Azure Networking Documentation

Welcome to the comprehensive documentation for Azure Networking. This section covers the core networking services and concepts that enable you to build, deploy, and manage your applications and services in the cloud.

Introduction to Azure Networking

Azure Networking provides a broad range of networking capabilities that empower you to create secure, scalable, and highly available network infrastructures in the cloud. Whether you're connecting your on-premises networks to Azure, creating isolated virtual networks for your workloads, or distributing traffic across multiple instances, Azure networking services offer the tools you need.

Key Concepts: Azure Virtual Network (VNet), Subnets, IP Addressing, Routing, Network Security.

Azure Virtual Networks (VNets)

An Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. It represents your own private network in the cloud, providing a set of capabilities that enable you to securely and reliably connect Azure resources to each other, to the internet, and to your on-premises networks.

Isolation: VNets provide network isolation for your cloud resources.
Segmentation: Subnets allow you to segment your VNet into smaller address spaces for better management and security.
Connectivity: Enables communication between Azure resources and can be extended to on-premises networks.

Creating a Virtual Network

You can create a VNet using the Azure portal, Azure CLI, Azure PowerShell, or ARM templates. A typical VNet requires defining an address space and at least one subnet.

                    
az network vnet create \
  --resource-group MyResourceGroup \
  --name MyVNet \
  --address-prefix 10.0.0.0/16 \
  --subnet-name MySubnet \
  --subnet-prefix 10.0.0.0/24
                    
                

Network Interfaces (NICs)

A network interface (NIC) allows an Azure resource, such as a Virtual Machine, to communicate with a network. Each NIC is associated with a virtual network subnet and can have one or more private IP addresses. You can also associate public IP addresses and network security groups with a NIC.

Tip: A VM typically requires at least one NIC. You can add multiple NICs to a VM for advanced networking scenarios.

Load Balancing

Azure offers several load balancing solutions to distribute incoming traffic across multiple backend resources, improving application availability and performance.

Azure Load Balancer: Operates at Layer 4 (TCP/UDP) and provides high-performance, low-latency load balancing for TCP and UDP traffic.
Azure Application Gateway: A web traffic load balancer that enables you to manage traffic to your web applications. It offers Layer 7 (HTTP/HTTPS) load balancing, SSL termination, and cookie-based session affinity.
Azure Front Door: A global, scalable entry point that uses the Microsoft global edge network to create fast, secure, and widely scalable web applications.

Azure Firewall

Azure Firewall is a cloud-native and intelligent network security service that protects your virtual network resources. It's a managed, cloud-based network security service that protects your virtual network resources. It is a highly available and scalable cloud-native firewall.

Centralized policy management
Network traffic filtering
Threat intelligence-based filtering

Azure VPN Gateway

Azure VPN Gateway enables you to create encrypted connections between your on-premises networks and your Azure VNet, or between different Azure VNets. This allows you to extend your existing infrastructure securely into Azure.

Important: VPN Gateway is essential for hybrid cloud scenarios and secure site-to-site connectivity.

Azure ExpressRoute

Azure ExpressRoute provides a dedicated, private connection from your on-premises infrastructure to Azure. It offers higher bandwidth, lower latency, and increased reliability compared to standard internet connections.

Azure DNS

Azure DNS provides a reliable and secure DNS hosting service to manage your domain names. By hosting your DNS domains in Azure, you can manage your DNS records using the same credentials, APIs, and billing tools that you use for your other Azure services.

Network Security Groups (NSGs)

A Network Security Group (NSG) contains a list of security rules that allow or deny network traffic to resources connected to an Azure Virtual Network. NSGs can be associated with network interfaces (NICs) or subnets.

Public IP Addresses

Public IP addresses enable communication with resources in Azure from the internet and allow internet access to your resources. Azure supports both dynamic and static public IP addresses.