MSDN Documentation

Microsoft Developer Network

Virtual Networks Overview

Understand the core concepts and benefits of virtual networking in Microsoft Azure.

On this page:

Introduction

Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. It enables many types of Azure resources, such as Virtual Machines (VMs), to securely communicate with each other, with the internet, and with your on-premises networks. VNet provides the benefits of cloud networking to your Azure solutions.

What are Virtual Networks?

An Azure Virtual Network is a logical representation of your network in the cloud. It is a representation of your own network in Azure. You can think of it as your own datacenter network, but hosted in Azure. VNet is the virtual representation of your own network in Azure. VNet allows Azure resources to communicate with each other, the internet, and on-premises networks. It provides the benefits of cloud networking to your Azure solutions.

When you create a VNet, you define a private IP address space. You can then create subnets within that address space. Subnets allow you to segment your VNet into smaller, manageable networks. This segmentation can be used for security, performance, or organizational reasons.

Key Concept: A Virtual Network provides a secure, isolated environment for your cloud resources, allowing for granular control over network traffic and security.

Key Components

Azure Virtual Networks are composed of several key components that work together to define and manage your network:

Address Space

The address space is a private IP address range that you define for your VNet. This range must not overlap with your on-premises network's IP address ranges, especially if you plan to connect your VNet to your on-premises network. Azure assigns private IP addresses to resources within the VNet from this address space.

Example: 10.0.0.0/16

Subnets

Subnets are divisions of the VNet's address space. Each subnet can contain Azure resources. Creating subnets allows you to segment your network and apply different security policies or routing configurations to different segments. Resources within the same subnet can communicate with each other directly.

Example: Subnets within 10.0.0.0/16 could be 10.0.1.0/24 (for web servers) and 10.0.2.0/24 (for database servers).

Route Tables

Route tables contain rules, called routes, that define how network traffic is directed through your VNet. By default, Azure automatically creates a system route table that enables communication between subnets within the VNet and to/from the internet. You can create custom route tables to define specific traffic paths, such as forcing traffic through a network virtual appliance (NVA) or your on-premises network.

Network Interfaces

A network interface (NIC) is what allows an Azure resource, such as a Virtual Machine, to communicate with a network. Each NIC is associated with a VNet and a subnet. You can configure various settings on a NIC, including IP addressing, network security groups, and load balancing.

Network Security Groups (NSGs)

Network Security Groups are virtual firewalls that allow you to filter network traffic to and from Azure resources in an Azure virtual network. NSGs contain security rules that allow or deny inbound network traffic to, and outbound network traffic from, various types of Azure resources.

You can associate NSGs with subnets or individual network interfaces. Rules are processed based on priority, and if a traffic flow matches a rule, that rule's allow or deny action is applied.

Benefits of Azure Virtual Networks

Common Use Cases

Next Steps

Explore the following resources to learn more about Azure Virtual Networks: