husamhilal review #1 of Networking Guide (#259)

* Husam's review for new Network Guidance

@fguerri @sblair01 @prasad3017 

-bullet #4 at explaining Figure 1 - My question is:
Leveraging DNAT and SNAT rules at NSX-T cannot we control if Public IP can be used only for Outbound but not for Inbound?

* Husam's review for avs-networking-basics.md

Looks great! mainly formatting changes!

* Husam review for onprem-connectivity.md

Looks great! Thanks @fguerri!

I just made few formatting changes.

@fguerri might be helpful to add a note describing the difference between ExpressRoute “Private” peering and ExpressRoute “Microsoft” peering to give reader a quick glance on the main difference.

* Husam review vnet-connectivity.md

In the diagram, it says "Read section: Connectivity with Azure VNet when ER Transit not used"... would probably make sense to actually point to that explicitly in the documentation page. Also, there is no specific paragraph talking about UDR (following the diagram) in that section.
@fguerri @prasad3017  @sblair01

* Husam review internet-inbound-connectivity.md

added note about Application Gateway and Azure firewalls.
+ minor formatting changes

@fguerri

* Husam review internet-outbound-connectivity.md

minor formatting changes

* Updated a Note in avs-networking-basics.md

added a new line "<br>"

* Update avs-networking-basics.md

* Update readme.md

Network Design Guide/avs-networking-basics.md

@@ -1,41 +1,42 @@
 # Azure VMware Solution Networking basics
 This section summarizes some fundamental concepts about Azure VMware Solution networking. They are a pre-requisite for understanding the design options covered in the following sections and for designing complex Azure VMware Solution topologies.
 
-## What   is the role played by ExpressRoute?
-Azure VMware Solution runs on bare-metal VMWare ESXi nodes deployed in Azure datacenters and attached to a physical network. Just like Expressroute circuits allow Azure customers to establish layer-3 connectivity between their physical datacenter networks and Azure VNets, a dedicated Expressroute implementation provides layer-3 connectivity between physical ESXi nodes and Azure VNets. 
-When an Azure VMware Solution Private Cloud is provisioned, an associated Expressroute circuit is also instantiated in a Microsoft-managed subscription. The private cloud’s owner can connect the circuit to one or more Expressroute virtual network gateways in  Azure VNets, by redeeming authorization keys for the circuit (the same procedure used to create connections between Expressroute gateways and customer-managed circuits). Please refer to the [Azure VMware Solution official documentation](https://learn.microsoft.com/azure/azure-vmware/deploy-azure-vmware-solution?tabs=azure-portal#connect-to-azure-virtual-network-with-expressroute ) for detailed instructions.
+## What is the role played by ExpressRoute?
+Azure VMware Solution runs on bare-metal VMware ESXi nodes deployed in Azure datacenters and attached to a physical network. Just like how ExpressRoute circuits allow Azure customers to establish layer-3 connectivity between their physical datacenter networks and Azure VNets, a dedicated ExpressRoute implementation provides layer-3 connectivity between physical ESXi nodes and Azure VNets. 
+When an Azure VMware Solution Private Cloud is provisioned, an associated ExpressRoute circuit is also instantiated in a Microsoft-managed subscription. The private cloud’s owner can then connect the circuit to one or more ExpressRoute Virtual Network Gateways in Azure VNets, by redeeming authorization keys for the circuit (the same procedure used to create connections between ExpressRoute Gateways and customer-managed circuits). Please refer to the [Azure VMware Solution official documentation](https://learn.microsoft.com/azure/azure-vmware/deploy-azure-vmware-solution?tabs=azure-portal#connect-to-azure-virtual-network-with-expressroute ) for detailed instructions.
 
