edit pass: virtual-network-planning-configuring

Author: paulth1

articles/virtual-network/virtual-network-optimize-network-bandwidth.md

@@ -1,6 +1,6 @@
 ---
 title: Optimize Azure VM network throughput
-description: Optimize network throughput for Microsoft Azure Windows and Linux virtual machines, including major distributions such as Ubuntu and Red Hat.
+description: Optimize network throughput for Windows and Linux virtual machines, including major distributions such as Ubuntu and Red Hat.
 services: virtual-network
 author: asudbring
 manager: Gerald DeGrace
@@ -13,15 +13,15 @@ ms.author: allensu
 
 # Optimize network throughput for Azure virtual machines
 
-Azure Virtual Machines (VMs) have default network settings that can be further optimized for network throughput. This article describes how to optimize network throughput for Microsoft Azure Windows and Linux VMs, including major distributions such as Ubuntu and Red Hat.
+Azure virtual machines (VMs) have default network settings that can be further optimized for network throughput. This article describes how to optimize network throughput for Windows and Linux VMs, including major distributions such as Ubuntu and Red Hat.
 
 ## Windows virtual machines
 
-If your Windows virtual machine supports *accelerated networking*, enable that feature for optimal throughput. For more information, see [Create a Windows VM with accelerated networking](create-vm-accelerated-networking-powershell.md).
+If your Windows VM supports *accelerated networking*, enable that feature for optimal throughput. For more information, see [Create a Windows VM with accelerated networking](create-vm-accelerated-networking-powershell.md).
 
-For all other Windows virtual machines, using Receive Side Scaling (RSS) can reach higher maximal throughput than a VM without RSS. RSS might be disabled by default in a Windows VM. To determine whether RSS is enabled, and enable it if it's currently disabled, complete the following steps:
+For all other Windows VMs, using Receive Side Scaling (RSS) can reach higher maximal throughput than a VM without RSS. RSS might be disabled by default in a Windows VM. To determine whether RSS is enabled, and enable it if it's currently disabled, follow these steps:
 
-1. See if RSS is enabled for a network adapter with the [Get-NetAdapterRss](/powershell/module/netadapter/get-netadapterrss) PowerShell command. In the following example output returned from the `Get-NetAdapterRss`, RSS isn't enabled.
+1. See if RSS is enabled for a network adapter with the [Get-NetAdapterRss](/powershell/module/netadapter/get-netadapterrss) PowerShell command. In the following example, output returned from the `Get-NetAdapterRss` RSS isn't enabled.
 
    ```powershell
    Name                    : Ethernet
@@ -35,7 +35,7 @@ For all other Windows virtual machines, using Receive Side Scaling (RSS) can rea
    Get-NetAdapter | % {Enable-NetAdapterRss -Name $_.Name}
    ```
 
-   This command doesn't have an output. The command changes NIC settings. It causes temporary connectivity loss for about one minute. A *Reconnecting* dialog appears during the connectivity loss. Connectivity is typically restored after the third attempt.
+   This command doesn't have an output. The command changes network interface card (NIC) settings. It causes temporary connectivity loss for about one minute. A **Reconnecting** dialog appears during the connectivity loss. Connectivity is typically restored after the third attempt.
 
 1. Confirm that RSS is enabled in the VM by entering the `Get-NetAdapterRss` command again. If successful, the following example output is returned:
 
@@ -51,9 +51,9 @@ RSS is always enabled by default in an Azure Linux VM. Linux kernels released si
 
 ### Ubuntu for new deployments
 
-The Ubuntu Azure kernel is the most optimized for network performance on Azure. Currently all Ubuntu images by Canonical come by default with the optimized Azure kernel installed.
+The Ubuntu on Azure kernel is the most optimized for network performance on Azure. Currently, all Ubuntu images by Canonical come by default with the optimized Azure kernel installed.
 
-You can simply use the command below to make sure you are using the Azure kernel which is identified by -azure at the end of the version.
+Use the following command to make sure that you're using the Azure kernel, which is identified by `-azure` at the end of the version.
 
 ```bash
 uname -r
@@ -62,7 +62,7 @@ uname -r
 6.8.0-1017-azure
 ```
 
-#### Ubuntu Azure kernel upgrade for existing VMs
+#### Ubuntu on Azure kernel upgrade for existing VMs
 
 You can get significant throughput performance by upgrading to the Azure Linux kernel. To verify whether you have this kernel, check your kernel version. It should be the same or later than the example.
 
