Azure Developer Fundamentals: Networking

Understanding the core networking concepts in Microsoft Azure.

Introduction to Azure Networking

Networking is a fundamental pillar of cloud computing. Azure provides a comprehensive set of networking services that enable you to connect Azure resources to each other, to the internet, and to your on-premises networks. Understanding these services is crucial for any Azure developer.

Key Concepts

This module covers the essential Azure networking services and how they are used to build secure, scalable, and reliable cloud solutions.

Core Azure Networking Components

Virtual Networks (VNets)

A Virtual Network is the fundamental building block for your private network in Azure. It represents your own network in the cloud. You can use VNets to:

  • Isolate your cloud services.
  • Connect Azure resources to each other.
  • Connect your Azure resources to the internet.
  • Connect your on-premises networks to Azure.

VNets are logically isolated from each other. Each VNet is a subnet within your chosen address space. You define your own private IP address space and create subnets within that address space.

Subnets

Subnets are a division of a Virtual Network's IP address range. When you create a VNet, you can divide its IP address space into subnets. Each subnet can then be used to isolate and contain Azure resources, such as Virtual Machines.

IP Addressing

Azure supports both public and private IP addresses. Resources within a VNet typically use private IP addresses, while resources exposed to the internet might require public IP addresses. Azure also provides features for IP address management, including static and dynamic assignment.

Network Security Groups (NSGs)

NSGs act as a distributed firewall that can be associated with network interfaces or subnets. They contain a list of security rules that allow or deny network traffic based on source and destination IP address, port, and protocol.

Security Best Practice

Always configure NSGs to enforce the principle of least privilege, only allowing necessary traffic.

Connecting to and Within Azure

Virtual Network Peering

VNet peering connects two Azure VNets, allowing resources in each VNet to communicate with each other as if they were on the same private network. Traffic between peered VNets travels over the Azure backbone network and does not traverse the public internet.

VPN Gateway

A VPN gateway provides a secure connection between your Azure VNet and your on-premises network or other Azure VNets. This is often used for hybrid cloud scenarios.

ExpressRoute

Azure ExpressRoute provides a private connection to Azure that bypasses the public internet. It offers higher bandwidth, lower latency, and increased reliability compared to standard internet connections.

Network Services for Public Access

Azure Load Balancer

Azure Load Balancer is a network load balancer that distributes incoming application traffic across multiple virtual machines. It can operate at Layer 4 (TCP/UDP) and provides high availability and scalability for your applications.

Azure Application Gateway

Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. It provides Layer 7 load balancing capabilities, including SSL termination, cookie-based session affinity, and Web Application Firewall (WAF).

Azure Front Door

Azure Front Door is a modern cloud CDN and network load balancing platform that provides fast, reliable, and secure access to your web applications and APIs globally. It offers features like global routing, SSL offloading, and WAF.

Network Monitoring and Diagnostics

Azure Network Watcher

Network Watcher provides tools to monitor, diagnose, and view metrics for your Azure network resources. It offers capabilities like:

  • IP Flow Verify: Checks if traffic is allowed or denied to or from a VM.
  • Network Security Group Flow Logs: Logs information about IP traffic flowing to and from a network interface.
  • Connection Troubleshoot: Tests connectivity between two endpoints.
  • Topology: Visualizes your network topology.

Example: Basic VNet and VM Setup

Let's outline the steps to create a basic VNet and deploy a Virtual Machine within it.

  1. Create a Virtual Network: Define your address space and create subnets.
  2. Deploy a Virtual Machine: When creating a VM, select the previously created VNet and subnet.
  3. Configure Network Security Groups: Associate an NSG with the VM's network interface or subnet to control inbound and outbound traffic.
  4. Assign a Public IP Address (Optional): If you need to access the VM from the internet, assign a public IP address.
[Diagram Placeholder: A simple diagram showing a VNet with two subnets, a VM in one subnet, and an NSG applied.]

Key Takeaways

  • Azure networking is built around Virtual Networks (VNets) for isolation and connectivity.
  • Subnets divide VNets for better organization and control.
  • Network Security Groups (NSGs) are essential for controlling traffic flow.
  • Azure offers various services for connecting networks (VPN Gateway, ExpressRoute) and load balancing traffic (Load Balancer, Application Gateway, Front Door).
  • Network Watcher is your go-to tool for monitoring and diagnosing network issues.