. Systems in the same virtual network as the AKS cluster see the pod IP as the source address for any traffic from the pod. Systems outside the AKS cluster virtual network see the node IP as the source address for any traffic from the pod. These IP addresses must be unique across your network space and must be planned in advance. Each node has a configuration parameter for the maximum number of pods that it supports. The equivalent number of IP addresses per node are then reserved up front for that node. This approach requires more planning, and often leads to IP address exhaustion or the need to rebuild clusters in a larger subnet as your application demands grow.  
+
+> [!NOTE]
+> 
+> This article is only introducing traditional Azure CNI. For [Azure CNI Overlay][azure-cni-overlay] and [Azure CNI for dynamic IP allocation][configure-azure-cni-dynamic-ip-allocation], refer to their documentation instead.  
 
 ## Prerequisites
 
@@ -120,11 +124,13 @@ Although it's technically possible to specify a service address range within the
 
 * **Can I deploy VMs in my cluster subnet?**
 
-  Yes.
+  Yes. But for [Azure CNI for dynamic IP allocation][configure-azure-cni-dynamic-ip-allocation], the VMs cannot be deployed in pod's subnet. 
 
 * **What source IP do external systems see for traffic that originates in an Azure CNI-enabled pod?**
 
   Systems in the same virtual network as the AKS cluster see the pod IP as the source address for any traffic from the pod. Systems outside the AKS cluster virtual network see the node IP as the source address for any traffic from the pod.
+  
+  But for [Azure CNI for dynamic IP allocation][configure-azure-cni-dynamic-ip-allocation], no matter the connection is inside the same virtual network or cross virtual networks, the pod IP is always the source address for any traffic from the pod. This is because the [Azure CNI for dynamic IP allocation][configure-azure-cni-dynamic-ip-allocation] implements [Microsoft Azure Container Networking][github-azure-container-networking] infrastructure, which gives end-to-end experience. Hence, it eliminates the use of [`ip-masq-agent`][ip-masq-agent], which is still used by traditional Azure CNI.  
 
 * **Can I configure per-pod network policies?**
 
@@ -166,6 +172,8 @@ Learn more about networking in AKS in the following articles:
 [cni-networking]: https://github.com/Azure/azure-container-networking/blob/master/docs/cni.md
 [kubenet]: concepts-network.md#kubenet-basic-networking
 [github]: https://raw.githubusercontent.com/microsoft/Docker-Provider/ci_prod/kubernetes/container-azm-ms-agentconfig.yaml
+[github-azure-container-networking]: https://github.com/Azure/azure-container-networking
+[ip-masq-agent]: https://kubernetes.io/docs/tasks/administer-cluster/ip-masq-agent/
 
 <!-- LINKS - Internal -->
 [az-aks-create]: /cli/azure/aks#az_aks_create
@@ -183,3 +191,5 @@ Learn more about networking in AKS in the following articles:
 [network-comparisons]: concepts-network.md#compare-network-models
 [system-node-pools]: use-system-pools.md
 [prerequisites]: configure-azure-cni.md#prerequisites
+[azure-cni-overlay]: azure-cni-overlay.md
+[configure-azure-cni-dynamic-ip-allocation]: configure-azure-cni-dynamic-ip-allocation.md

articles/aks/configure-azure-cni-dynamic-ip-allocation.md

@@ -133,18 +133,9 @@ Azure CNI provides the capability to monitor IP subnet usage. To enable IP subne
 
 Set the variables for subscription, resource group and cluster. Consider the following as examples:
 
-```azurecli
-
-    $s="subscriptionId"
-
-    $rg="resourceGroup"
-
-    $c="ClusterName"
-
-    az account set -s $s
-
-    az aks get-credentials -n $c -g $rg
-
+```azurecli-interactive
+az account set -s $subscription
+az aks get-credentials -n $clusterName -g $resourceGroup
 ```
 
 ### Apply the config

articles/iot-hub-device-update/device-update-agent-check.md

@@ -1,8 +1,8 @@
 ---
 title: Device Update for Azure IoT Hub agent check | Microsoft Docs
 description: Device Update for IoT Hub uses Agent Check to find and diagnose missing devices.
-author: chrisjlin
-ms.author: lichris
+author: vimeht
+ms.author: vimeht
 ms.date: 10/31/2022
 ms.topic: how-to
 ms.service: iot-hub-device-update

articles/iot-hub-device-update/troubleshoot-device-update.md

@@ -1,8 +1,8 @@
 ---
 title: Troubleshoot common Device Update for Azure IoT Hub issues | Microsoft Docs
 description: This document provides a list of tips and tricks to help remedy many possible issues you may be having with Device Update for IoT Hub.
-author: chrisjlin
-ms.author: lichris
+author: vimeht
+ms.author: vimeht
 ms.date: 9/13/2022
 ms.topic: troubleshooting
 ms.service: iot-hub-device-update

articles/search/search-howto-complex-data-types.md

@@ -244,6 +244,108 @@ To filter on a complex collection field, you can use a **lambda expression** wit
 
 As with top-level simple fields, simple subfields of complex fields can only be included in filters if they have the **filterable** attribute set to `true` in the index definition. For more information, see the [Create Index API reference](/rest/api/searchservice/create-index).
 
+Azure Search has the limitation that the complex objects in the collections across a single document cannot exceed 3000.
+
+Users will encounter the below error during indexing when complex collections exceed the 3000 limit.
+
+“A collection in your document exceeds the maximum elements across all complex collections limit. The document with key '1052' has '4303' objects in collections (JSON arrays). At most '3000' objects are allowed to be in collections across the entire document. Remove objects from collections and try indexing the document again."
+
+In some use cases, we might need to add more than 3000 items to a collection. In those use cases, we can pipe (|) or use any form of delimiter to delimit the values, concatenate them, and store them as a delimited string. There is no limitation on the number of strings stored in an array in Azure Search. Storing these complex values as strings avoids the limitation. The customer needs to validate whether this workaround meets their scenario requirements.
+
+For example, it wouldn't be possible to use complex types if the "searchScope" array below had more than 3000 elements.
+
+```json
+
+"searchScope": [
+  {
+     "countryCode": "FRA",
+     "productCode": 1234,
+     "categoryCode": "C100" 
+  },
+  {
+     "countryCode": "USA",
+     "productCode": 1235,
+     "categoryCode": "C200" 
+  }
+]
+```
+
+Storing these complex values as strings with a delimiter avoids the limitation
+
+```json
+"searchScope": [
+        "|FRA|1234|C100|",
+        "|FRA|*|*|",
+        "|*|1234|*|",
+        "|*|*|C100|",
+        "|FRA|*|C100|",
+        "|*|1234|C100|"
+]
+
+```
+Rather than storing these with wildcards, we can also use a [custom analyzer](index-add-custom-analyzers.md)  that splits the word into | to cut down on storage size.
+
+The reason we have stored the values with wildcards instead of just storing them as below
+
+>`|FRA|1234|C100|`
+
+is to cater to search scenarios where the customer might want to search for items that have country France, irrespective of products and categories. Similarly, the customer might need to search to see if the item has product 1234, irrespective of the country or the category.
+
+If we had stored only one entry
+
+>`|FRA|1234|C100|`
+
+without wildcards, if the user wants to filter only on France, we cannot convert the user input to match the "searchScope" array because we don't know what combination of France is present in our "searchScope" array
+
+
+If the user wants to filter only by country, let's say France. We will take the user input and construct it as a string as below:
+
+>`|FRA|*|*|`
+
+which we can then use to filter in azure search as we search in an array of item values
+
+```csharp
+foreach (var filterItem in filterCombinations)
+        {
+            var formattedCondition = $"searchScope/any(s: s eq '{filterItem}')";
+            combFilter.Append(combFilter.Length > 0 ? " or (" + formattedCondition + ")" : "(" + formattedCondition + ")");
+        }
+
+```
+Similarly, if the user searches for France and the 1234 product code, we will take the user input, construct it as a delimited string as below, and match it against our search array.
+
+>`|FRA|1234|*|`
+
+If the user searches for 1234 product code, we will take the user input, construct it as a delimited string as below, and match it against our search array.
+
+>`|*|1234|*|`
+
+If the user searches for the C100 category code, we will take the user input, construct it as a delimited string as below, and match it against our search array.
+
+>`|*|*|C100|`
+
+If the user searches for France and the 1234 product code and C100 category code, we will take the user input, construct it as a delimited string as below, and match it against our search array.
+
+>`|FRA|1234|C100|`
+
+If a user tries to search for countries not present in our list, it will not match the delimited array "searchScope" stored in the search index, and no results will be returned.
+For example, a user searches for Canada and product code 1234. The user search would be converted to
+
+>`|CAN|1234|*|`
+
+This will not match any of the entries in the delimited array in our search index.
+
+Only the above design choice requires this wild card entry; if it had been saved as a complex object, we could have simply performed an explicit search as shown below.
+
+```csharp
+           var countryFilter = $"searchScope/any(ss: search.in(countryCode ,'FRA'))";
+            var catgFilter = $"searchScope/any(ss: search.in(categoryCode ,'C100'))";
+            var combinedCountryCategoryFilter = "(" + countryFilter + " and " + catgFilter + ")";
+
+```
+We can thus satisfy requirements where we need to search for a combination of values by storing it as a delimited string instead of a complex collection if our complex collections exceed the Azure Search limit. This is one of the workarounds, and the customer needs to validate if this would meet their scenario requirements.
+
+
 ## Next steps
 
 Try the [Hotels data set](https://github.com/Azure-Samples/azure-search-sample-data/tree/master/hotels) in the **Import data** wizard. You need the Azure Cosmos DB connection information provided in the readme to access the data.

articles/virtual-machines/capacity-reservation-associate-vm.md

@@ -38,7 +38,7 @@ In the request body, include the `capacityReservationGroup` property:
       "vmSize": "Standard_D2s_v3" 
     }, 
     … 
-   "CapacityReservation":{ 
+   "capacityReservation":{ 
     "capacityReservationGroup":{ 
         "id":"subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/CapacityReservationGroups/{CapacityReservationGroupName}" 
     } 

articles/virtual-machines/trusted-launch-faq.md

@@ -357,6 +357,9 @@ Architecture      : x64
 
 ---
 
+### How external communication drivers work with Trusted Launch VMs ?
+
+Adding COM ports requires disabling Secure Boot. Hence, COM ports are disabled by default in Trusted Launch VMs.
 
 ## Power states
 

articles/virtual-network/application-security-groups.md

@@ -15,7 +15,7 @@ Application security groups enable you to configure network security as a natura
 
 :::image type="content" source="./media/security-groups/application-security-groups.png" alt-text="Diagram of Application security groups.":::
 
-In the previous picture, *NIC1* and *NIC2* are members of the *AsgWeb* application security group. *NIC3* is a member of the *AsgLogic* application security group. *NIC4* is a member of the *AsgDb* application security group. Though each network interface (NIC) in this example is a member of only one network security group, a network interface can be a member of multiple application security groups, up to the [Azure limits](../azure-resource-manager/management/azure-subscription-service-limits.md?toc=%2fazure%2fvirtual-network%2ftoc.json#azure-resource-manager-virtual-networking-limits). None of the network interfaces have an associated network security group. *NSG1* is associated to both subnets and contains the following rules:
+In the previous picture, *NIC1* and *NIC2* are members of the *AsgWeb* application security group. *NIC3* is a member of the *AsgLogic* application security group. *NIC4* is a member of the *AsgDb* application security group. Though each network interface (NIC) in this example is a member of only one application security group, a network interface can be a member of multiple application security groups, up to the [Azure limits](../azure-resource-manager/management/azure-subscription-service-limits.md?toc=%2fazure%2fvirtual-network%2ftoc.json#azure-resource-manager-virtual-networking-limits). None of the network interfaces have an associated network security group. *NSG1* is associated to both subnets and contains the following rules:
 
 ## Allow-HTTP-Inbound-Internet
 

articles/virtual-network/tutorial-tap-virtual-network-cli.md

@@ -55,14 +55,13 @@ Read [prerequisites](virtual-network-tap-overview.md#prerequisites) before you c
        --out tsv)
       ```
 
-   - Create the virtual network TAP in the *westcentralus* Azure region using the ID of the IP configuration as the destination and an optional port property. The port specifies the destination port on network interface IP configuration where the TAP traffic will be received :
+   - Create the virtual network TAP in the *westcentralus* Azure region using the ID of the IP configuration as the destination. The traffic mirror destination must allow traffic to port 4789:
 
       ```azurecli-interactive
        az network vnet tap create \
        --resource-group myResourceGroup \
        --name myTap \
        --destination $IpConfigId \
-       --port 4789 \
        --location westcentralus
       ```
 

articles/virtual-network/virtual-network-bandwidth-testing.md

@@ -156,6 +156,7 @@ To measure throughput from Linux machines, use [NTTTCP-for-Linux](https://github
    - For **Ubuntu**, install `build-essential` and `git`.
 
      ```bash
+     sudo apt-get update
      sudo apt-get -y install build-essential
      sudo apt-get -y install git
      ```