@@ -74,7 +74,7 @@ uname -r
 #4.13.0-1007-azure
 ```
 
-If your virtual machine doesn't have the Azure kernel, the version number usually begins with "4.4." If the VM doesn't have the Azure kernel, run the following commands as root:
+If your VM doesn't have the Azure kernel, the version number usually begins with 4.4. If the VM doesn't have the Azure kernel, run the following commands as root:
 
 ```bash
 #run as root or preface with sudo
@@ -84,11 +84,12 @@ sudo apt-get dist-upgrade -y
 sudo apt-get install "linux-azure"
 sudo reboot
 ```
+
 ### Other distributions
 
-Most modern distributions should have significant improvements with kernels newer than 4.19+, you can check the current kernel version and make sure you are running a newer kernel.
+Most modern distributions should have significant improvements with kernels newer than 4.19+. Check the current kernel version to make sure that you're running a newer kernel.
 
-## Next steps
+## Related content
 
 - Deploy VMs close to each other for low latency with [proximity placement groups](/azure/virtual-machines/co-location).
 - See the optimized result with [Bandwidth/Throughput testing](virtual-network-bandwidth-testing.md) for your scenario.

articles/virtual-network/virtual-network-vnet-plan-design-arm.md

@@ -65,13 +65,13 @@ You can filter network traffic to and from resources in a virtual network by usi
 - A network security group contains several default security rules that allow or deny traffic to or from resources. You can associate a network security group to a network interface, the subnet the network interface is in, or both. To simplify management of security rules, we recommend that you associate a network security group to individual subnets rather than individual network interfaces within the subnet whenever possible.
 - If different VMs within a subnet need different security rules applied to them, you can associate the network interface in the VM to one or more application security groups. A security rule can specify an application security group in its source, destination, or both. That rule then applies only to the network interfaces that are members of the application security group. Learn more about [network security groups](./network-security-groups-overview.md) and [application security groups](./network-security-groups-overview.md#application-security-groups).
 - When a network security group is associated at the subnet level, it applies to all the network interface controllers in the subnet, not just to the traffic coming from outside the subnet. The traffic between the VMs contained in the subnet might also be affected.
-- Azure creates several default security rules within each network security group. One default rule allows all traffic to flow between all resources in a virtual network. To override this behavior, use network security groups, custom routing to route traffic to an NVA, or both. We recommend that you familiarize yourself with all of Azure's [default security rules](./network-security-groups-overview.md#default-security-rules) and understand how network security group rules are applied to a resource.
+- Azure creates several default security rules within each network security group. One default rule allows all traffic to flow between all resources in a virtual network. To override this behavior, use network security groups, custom routing to route traffic to an NVA, or both. We recommend that you familiarize yourself with all the Azure [default security rules](./network-security-groups-overview.md#default-security-rules) and understand how network security group rules are applied to a resource.
 
 You can view sample designs for implementing a perimeter network (also known as a DMZ) between Azure and the internet by using an [NVA](/azure/architecture/reference-architectures/dmz/secure-vnet-dmz?toc=%2Fazure%2Fvirtual-network%2Ftoc.json).
 
 ### Traffic routing
 
-Azure creates several default routes for outbound traffic from a subnet. You can override Azure's default routing by creating a route table and associating it to a subnet. Common reasons for overriding Azure's default routing are:
+Azure creates several default routes for outbound traffic from a subnet. You can override the Azure default routing by creating a route table and associating it to a subnet. Common reasons for overriding the Azure default routing are:
 
 - You want traffic between subnets to flow through an NVA. Learn more about how to [configure route tables to force traffic through an NVA](tutorial-create-route-table-portal.md).
 - You want to force all internet-bound traffic through an NVA, or on-premises, through an Azure VPN gateway. Forcing internet traffic on-premises for inspection and logging is often referred to as forced tunneling. Learn more about how to configure [forced tunneling](../vpn-gateway/vpn-gateway-forced-tunneling-rm.md?toc=%2Fazure%2Fvirtual-network%2Ftoc.json).
@@ -86,7 +86,7 @@ You can connect a virtual network to other virtual networks by using virtual net
 
 When you use [virtual network peering](virtual-network-peering-overview.md), you can have virtual networks in the same or different supported Azure regions. You can have virtual networks in the same or different Azure subscriptions (even subscriptions that belong to different Microsoft Entra tenants).
 
-Before you create a peering, we recommend that you familiarize yourself with all of the peering [requirements and constraints](virtual-network-manage-peering.md#requirements-and-constraints). Bandwidth between resources in virtual networks peered in the same region is the same as if the resources were in the same virtual network.
+Before you create a peering, we recommend that you familiarize yourself with all the peering [requirements and constraints](virtual-network-manage-peering.md#requirements-and-constraints). Bandwidth between resources in virtual networks peered in the same region is the same as if the resources were in the same virtual network.
 
 ### VPN gateway
 
@@ -96,7 +96,7 @@ You can combine peering and a VPN gateway to create [hub-and-spoke networks](/az
 
