Azure Networking Documentation

Introduction to Azure Networking

Azure networking services provide a robust, scalable, and secure foundation for your cloud applications. They allow you to create private networks in the cloud, connect them to on-premises datacenters, and expose your applications to the internet in a controlled manner.

Key concepts include:

Virtual Networks (VNet): Your private network in Azure.
Subnets: Segments of your VNet.
IP Addressing: Public and private IP address management.
Network Security Groups (NSG): Firewall rules for controlling traffic.
Load Balancing: Distributing traffic across multiple resources.
Gateways: Connecting your VNet to other networks.
DNS: Name resolution services.

Virtual Networks (VNet)

An Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. It represents your own private network in the cloud.

Key features:

Isolates your resources from other Azure customers.
Allows resources to communicate with each other, with the internet, and with on-premises networks.
Provides control over IP address space, DNS settings, security policies, and routing.

Creating a VNet

You can create a VNet using the Azure portal, Azure CLI, or Azure PowerShell. It requires specifying an address space (e.g., 10.0.0.0/16).

az network vnet create \
    --resource-group MyResourceGroup \
    --name MyVNet \
    --address-prefix 10.0.0.0/16

Subnets

A subnet is a range of IP addresses within your VNet. You can divide your VNet's address space into subnets. Each subnet can contain Azure resources.

Subnetting helps in:

Organizing resources.
Implementing security boundaries using Network Security Groups (NSGs).
Controlling routing between subnets.

Creating a Subnet

Subnets are created within an existing VNet.

az network vnet subnet create \
    --resource-group MyResourceGroup \
    --vnet-name MyVNet \
    --name MySubnet \
    --address-prefix 10.0.1.0/24

IP Addressing

Azure provides both public and private IP addresses for your resources.

Private IP Addresses: Used for communication within your VNet and with on-premises networks. Assigned from your VNet's address space.
Public IP Addresses: Used to communicate with resources over the internet. Can be static or dynamic.

Each network interface (NIC) attached to an Azure resource can have one or more IP configurations, including private and public IP addresses.

Network Security Groups (NSG)

Network Security Groups (NSGs) act as a distributed firewall in Azure. You can associate NSGs with subnets and/or individual network interfaces (NICs).

NSGs contain:

Inbound security rules: Control traffic coming into the resource.
Outbound security rules: Control traffic leaving the resource.

Rules are processed based on priority, with lower numbers evaluated first.

Example: Allowing SSH traffic

az network nsg rule create \
    --resource-group MyResourceGroup \
    --nsg-name MyNSG \
    --name AllowSSH \
    --priority 100 \
    --destination-port-range 22 \
    --protocol Tcp \
    --access Allow \
    --direction Inbound

Load Balancing

Azure Load Balancer distributes incoming traffic across multiple backend resources (e.g., virtual machines). This improves application availability and responsiveness.

Types of load balancing:

Azure Load Balancer: Layer 4 (TCP/UDP) load balancer.
Azure Application Gateway: Layer 7 (HTTP/HTTPS) load balancer, offering advanced routing capabilities.
Azure Front Door: Global load balancing service for web applications.

Gateways

Azure provides several gateway services to connect your Azure VNet to other networks:

VPN Gateway: Enables secure, cross-premises connectivity between your on-premises network and Azure.
ExpressRoute Gateway: Enables faster, more reliable private connections to Azure from your on-premises network.
Virtual Network Gateway: A general term for these gateway services.

DNS

Azure DNS provides a reliable and secure DNS hosting service for your domains. It allows you to manage your DNS records in Azure.