Azure Documentation > Tutorials > Azure Networking Fundamentals

Azure Networking Fundamentals

Understanding the Building Blocks of Azure Networking

This tutorial provides a comprehensive overview of the fundamental networking concepts within Microsoft Azure. Mastering these concepts is crucial for designing, deploying, and managing secure, scalable, and reliable cloud solutions.

Core Concepts

Azure networking provides a robust set of services that enable you to connect resources within Azure and to on-premises environments. These services are designed to be secure, highly available, and scalable.

  • Connectivity: Enabling communication between your Azure resources and between Azure and your on-premises data centers.
  • Security: Protecting your network and resources from unauthorized access.
  • Performance: Ensuring efficient data transfer and low latency.
  • Scalability: Allowing your network to grow with your application demands.

Virtual Networks (VNet)

An Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. It allows Azure resources, such as Virtual Machines (VMs), to communicate securely with each other, with the internet, and with your on-premises networks.

Diagram of an Azure Virtual Network
A simplified representation of an Azure Virtual Network.

Key features of VNets include:

  • Isolation and segmentation of resources.
  • Communication with other VNets and the internet.
  • Connection to your on-premises networks.

Subnets

A VNet is divided into subnets, which are smaller ranges of IP addresses within the VNet. You can then assign Azure resources to these subnets. This segmentation helps in organizing resources and implementing security policies.


# Example of subnetting a VNet (conceptual)
VNet CIDR: 10.0.0.0/16

Subnet 1 (Web Servers): 10.0.1.0/24
Subnet 2 (App Servers): 10.0.2.0/24
Subnet 3 (Database Servers): 10.0.3.0/24

IP Addressing

Azure supports both public and private IP addresses. Private IP addresses are used for communication within your VNet and between VNets. Public IP addresses are used for communication over the internet.

  • Private IP Addresses: Assigned dynamically or statically from the address space of your VNet.
  • Public IP Addresses: Can be allocated to resources to enable direct internet access.

Network Security Groups (NSG)

Network Security Groups (NSGs) act as a distributed firewall, allowing you to define security rules that permit or deny network traffic to resources connected to an Azure Virtual Network.

NSG rules consist of:

  • Priority
  • Source and destination
  • Protocol
  • Action (Allow or Deny)
Best Practice: Apply NSGs at the subnet level for broader security or at the individual network interface (NIC) level for more granular control.

Load Balancing

Azure Load Balancer is a network load balancer that distributes incoming traffic among multiple backend resources, such as VMs. This improves application availability and responsiveness.

It operates at Layer 4 (TCP/UDP) and supports both public and internal load balancing scenarios.

VPN Gateway

Azure VPN Gateway allows you to securely connect your on-premises networks to your Azure VNets over the public internet using encrypted VPN tunnels. This is a cost-effective way to establish a hybrid cloud connectivity.

Types of VPN connections:

  • Site-to-Site (S2S): Connects your on-premises network to an Azure VNet.
  • Point-to-Site (P2S): Connects individual client devices to an Azure VNet.

Azure Firewall

Azure Firewall is a managed, cloud-native network security service that protects your Azure Virtual Network resources. It provides threat intelligence-based filtering, network traffic filtering, and centralized logging.

Key benefits:

  • High availability and unrestricted subscription scalability.
  • Stateful firewall as a service.
  • Threat intelligence-based filtering.

Azure DNS

Azure DNS provides a highly available and scalable DNS resolution service for your Azure resources. It allows you to host your DNS domains in Azure and manage DNS records using the Azure portal, Azure CLI, or PowerShell.

Features include:

  • Zone Redundancy
  • Alias Records
  • Traffic Manager integration

Conclusion

Understanding these fundamental Azure networking components is the first step towards building robust and secure cloud applications. As you progress, explore advanced services like Azure Virtual WAN, Azure Private Link, and Azure DDoS Protection to further enhance your network architecture.

Continue to the next tutorial to learn about deploying a Virtual Machine and configuring its network settings.