Network Documentation

This document provides a comprehensive overview of the network infrastructure and services available within the Microsoft ecosystem. We cover core networking concepts, services, best practices, and troubleshooting guides.

Core Network Concepts

Understanding the fundamental principles of networking is crucial for effectively utilizing and managing our cloud resources. This section delves into:

Virtual Networks (VNet)

A Virtual Network is the fundamental building block for your private network in the cloud. It allows you to provision and manage your own IP address space, create subnets, and route traffic between them.

Key Feature: VNets provide an isolated and secure environment for your cloud resources.

You can configure VNets to communicate with other VNets, on-premises networks, and the internet. This is achieved through:

Subnets

Subnets are subdivisions of your VNet's IP address space. Each subnet can contain a range of IP addresses, allowing you to segment your network logically and apply security policies at a granular level.

Best Practice: Assign a specific purpose to each subnet (e.g., web tier, application tier, database tier) to enhance security and manageability.

# Example of subnet configuration in a VNet VNet Name: MyCloudVNet Address Space: 10.0.0.0/16 Subnets: - Name: WebSubnet Address Range: 10.0.1.0/24 - Name: AppSubnet Address Range: 10.0.2.0/24 - Name: DbSubnet Address Range: 10.0.3.0/24

IP Addressing

We support both public and private IP addressing for your resources. Private IP addresses are used for internal communication within your VNet and connected networks, while public IP addresses are used to communicate with the internet.

Private IP Addresses

Resources within a VNet are assigned private IP addresses from the VNet's address space. These are not routable on the internet.

Public IP Addresses

Public IP addresses allow your resources to be accessible from the internet. They can be static or dynamic.

Tip: For critical services, use static public IP addresses to ensure consistent connectivity.

Network Security Groups (NSG)

Network Security Groups act as a virtual firewall for your network interfaces and subnets. You can define inbound and outbound security rules to allow or deny network traffic based on protocol, port, and IP address.

Rule Name Priority Protocol Port Source Destination Action
AllowHTTP 100 TCP 80 Any Any Allow
DenyAllInbound 4096 Any Any Any Any Deny

NSGs are essential for implementing the principle of least privilege in your network security posture.

User Defined Routes (UDR)

User Defined Routes allow you to override the default system routes. This is useful for scenarios such as routing traffic through a network virtual appliance (NVA) for inspection or filtering.

Warning: Incorrectly configured UDRs can disrupt network connectivity. Always test route changes in a non-production environment.

Routes are defined within a Route Table, which is then associated with one or more subnets.

Key Network Services

Explore the various network services designed to enhance connectivity, security, and performance:

Troubleshooting Network Issues

Common network issues can be resolved by systematically checking configurations. Refer to our detailed troubleshooting guides for:

Utilize network diagnostic tools such as Network Watcher for real-time monitoring and analysis.