MSDN Documentation

Microsoft Developer Network

Virtual Networks, Addresses, and Subnets

Understanding virtual networks, IP addressing, and subnets is fundamental to designing and managing scalable and secure cloud infrastructures, especially within Microsoft Azure. This article provides a comprehensive overview of these core concepts.

What is a Virtual Network (VNet)?

A virtual network (VNet) in Azure is a logical representation of your own network in the cloud. It's a fundamental building block for your private network in Azure. VNets enable you to provision and manage resources in Azure securely. VNets are a limited geographic scope, meaning that a VNet is specific to an Azure region.

Key characteristics of Azure VNets:

  • Isolation: VNets provide network isolation for your Azure resources.
  • Connectivity: You can connect Azure resources to each other, to the internet, and to your on-premises networks.
  • Scalability: VNets are designed to scale with your application needs.
  • Security: Azure provides robust security features for your VNets.

IP Addressing in Azure

IP addressing is crucial for communication within and between networks. In Azure, IP addresses are assigned to network interfaces (NICs) of virtual machines and other resources.

Types of IP Addresses:

  • Private IP Addresses: Used for communication within your VNet and between your VNet and your on-premises network (if connected via VPN or ExpressRoute). Private IP addresses are not routable on the internet.
  • Public IP Addresses: Used for communication with the internet or other Azure resources that are exposed to the internet.

Azure supports both IPv4 and IPv6 addressing schemes.

Understanding Subnets

A subnet is a range of IP addresses within your virtual network. By dividing your VNet into subnets, you can segment your network into smaller, more manageable parts. This segmentation improves security, organization, and traffic control.

Benefits of Using Subnets:

  • Security: You can apply network security groups (NSGs) and route tables to individual subnets to control traffic flow and enforce security policies.
  • Organization: Subnets help organize resources based on their function or sensitivity. For example, you might have a subnet for web servers, another for application servers, and another for databases.
  • IP Address Management: Subnets allow for efficient allocation and management of IP addresses.

Best Practices for Subnetting:

  • Plan your IP address space carefully before creating your VNet and subnets.
  • Use descriptive names for your subnets.
  • Start with a reasonable number of subnets and expand as needed.
  • Allocate IP addresses with future growth in mind.

CIDR Notation

Subnets are typically defined using Classless Inter-Domain Routing (CIDR) notation, such as 10.0.1.0/24. The `/24` indicates that the first 24 bits of the IP address are used for the network portion, leaving 8 bits for host addresses, allowing for 256 IP addresses in that range (though the first and last are reserved by Azure).

Example:


Azure VNet Address Space: 10.0.0.0/16
  - Subnet 1 (WebServers): 10.0.1.0/24
  - Subnet 2 (AppServers): 10.0.2.0/24
  - Subnet 3 (Database):   10.0.3.0/24

Conclusion

A well-designed VNet with appropriate subnets and IP address management is critical for a robust and secure cloud deployment. By understanding these concepts, you can effectively leverage Azure's networking capabilities to meet your organization's needs.

For more in-depth information, please refer to the official Azure documentation on Virtual Networks and IP Addressing.