Azure Virtual Networks: Key Concepts

Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. It enables many types of Azure resources, such as Azure Virtual Machines (VMs), to securely communicate with each other, the internet, and on-premises networks. VNet is similar to a traditional network that you would operate in your own data center, but with added benefits of the Azure infrastructure such as scalability, availability, and isolation.

Key Components of a Virtual Network

A virtual network is logically isolated from other virtual networks in Azure. It consists of the following key components:

IP Address Space

When you create a VNet, you specify a private IP address space using Classless Inter-Domain Routing (CIDR) notation. This address space is a collection of IP addresses that are used to create subnets within the VNet. It's crucial to plan your IP address space carefully to avoid overlap with on-premises networks and to accommodate future growth.

Important: IP addresses are assigned from the address space you define. Ensure your address space is large enough to accommodate all the resources you plan to deploy.

Subnets

A subnet is a range of IP addresses within your virtual network. You divide your virtual network's address space into subnets. Each subnet can contain Azure resources, such as VMs. You can control the flow of traffic between subnets using Network Security Groups (NSGs) and route tables. Resources within the same subnet can communicate directly without any routing.

Gateways

Azure Virtual Network gateways provide connectivity between your VNet and other networks. There are two main types of gateways:

  • VPN Gateway: Enables you to send encrypted traffic between your VNet and an on-premises location or other VNets across the Azure backbone network.
  • ExpressRoute Gateway: Enables you to connect your VNet to an on-premises network using a private, high-bandwidth connection provided by an ExpressRoute partner.

Network Security Groups (NSGs)

An NSG is a firewall that enables you to filter network traffic to and from Azure resources in an Azure virtual network. NSGs contain security rules that allow or deny inbound network traffic to, or outbound network traffic from, various Azure resource types.

VNet Peering

VNet peering allows you to connect two Azure virtual networks together. Once peered, networks that have VNet peering configured can communicate with each other. The traffic between them is routed through the Microsoft backbone network; it doesn't travel over the public internet. This provides lower latency and higher bandwidth than connecting over the internet.

Benefits of Azure Virtual Networks

Azure Virtual Networks offer numerous advantages for building and managing your cloud infrastructure:

  • Security and Isolation: VNets provide a secure and isolated environment for your Azure resources, protected by security rules and access control mechanisms.
  • Scalability: VNets can scale to accommodate a large number of resources and complex network topologies.
  • Connectivity: Seamlessly connect your VNet to on-premises networks, the internet, and other VNets for hybrid and multi-cloud solutions.
  • Performance: Optimize network performance with features like VNet peering, load balancing, and Azure Load Balancer.
  • Flexibility: Design and implement custom network topologies that meet your specific application and business requirements.

Common Use Cases

  • Deploying virtual machines and containers.
  • Building hybrid cloud solutions.
  • Hosting multi-tier applications.
  • Securing network traffic with firewalls and NSGs.
  • Connecting to on-premises networks via VPN or ExpressRoute.

Next Steps

Explore how to create and configure your first Azure Virtual Network, set up subnets, and secure your network with Network Security Groups.

Create a Virtual Network