 ![figure2](media/figure2.png) 
-Figure 2. Azure VMware Solution leverages a dedicated Expressroute implementation to provide layer-3 connectivity between Azure VNets and the physical network to which the VMWare ESXi clusters are attached. The VMware ESXi clusters are hosted in the same Microsoft datacenter facilities that host the Azure platform.
+Figure 2. Azure VMware Solution leverages a dedicated ExpressRoute implementation to provide layer-3 connectivity between Azure VNets and the physical network to which the VMWare ESXi clusters are attached. The VMware ESXi clusters are hosted in the same Microsoft datacenter facilities that host the Azure platform.
 
-## What is the role played by Expressroute Global Reach?
-An Azure Expressroute Gateway cannot be used to route traffic between on-prem locations connected to it over different circuits. This limitation applies to the Azure VMware Solution dedicated Expressroute implementation too, as shown in the figure below.
+## What is the role played by ExpressRoute Global Reach?
+An Azure ExpressRoute Gateway cannot be used to route traffic between on-premises locations connected to it over different circuits. This limitation applies to the Azure VMware Solution dedicated ExpressRoute implementation too, as shown in the figure below.
 
 ![figure3](media/figure3.png) 
 Figure 3. ExpressRoute does not support routing traffic between different circuits connected to the same gateway.
 
-Global Reach is an Expressroute feature that allows connecting two circuits, so that the networks connected to each circuit can route traffic to each other over the Microsoft backbone. Global Reach is available in the Azure VMware Solution dedicated Expressroute implementation. As such, Azure VMware Solution managed Expressroute circuits can be connected to customer-managed circuits, providing layer-3 connectivity between on-prem networks and Azure VMware Solution private clouds.
+Global Reach is an ExpressRoute feature that allows connecting two circuits, so that the networks connected to each circuit can route traffic to each other over the Microsoft backbone. Global Reach is available in the Azure VMware Solution dedicated ExpressRoute implementation. As such, Azure VMware Solution managed ExpressRoute circuits can be connected to customer-managed circuits, providing layer-3 connectivity between on-premises networks and Azure VMware Solution private clouds.
 
 ![figure4](media/figure4.png) 
-Figure 4. ExpressRoute Global Reach provides direct, layer-3 connectivity over ExpressRoute for on-prem sites.
+Figure 4. ExpressRoute Global Reach provides direct, layer-3 connectivity over ExpressRoute for on-premises sites.
 
 ## Azure VMware Solution network topology
 An Azure VMware Solution private cloud infrastructure includes several network segments. 
 - Management networks support  basic vSphere cluster functions (vCenter Server and NSX-T management VMs, vMotion, replication, vSAN, …). The management networks’ address space is allocated from the /22 address block assigned to each Azure VMware Solution private cloud at provisioning time. See the [Azure VMware Solution official documentation](https://learn.microsoft.com/azure/azure-vmware/tutorial-network-checklist#routing-and-subnet-considerations) for details on how IP address ranges from the /22 block are assigned to management networks. 
 - Workload segments are customer-defined NSX-T segments to which Azure VMware Solution virtual machines attach. The address range for a workload segment is customer-defined. It cannot overlap with the Azure VMware Solution private cloud’s /22 management block, nor with any other address range used in Azure VNets or remote networks connected to the private cloud that must be reachable from the segment. 
 
 ## Dynamic routing in Azure VMware Solution
-Azure VMware Solution private clouds connect to Azure VNets and remote sites over the managed Expressroute circuit. BGP is used for dynamic route exchange, as shown in the figure below.
+Azure VMware Solution private clouds connect to Azure VNets and remote sites over the managed ExpressRoute circuit. BGP is used for dynamic route exchange, as shown in the figure below.
 
 ![figure5](media/figure5.png) 
 Figure 5. Dynamic routing in Azure VMware Solution.
 
