Azure Virtual Network (VNet) Basics

A virtual network (VNet) is the fundamental building block for your private network in Azure. It enables Azure resources, such as virtual machines (VMs), to securely communicate with each other, with the internet, and with your on-premises environment.

What is an Azure Virtual Network?

An Azure VNet is a logical representation of your traditional network in the cloud. It provides features like:

• Isolation and Segmentation: VNets allow you to isolate your resources and segment network traffic for enhanced security.
• Connectivity: VNets enable secure communication between Azure resources, between Azure resources and the internet, and between Azure resources and your on-premises network.
• IP Addressing: You define your own private IP address space within a VNet.
• Subnets: You can divide your VNet into smaller, manageable network segments called subnets.
• Routing: Azure automatically handles routing between subnets within a VNet.

Key Components of a VNet

IP Address Space

When you create a VNet, you specify a private IP address space using Classless Inter-Domain Routing (CIDR) notation. This address space is divided into subnets.

Subnets

Subnets are divisions of your VNet's IP address space. Each subnet must have a unique IP address range within the VNet. Resources deployed in Azure are typically associated with a subnet.

Azure reserves the first four and the last IP address in each subnet for IP resolution, which means the usable IP addresses start from the second address and end before the last address.

# Example subnet configuration
VNet Address Space: 10.0.0.0/16
Subnet 1: 10.0.1.0/24 (Web Servers)
Subnet 2: 10.0.2.0/24 (Database Servers)
            

Network Security Groups (NSGs)

NSGs are virtual firewalls that allow you to filter network traffic to and from Azure resources in an Azure virtual network. You can define inbound and outbound security rules to allow or deny traffic based on source/destination IP address, port, and protocol.

Route Tables

Route tables allow you to define custom routes to forward traffic to specific destinations. This is useful for scenarios like forcing traffic through a network virtual appliance (NVA) for inspection or filtering.

Common VNet Scenarios

Connecting Azure Resources

VNets are essential for creating secure and isolated environments for your Azure resources like Virtual Machines, App Services, and Azure Kubernetes Service (AKS) clusters.

Hybrid Connectivity

You can connect your Azure VNet to your on-premises network using:

• Site-to-Site VPN: Establishes a secure tunnel between your on-premises VPN device and an Azure VPN gateway.
• ExpressRoute: Provides a dedicated, private connection between your on-premises network and Azure, offering higher bandwidth and lower latency.

Internet Connectivity

Resources within a VNet can access the internet by default. You can control outbound internet access using Network Security Groups or Azure Firewall.

Next Steps

Once you have a good understanding of VNet basics, you can explore topics such as:

• Creating and configuring a VNet
• Securing your VNet with NSGs
• Implementing hybrid connectivity
• Using Azure Firewall for advanced security