Azure Documentation

Virtual Networks: Understanding the Basics

Azure Virtual Network (VNet) is the foundational building block for your private network in Azure. It represents your own private network in the cloud, allowing you to have a highly secure and isolated network environment. VNets enable Azure resources to securely communicate with each other, with the internet, and with your on-premises networks.

What is an Azure Virtual Network?

An Azure Virtual Network is a logical representation of your network in the cloud. It's a globally unique, regionally scoped resource. When you create a VNet, you define a private IP address space. This address space is then divided into subnets, which are smaller ranges of IP addresses within the VNet.

Key benefits of using Azure Virtual Networks include:

• Resource Isolation: Your resources are isolated from other Azure customers.
• Secure Communication: Enable secure communication between Azure resources.
• Hybrid Connectivity: Connect your on-premises network to Azure using VPNs or ExpressRoute.
• Network Segmentation: Divide your VNet into subnets for better organization and security.
• Traffic Control: Implement network security groups (NSGs) and Azure Firewall for granular traffic control.

Key Concepts

IP Address Spaces

When you create a VNet, you must define a private IP address space using CIDR (Classless Inter-Domain Routing) notation. Azure supports both IPv4 and IPv6 address spaces. It's crucial to plan your IP addressing carefully to avoid overlaps with your on-premises networks if you intend to establish hybrid connectivity.

Example of a private IP address space:

10.0.0.0/16

Subnets

A subnet is a range of IP addresses within your VNet. You divide your VNet's address space into one or more subnets. Each subnet can contain Azure resources, such as Virtual Machines, App Services, and more. Azure reserves the first four and the last IP address in each subnet for IP resolution and service functions.

You must assign at least one subnet to a VNet. Subnets are essential for organizing resources and applying network policies at a granular level.

Virtual Network Gateway

A Virtual Network Gateway is used to send encrypted traffic between your Azure VNet and your on-premises location over the public Internet. It's also used to send traffic between your on-premises network and your VNet, or between Azure VNets.

Network Security Groups (NSGs)

Network Security Groups are virtual firewalls that allow you to filter network traffic to and from Azure resources in an Azure virtual network. You can associate NSGs with subnets or individual network interfaces (NICs).

Simplified VNet Architecture Diagram

This is a conceptual representation. Actual configurations can be more complex.

Creating Your First Virtual Network

You can create an Azure Virtual Network using the Azure portal, Azure CLI, Azure PowerShell, or ARM templates. The process typically involves:

1. Choosing a region for your VNet.
2. Defining an IP address space.
3. Creating at least one subnet.
4. Optionally configuring DNS settings.

For detailed steps and commands, please refer to the specific documentation for your preferred method:

• Azure CLI Commands
• Azure PowerShell Cmdlets
• Azure Portal Guide

Next Steps

Now that you understand the basics of Azure Virtual Networks, you might want to explore:

• IP Addressing in Azure VNets
• Creating and Managing Subnets
• Securing your Virtual Network