Azure VM Networking Documentation

Azure VM Networking

This document provides an in-depth overview of networking concepts and services for Azure Virtual Machines (VMs). Understanding and configuring VM networking is crucial for ensuring secure, reliable, and performant communication for your applications running in Azure.

Virtual Networks (VNet)

An Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. It allows you to provision and manage a logically isolated network in Azure. VNets enable Azure resources, such as VMs, to securely communicate with each other, with the internet, and with your on-premises networks.

Address Space: Define a private IP address space for your VNet.
Subnets: Segment your VNet into smaller ranges of IP addresses called subnets. Resources are deployed into subnets.
Peerings: Connect VNets together for seamless communication.

Key Benefits:

Isolation and segmentation
Secure connectivity to on-premises networks
Control over traffic flow

Network Interfaces (NIC)

A Network Interface (NIC) connects an Azure VM to a VNet. Each VM must have at least one NIC. You can attach multiple NICs to a VM to enable advanced networking features.

IP Configurations: Assign private and public IP addresses.
MAC Address: Each NIC has a unique MAC address.
Security: Associate Network Security Groups (NSGs) with NICs.

IP Addresses

Azure provides two types of IP addresses for VMs:

Private IP Addresses: Used for communication within your VNet and connected networks. These are assigned from your VNet's address space.
Public IP Addresses: Used for communication with the internet and for inbound connections from the internet.

IP Address Allocation:

Dynamic: The IP address is assigned from the available pool and can change when the VM is stopped and deallocated.
Static: The IP address is assigned from the available pool and remains the same until the resource is deleted.

Network Security Groups (NSG)

Network Security Groups (NSGs) act as a distributed firewall to protect your Azure resources. You can associate NSGs with subnets or individual NICs to filter network traffic.

Inbound Security Rules: Define rules for incoming traffic.
Outbound Security Rules: Define rules for outgoing traffic.
Priority: Rules are processed in order of priority.
Protocol: TCP, UDP, ICMP, Any.
Source/Destination: IP addresses, CIDR blocks, Service Tags, Application Security Groups (ASGs).

Tip: Use Service Tags (e.g., Internet, AzureLoadBalancer) for simpler management of NSG rules.

Load Balancing

Azure Load Balancer distributes incoming network traffic across multiple VMs. This enhances availability and reliability of your applications.

Layer 4 Load Balancing: Operates at the transport layer (TCP/UDP).
High Availability: Ensures your application remains accessible even if one VM fails.
Scalability: Distributes traffic to handle increased demand.

Azure Firewall

Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It's a stateful firewall as a service with built-in high availability and unlimited cloud scalability.

Network and Application level filtering: Control access to and from your resources.
Threat Intelligence-based filtering: Block known malicious IP addresses and domains.
Centralized logging and analytics.

VPN Gateway

Azure VPN Gateway allows you to send encrypted traffic between your on-premises network and your Azure Virtual Network over the public internet. It can also be used to send encrypted traffic between Azure VNets.

Site-to-Site (S2S) VPN: Connect your on-premises network to Azure.
Point-to-Site (P2S) VPN: Connect individual devices to Azure.
VNet-to-VNet VPN: Connect multiple Azure VNets.

ExpressRoute

Azure ExpressRoute provides private connections between Azure datacenters and infrastructure that is on-premises or in a co-location environment. ExpressRoute connections do not go over the public internet.

Higher bandwidth, lower latencies.
Increased reliability and security.
Global connectivity options.

Azure DNS

Azure DNS provides a highly available and secure DNS hosting service to resolve names for your Azure and non-Azure resources. It leverages the Azure global infrastructure.

Host your DNS zones in Azure.
Use your own custom domain names.
High availability and scalability.

Note: Proper network planning and configuration are essential for a secure and efficient Azure VM deployment. Always test your network configurations thoroughly before going into production.