 ### Name resolution
 
-Resources in one virtual network can't resolve the names of resources in a peered virtual network by using Azure's [built-in DNS](virtual-networks-name-resolution-for-vms-and-role-instances.md). To resolve names in a peered virtual network, [deploy your own DNS server](virtual-networks-name-resolution-for-vms-and-role-instances.md#name-resolution-that-uses-your-own-dns-server) or use Azure DNS [private domains](../dns/private-dns-overview.md?toc=%2fazure%2fvirtual-network%2ftoc.json). Resolving names between resources in a virtual network and on-premises networks also requires you to deploy your own DNS server.
+Resources in one virtual network can't resolve the names of resources in a peered virtual network by using the Azure [built-in Domain Name System (DNS)](virtual-networks-name-resolution-for-vms-and-role-instances.md). To resolve names in a peered virtual network, [deploy your own DNS server](virtual-networks-name-resolution-for-vms-and-role-instances.md#name-resolution-that-uses-your-own-dns-server) or use Azure DNS [private domains](../dns/private-dns-overview.md?toc=%2fazure%2fvirtual-network%2ftoc.json). Resolving names between resources in a virtual network and on-premises networks also requires you to deploy your own DNS server.
 
 ## Permissions
 

articles/virtual-network/virtual-networks-name-resolution-ddns.md

@@ -1,6 +1,6 @@
 ---
-title: Using dynamic DNS to register hostnames in Azure
-description: Learn how to set up dynamic DNS to register hostnames in your own DNS servers.
+title: Use dynamic DNS to register host names in Azure
+description: Learn how to set up dynamic DNS to register host names in your own DNS servers.
 services: dns
 author: greg-lindsay
 manager: kumud
@@ -12,21 +12,23 @@ ms.date: 04/27/2023
 ms.author: greglin
 ---
 
-# Use dynamic DNS to register hostnames in your own DNS server
+# Use dynamic DNS to register host names in your own DNS server
 
-[Azure provides name resolution](virtual-networks-name-resolution-for-vms-and-role-instances.md) for virtual machines (VM) and role instances. When your name resolution needs exceed the capabilities provided by Azure's default DNS, you can provide your own DNS servers. Using your own DNS servers gives you the ability to tailor your DNS solution to suit your own specific needs. For example, you may need to access on-premises resources via your Active Directory domain controller.
+[Azure provides name resolution](virtual-networks-name-resolution-for-vms-and-role-instances.md) for virtual machines (VMs) and role instances. When your name resolution needs exceed the capabilities provided by the Azure default Domain Name System (DNS), you can provide your own DNS servers. Using your own DNS servers gives you the ability to tailor your DNS solution to suit your own specific needs. For example, you might need to access on-premises resources via your Active Directory domain controller.
 
-When your custom DNS servers are hosted as Azure VMs, you can forward hostname queries for the same virtual network to Azure to resolve hostnames. If you don't wish to use this option, you can register your VM hostnames in your DNS server using dynamic DNS (DDNS). Azure doesn't have the credentials to directly create records in your DNS servers, so alternative arrangements are often needed. Some common scenarios, with alternatives follow:
+When your custom DNS servers are hosted as Azure VMs, you can forward host-name queries for the same virtual network to Azure to resolve host names. If you don't want to use this option, you can register your VM host names in your DNS server by using dynamic DNS (DDNS). Azure doesn't have the credentials to directly create records in your DNS servers, so alternative arrangements are often needed. This article describes some common scenarios, with alternatives.
 
 ## Windows clients
-Non-domain-joined Windows clients attempt unsecured DDNS updates when they boot, or when their IP address changes. The DNS name is the hostname plus the primary DNS suffix. Azure leaves the primary DNS suffix blank, but you can set the suffix in the VM, via the [user interface](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc794784(v=ws.10)) or [PowerShell](/powershell/module/dnsclient/set-dnsclient).
+
+Non-domain-joined Windows clients attempt unsecured DDNS updates when they boot or when their IP address changes. The DNS name is the host name plus the primary DNS suffix. Azure leaves the primary DNS suffix blank, but you can set the suffix in the VM, via the [user interface](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc794784(v=ws.10)) or [PowerShell](/powershell/module/dnsclient/set-dnsclient).
 
 Domain-joined Windows clients register their IP addresses with the domain controller by using secure DDNS. The domain-join process sets the primary DNS suffix on the client and creates and maintains the trust relationship.
 
 ## Linux clients
-Linux clients generally don't register themselves with the DNS server on startup, they assume the DHCP server does it. Azure's DHCP servers don't have the credentials to register records in your DNS server. You can use a tool called `nsupdate`, which is included in the Bind package, to send DDNS updates. Because the DDNS protocol is standardized, you can use `nsupdate` even when you're not using Bind on the DNS server.
 
-You can use the hooks that are provided by the DHCP client to create and maintain the hostname entry in the DNS server. During the DHCP cycle, the client executes the scripts in */etc/dhcp/dhclient-exit-hooks.d/*. You can use the hooks to register the new IP address using `nsupdate`. For example:
+Linux clients generally don't register themselves with the DNS server on startup. They assume that the Dynamic Host Configuration Protocol (DHCP) server does it. The Azure DHCP servers don't have the credentials to register records in your DNS server. You can use a tool called `nsupdate`, which is included in the Bind package, to send DDNS updates. Because the DDNS protocol is standardized, you can use `nsupdate` even when you aren't using Bind on the DNS server.
+
+You can use the hooks that are provided by the DHCP client to create and maintain the hostname entry in the DNS server. During the DHCP cycle, the client executes the scripts in `/etc/dhcp/dhclient-exit-hooks.d/`. You can use the hooks to register the new IP address by using `nsupdate`. For example:
 
 ```bash
 #!/bin/sh
@@ -52,11 +54,11 @@ then
 fi
 ```
 
-You can also use the `nsupdate` command to perform secure DDNS updates. For example, when you're using a Bind DNS server, a public-private key pair is generated (`http://linux.yyz.us/nsupdate/`). The DNS server is configured (`http://linux.yyz.us/dns/ddns-server.html`) with the public part of the key, so that it can verify the signature on the request. To provide the key-pair to `nsupdate`, use the `-k` option, for the DDNS update request to be signed.
+You can also use the `nsupdate` command to perform secure DDNS updates. For example, when you use a Bind DNS server, a public-private key pair is generated (`http://linux.yyz.us/nsupdate/`). The DNS server is configured (`http://linux.yyz.us/dns/ddns-server.html`) with the public part of the key so that it can verify the signature on the request. To provide the key-pair to `nsupdate`, use the `-k` option for the DDNS update request to be signed.
 
-When you're using a Windows DNS server, you can use Kerberos authentication with the `-g` parameter in `nsupdate`, but it's not available in the Windows version of `nsupdate`. To use Kerberos, use `kinit` to load the credentials. For example, you can load credentials from a [keytab file](https://www.itadmintools.com/2011/07/creating-kerberos-keytab-files.html)), then `nsupdate -g` picks up the credentials, from the cache.
+When you use a Windows DNS server, you can use Kerberos authentication with the `-g` parameter in `nsupdate`, but it isn't available in the Windows version of `nsupdate`. To use Kerberos, use `kinit` to load the credentials. For example, you can load credentials from a [keytab file](https://www.itadmintools.com/2011/07/creating-kerberos-keytab-files.html)), and then `nsupdate -g` picks up the credentials from the cache.
 
-If needed, you can add a DNS search suffix to your VMs. The DNS suffix is specified in the */etc/resolv.conf* file. Most Linux distros automatically manage the content of this file, so usually you can't edit it. However, you can override the suffix by using the DHCP client's `supersede` command. To override the suffix, add the following line to the */etc/dhcp/dhclient.conf* file:
+If needed, you can add a DNS search suffix to your VMs. The DNS suffix is specified in the `/etc/resolv.conf` file. Most Linux distros automatically manage the content of this file, so usually you can't edit it. You can override the suffix by using the DHCP client's `supersede` command. To override the suffix, add the following line to the `/etc/dhcp/dhclient.conf` file:
 
 ```
 supersede domain-name <required-dns-suffix>;