Network Documentation
This document provides a comprehensive overview of the network infrastructure and services available within the Microsoft ecosystem. We cover core networking concepts, services, best practices, and troubleshooting guides.
Core Network Concepts
Understanding the fundamental principles of networking is crucial for effectively utilizing and managing our cloud resources. This section delves into:
- Virtual Networks (VNet)
- Subnets
- IP Addressing (Public & Private)
- Network Security Groups (NSG)
- User Defined Routes (UDR)
Virtual Networks (VNet)
A Virtual Network is the fundamental building block for your private network in the cloud. It allows you to provision and manage your own IP address space, create subnets, and route traffic between them.
You can configure VNets to communicate with other VNets, on-premises networks, and the internet. This is achieved through:
- VNet Peering
- VPN Gateways
- ExpressRoute
Subnets
Subnets are subdivisions of your VNet's IP address space. Each subnet can contain a range of IP addresses, allowing you to segment your network logically and apply security policies at a granular level.
Best Practice: Assign a specific purpose to each subnet (e.g., web tier, application tier, database tier) to enhance security and manageability.
# Example of subnet configuration in a VNet
VNet Name: MyCloudVNet
Address Space: 10.0.0.0/16
Subnets:
- Name: WebSubnet
Address Range: 10.0.1.0/24
- Name: AppSubnet
Address Range: 10.0.2.0/24
- Name: DbSubnet
Address Range: 10.0.3.0/24
IP Addressing
We support both public and private IP addressing for your resources. Private IP addresses are used for internal communication within your VNet and connected networks, while public IP addresses are used to communicate with the internet.
Private IP Addresses
Resources within a VNet are assigned private IP addresses from the VNet's address space. These are not routable on the internet.
Public IP Addresses
Public IP addresses allow your resources to be accessible from the internet. They can be static or dynamic.
Network Security Groups (NSG)
Network Security Groups act as a virtual firewall for your network interfaces and subnets. You can define inbound and outbound security rules to allow or deny network traffic based on protocol, port, and IP address.
Rule Name | Priority | Protocol | Port | Source | Destination | Action |
---|---|---|---|---|---|---|
AllowHTTP | 100 | TCP | 80 | Any | Any | Allow |
DenyAllInbound | 4096 | Any | Any | Any | Any | Deny |
NSGs are essential for implementing the principle of least privilege in your network security posture.
User Defined Routes (UDR)
User Defined Routes allow you to override the default system routes. This is useful for scenarios such as routing traffic through a network virtual appliance (NVA) for inspection or filtering.
Routes are defined within a Route Table, which is then associated with one or more subnets.
Key Network Services
Explore the various network services designed to enhance connectivity, security, and performance:
- Load Balancer: Distribute incoming traffic across multiple instances of your applications.
- Application Gateway: A web traffic load balancer that enables you to manage traffic to your web applications.
- Azure Firewall: A managed, cloud-native network security service that protects your VNet resources.
- VPN Gateway: Establish secure, encrypted connections between your on-premises networks and the cloud.
- ExpressRoute: Create private connections to Microsoft cloud services from your on-premises network.
Troubleshooting Network Issues
Common network issues can be resolved by systematically checking configurations. Refer to our detailed troubleshooting guides for:
- Connectivity problems between VMs
- Internet access issues
- NSG rule conflicts
- DNS resolution errors
Utilize network diagnostic tools such as