Azure Virtual Networks (VNets) Overview

Published: October 26, 2023

Author: Microsoft Docs

Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. VNet enables many types of Azure resources, such as virtual machines (VMs), to securely communicate with each other, with the internet, and on-premises networks. A VNet is logically isolated from other virtual networks in Azure.

A virtual network is a representation of your own network in the cloud. It is a logical isolation of the Azure cloud that you define.

Key Concepts and Components

Address Space

When you create a VNet, you must specify a private IP address space for it. This address space is a collection of IP addresses in the form of CIDR (Classless Inter-Domain Routing) blocks. Azure reserves the first four IP addresses and the last IP address in each address space for IP resolution. You can define multiple CIDR blocks within a single VNet address space.

Subnets

A subnet is a range of IP addresses within your virtual network. After you create a VNet, you can divide it into smaller subnets. Each subnet can then be used to deploy Azure resources. Assigning resources to subnets helps you to segment your VNet, organize resources, and define security policies.

A virtual network with an address space divided into subnets.

IP Addressing

Azure assigns IP addresses to resources within a subnet. Resources within the same VNet can communicate with each other using their private IP addresses. You can also assign public IP addresses to resources to enable them to communicate with the internet directly.

Security

VNet provides robust security features to protect your resources. You can implement network security groups (NSGs) to filter network traffic to and from Azure resources in an Azure virtual network. NSGs contain security rules that allow or deny inbound network traffic to, and outbound network traffic from, various Azure resources.

Connectivity

Azure VNets facilitate various connectivity scenarios:

Inter-VNet Connectivity: Connect VNets together using VNet peering.
On-Premises Connectivity: Connect your on-premises network to a VNet using VPN Gateway or ExpressRoute.
Internet Connectivity: Allow resources in a VNet to communicate with the internet.

Benefits of Using Azure VNets

Isolation and Segmentation: Create isolated network environments for your applications.
Enhanced Security: Implement granular security controls using NSGs and Azure Firewall.
Scalability: Easily scale your network infrastructure as your needs grow.
Hybrid Cloud Capabilities: Seamlessly integrate your on-premises resources with Azure.
High Availability: Design resilient networks for critical applications.

Consider the IP address planning carefully before creating your VNets and subnets to ensure future scalability and avoid IP conflicts.

Common Use Cases

Hosting multi-tier applications.
Building secure hybrid cloud solutions.
Isolating development, testing, and production environments.
Implementing robust security and compliance requirements.

Azure Virtual Networks are a foundational service for building secure, scalable, and interconnected solutions in the cloud. Understanding their core components and capabilities is essential for effective Azure architecture design.