Azure Networking

Introduction to Azure Networking

Azure networking provides a broad range of capabilities to build and manage your network infrastructure in the cloud. It allows you to create secure, scalable, and highly available networks that connect your Azure resources to each other and to the internet.

Key services include Virtual Networks, Load Balancers, VPN Gateways, Firewalls, and DNS services. These services enable you to design complex network topologies, implement robust security measures, and optimize traffic flow.

Virtual Networks (VNet)

An Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. It allows Azure resources to securely communicate with each other, the internet, and on-premises networks.

  • Isolation: VNets provide network isolation for your resources.
  • IP Addressing: You can define your own private IP address space using RFC 1918 address ranges.
  • Connectivity: Connect VNets to each other (VNet Peering) and to on-premises networks (VPN Gateway or ExpressRoute).

Learn more about configuring VNets.

Subnets

Subnets are a division of an Azure VNet's IP address space into smaller segments. Each subnet can contain Azure resources, and you can control traffic flow between subnets using Network Security Groups.

az network vnet subnet create --resource-group MyResourceGroup --vnet-name MyVNet --name MySubnet --address-prefixes 10.0.1.0/24

Network Security Groups (NSG)

Network Security Groups (NSGs) act as a virtual firewall for your network resources to help filter network traffic. You can associate NSGs with subnets or individual network interfaces (NICs).

NSGs contain security rules that allow or deny inbound and outbound network traffic. Rules are processed based on priority.

Example NSG Rule

Name: AllowSSH

Priority: 300

Protocol: TCP

Source Port Ranges: *

Destination Port Ranges: 22

Source Address Prefix: Internet

Destination Address Prefix: *

Access: Allow

Direction: Inbound

Public IP Addresses

Public IP addresses enable internet communication with your Azure resources. You can assign static or dynamic public IP addresses to VMs, load balancers, and other services.

SKUs: Basic and Standard. Standard SKU offers features like availability zones and guaranteed bandwidth.

Load Balancing

Azure Load Balancer distributes incoming traffic across multiple backend instances of an application. It provides high availability and responsiveness.

Types include:

  • Layer 4 Load Balancer
  • Application Gateway (Layer 7 Load Balancer)
  • Traffic Manager (DNS-based traffic load balancing)

VPN Gateway

Azure VPN Gateway allows you to securely connect your on-premises networks to your Azure VNets over the public internet using IPsec/IKE VPN tunnels.

This is a cost-effective way to establish hybrid cloud connectivity.

Azure Firewall

Azure Firewall is a cloud-native network security service that protects your Azure Virtual Network resources. It's a fully stateful firewall as a service with high availability and cloud scalability.

Features include:

  • Network and Application level filtering
  • Threat intelligence-based filtering
  • Centralized policy management

Azure DNS

Azure DNS provides a reliable and secure DNS hosting service for your domains. It uses the same infrastructure that Microsoft uses to host its own domain names.

Key features:

  • Host DNS records in Azure
  • Private DNS Zones for internal resource resolution
  • Public DNS Zones for domain hosting

Network Monitoring

Monitor your network performance and health using Azure Monitor, Network Watcher, and other diagnostic tools.

Network Watcher provides tools to monitor, diagnose, and view metrics for your Azure network resources.