Your source for documentation and technical content
Azure Virtual Network (VNet) is the foundational building block for your private network in Azure. It enables many types of Azure resources, such as Azure Virtual Machines (VMs), to securely communicate with each other, with the internet, and with your on-premises networks.
An Azure Virtual Network is a representation of your own network in the cloud. It is a logical isolation of the Azure cloud that is dedicated to your subscription. It allows you to create a private space within Azure where you can deploy and manage your resources securely.
A VNet is divided into subnets. Subnets allow you to segment your VNet into smaller, manageable address spaces. Resources within the same subnet can communicate with each other directly. You can assign a specific IP address range from your VNet's address space to each subnet.
Each subnet must have an IP address range that is a subset of the VNet's address space. For example, if your VNet has the address space 10.0.0.0/16, you could create a subnet with the address space 10.0.1.0/24.
VNet uses private IP address spaces defined by RFC 1918. These include:
Azure assigns an IP address to each resource within a subnet. You can choose between private IP addresses (only accessible within the VNet and connected networks) and public IP addresses (accessible from the internet).
Network Security Groups are virtual firewalls that you can associate with subnets or individual network interfaces. They contain a list of security rules that allow or deny network traffic to resources connected to Azure. You can control inbound and outbound traffic based on source/destination IP addresses, ports, and protocols.
Route tables enable you to define custom routes to control the traffic flow between subnets, the internet, and your on-premises networks. By default, Azure automatically creates routes for subnets. However, you can create user-defined routes (UDRs) to override default routing behavior.
VNet gateways are essential for extending your on-premises networks to Azure:
VNet peering connects two Azure VNets privately and directly. This allows resources in either VNet to communicate with each other as if they were within the same network. VNet peering is non-transitive, meaning that if VNet A is peered with VNet B, and VNet B is peered with VNet C, VNet A cannot communicate with VNet C through VNet B.
This establishes a secure, encrypted tunnel over the public internet between your on-premises network and an Azure VNet. It's ideal for hybrid cloud scenarios where you need to extend your datacenter to Azure.
Azure ExpressRoute allows you to create private connections between your on-premises infrastructure and Microsoft Azure. It bypasses the public internet and offers higher reliability, faster speeds, and lower latencies compared to standard internet connections.
Understanding these core concepts is crucial for effectively deploying and managing your applications and services on Microsoft Azure.