Skip to main content
  1. Home
  2. >
  3. Azure
  4. >
  5. AZ-305
  6. >
  7. This article

Azure AZ-305 Drill: Hybrid Networking - Troubleshooting ExpressRoute Connectivity

·611 words·3 mins·
Architecture Drills Microsoft Azure AZ-305 Azure CAF Governance ExpressRoute
Jeff Taakey
Author
Jeff Taakey
21+ Year Enterprise Architect | Multi-Cloud Architect & Strategist.
Jeff's Architecture Insights
Go beyond static exam dumps. Jeff’s Insights is engineered to cultivate the mindset of a Production-Ready Architect. We move past ‘correct answers’ to dissect the strategic trade-offs and multi-cloud patterns required to balance reliability, security, and TCO in mission-critical environments.
Table of Contents

While preparing for the AZ-305 exam, many candidates struggle with hybrid networking troubleshooting. In the enterprise world, this decision often hinges on analyzing network security compliance vs. leveraging the right Azure diagnostics tooling. Let’s drill into a simulated hybrid connectivity scenario.

The Scenario
#

Tailwind Manufacturing, a global industrial company, operates multiple virtual machines across local datacenters and Azure subscriptions. They use an ExpressRoute circuit to create a private, dedicated link between their on-prem network and Azure VNets to support sensitive operational workloads. Recently, several VMs in Azure intermittently fail to communicate with on-premises services. The network team must analyze network traffic at the VM level to determine whether packets are being allowed or denied, isolating whether security policies or routing are blocking traffic.

Key Requirements
#

Determine if the proposed solution—the use of Azure Advisor to analyze network traffic—is appropriate for diagnosing packet-level connectivity issues on ExpressRoute-connected VMs.

The Options
#

  • A) Yes, Azure Advisor can analyze network traffic to determine if packets are allowed or denied.
  • B) No, Azure Advisor does not provide network traffic packet-level analysis for VMs.

Correct Answer
#

B) No, Azure Advisor does not provide network traffic packet-level analysis for VMs.

The Architect’s Analysis
#

Correct Answer
#

Option B.

Step-by-Step Winning Logic
#

Azure Advisor is a proactive management service offering tailored recommendations across governance, security, reliability, and cost, but it does not function as a network diagnostic tool. To troubleshoot network traffic issues in hybrid scenarios with ExpressRoute, the Azure Well-Architected Framework recommends leveraging services that enable packet-level visibility and flow analytics:

  • Azure Network Watcher: For packet capture, NSG flow logs, and connection monitoring.
  • NSG Flow Logs: To examine allowed or denied traffic based on Network Security Group rules.
  • Connection Monitor: To test and verify end-to-end connectivity across hybrid links.

These tools provide the operational excellence and security insights required to isolate root causes in complex Azure and on-premises integrated networks.

The Traps (Distractor Analysis)
#

  • Why not Option A? Azure Advisor does not analyze network traffic packets or provide detailed network flow monitoring. It’s not designed for live troubleshooting of connectivity issues in VNets or across ExpressRoute.
  • Why not Options C or D? No valid alternatives provided.

The Architect Blueprint
#

  • Mermaid Diagram illustrating key components for hybrid network diagnostics.
graph TD OnPrem([On-Premises Network]) -->|ExpressRoute Circuit| AzureVNet[Azure Virtual Network] AzureVNet --> VM1[Virtual Machine 1] AzureVNet --> VM2[Virtual Machine 2] VM1 ---|Traffic| NetworkWatcher{Azure Network Watcher} NetworkWatcher --> NSGFlowLogs[NSG Flow Logs] NetworkWatcher --> PacketCapture[Packet Capture] NetworkWatcher --> ConnectionMonitor[Connection Monitor] style OnPrem fill:#0078D4,stroke:#333,color:#fff style AzureVNet fill:#005A9E,stroke:#333,color:#fff style NetworkWatcher fill:#68217A,stroke:#333,color:#fff style NSGFlowLogs fill:#5C2D91,stroke:#333,color:#fff

Diagram Note: This diagram depicts Tailwind Manufacturing’s hybrid environment where Azure Network Watcher components provide visibility into network flows and packet captures to troubleshoot ExpressRoute connectivity issues.

The Decision Matrix
#

Option Est. Complexity Est. Monthly Cost Pros Cons
A Low Free Provides best practice recommendations Does not support network traffic analysis
B Medium Free, with optional storage costs for logs Offers rich network diagnostics for hybrid environments Requires setup/management of Network Watcher and Log Analytics
C/D N/A N/A N/A N/A

Note: Azure Network Watcher is free but NSG Flow Logs incur storage costs. Azure Advisor is free but limited to recommendations without packet-level diagnostics.

Real-World Practitioner Insight
#

Exam Rule
#

For Azure hybrid networking connectivity troubleshooting, always pick Azure Network Watcher and its components (NSG Flow Logs, Packet Capture) over Azure Advisor.

Real World
#

Enterprises leveraging ExpressRoute circuits for mission-critical workloads require precise traffic flow visibility. Advisors provide governance and optimization advice but not granular network flow diagnostics. When an application experiences intermittent network issues, Network Watcher enables packet-level inspection, essential for root cause analysis and meeting SLA-driven RPO/RTO targets.

Related Articles

Weekly Azure AZ-305 Drills: Architect Solutions

Design identity, governance, and monitoring solutions. Master Azure infrastructure and data storage.