 In the standard topology shown in Figure 5:
-- Routes for all network segments in the Azure VMware Solution private cloud (both management and workload segments) are announced to all Expressroute Gateways connected to the private cloud’s managed circuit. In the opposite direction, Expressroute Gateways announce routes for all the prefixes that comprise the address space of their own VNet and the address space of all directly peered VNets, if peering is configured to [allow gateway transit](https://learn.microsoft.com/azure/virtual-network/virtual-network-peering-overview#gateways-and-on-premises-connectivity) (red arrow in Figure 5). 
-- Routes for all network segments in the Azure VMware Solution private cloud (both management and workload segments) are announced to all Expressroute circuits connected to the private cloud’s managed circuit via Global Reach. In the opposite direction, all routes announced from the on-prem site over the customer-managed Expressroute circuit are propagated to the Azure VMware Solution private cloud (yellow arrow in Figure 5).
-- All routes announced from the on-prem site over the customer-managed Expressroute circuit are learned by all Expressroute Gateways connected to the circuit and injected the route table of the gateway’s VNet (as well as the route table of all directly peered VNets, if peering is configured to [allow gateway transit](https://learn.microsoft.com/azure/virtual-network/virtual-network-peering-overview#gateways-and-on-premises-connectivity)). In the opposite direction, Expressroute Gateways announce routes for all the prefixes that comprise the address space of their own VNet (as well as the address space of all directly peered VNets, if peering is configured to [allow gateway transit](https://learn.microsoft.com/azure/virtual-network/virtual-network-peering-overview#gateways-and-on-premises-connectivity)) (green arrow in Figure 5. This is standard Expressroute behavior, not related to Azure VMware Solution). 
+- Routes for all network segments in the Azure VMware Solution private cloud (both management and workload segments) are announced to all ExpressRoute Gateways connected to the private cloud’s managed circuit. In the opposite direction, ExpressRoute Gateways announce routes for all the prefixes that comprise the address space of their own VNet and the address space of all directly peered VNets, if peering is configured to [allow gateway transit](https://learn.microsoft.com/azure/virtual-network/virtual-network-peering-overview#gateways-and-on-premises-connectivity) (red arrow in Figure 5). 
+- Routes for all network segments in the Azure VMware Solution private cloud (both management and workload segments) are announced to all ExpressRoute circuits connected to the private cloud’s managed circuit via Global Reach. In the opposite direction, all routes announced from the on-premises site over the customer-managed ExpressRoute circuit are propagated to the Azure VMware Solution private cloud (yellow arrow in Figure 5).
+- All routes announced from the on-premises site over the customer-managed ExpressRoute circuit are learned by all ExpressRoute Gateways connected to the circuit and injected the route table of the Gateway’s VNet (as well as the route table of all directly peered VNets, if peering is configured to [allow gateway transit](https://learn.microsoft.com/azure/virtual-network/virtual-network-peering-overview#gateways-and-on-premises-connectivity)). In the opposite direction, ExpressRoute Gateways announce routes for all the prefixes that comprise the address space of their own VNet (as well as the address space of all directly peered VNets, if peering is configured to [allow gateway transit](https://learn.microsoft.com/azure/virtual-network/virtual-network-peering-overview#gateways-and-on-premises-connectivity)) (green arrow in Figure 5. This is standard ExpressRoute behavior, not related to Azure VMware Solution). 
 
-It should be noted that Expressroute gateways do not propagate routes across circuit connections. In Figure 5, the Expressroute Gateway does not propagate routes learned in the “red” BGP session to the “green” BGP peer, and vice versa. This is the reason why Global Reach is required to enable connectivity between the Azure VMware Solution private cloud and the on-prem site.
+> **Note** <br>
+> It should be noted that ExpressRoute Gateways do not propagate routes across circuit connections. In Figure 5, the ExpressRoute Gateway does not propagate routes learned in the “red” BGP session to the “green” BGP peer, and vice versa. This is the reason why Global Reach is required to enable connectivity between the Azure VMware Solution private cloud and the on-premises site.
 
 ## Next Steps
 - Go back to the Azure VMware Solution Network Design Guide [introduction](readme.md).