Azure Networking Concepts Overview
Welcome to the foundational concepts of Azure Networking. This section provides a comprehensive overview of the building blocks and core principles that enable you to design, deploy, and manage secure, scalable, and high-performance networks in Microsoft Azure.
Key Networking Components
Virtual Networks (VNets)
An Azure Virtual Network is the fundamental building block for your private network in Azure. It enables many types of Azure resources, such as Virtual Machines (VMs), to securely communicate with each other, with the internet, and with your on-premises networks. VNets provide:
- Isolation: Your resources are isolated within your VNet.
- Segmentation: Subnets allow you to segment your network for better security and organization.
- Connectivity: Enables communication between resources and external networks.
Learn more about Virtual Networks.
Subnets
A subnet is a range of IP addresses within a VNet. You can divide a VNet into smaller subnets. Dividing your network into subnets has several benefits:
- It allows you to segment your VNet, which can improve security and performance.
- It enables you to place resources in different subnets, controlling traffic flow between them using Network Security Groups (NSGs) or Azure Firewall.
See Subnetting in Azure for details.
IP Addressing
Azure networking supports both private and public IP addresses. Understanding how these are assigned and managed is crucial for connectivity.
- Private IP Addresses: Used for communication within your Azure Virtual Network and between your VNet and on-premises networks.
- Public IP Addresses: Used for resources that need to be accessible from the internet or for outbound connectivity.
Explore IP Addressing in Azure.
Network Security Groups (NSGs)
Network Security Groups (NSGs) act as a virtual firewall for your network resources. They allow you to filter network traffic to and from Azure resources in an Azure virtual network, to and from the internet, and between Azure resources.
- Stateful Filtering: NSGs are stateful, meaning that if you allow inbound traffic on a particular port, that traffic is automatically allowed outbound on the same port.
- Rule-Based: You define security rules based on source/destination IP address, port, and protocol.
Dive deeper into Network Security Groups.
Azure Firewall
Azure Firewall is a managed, cloud-native network security service that protects your Azure Virtual Network resources. It's a stateful firewall as a service that provides intelligent threat protection for your environment.
- Centralized Policy Management: Enforce network policies across subscriptions and virtual networks.
- Threat Intelligence: Protect against known exploits.
- Advanced Filtering: Supports FQDN filtering, network rules, and application rules.
Understand Azure Firewall.
Connectivity Options
Virtual Network Peering
Virtual network peering connects two Azure virtual networks. This connection allows resources in each virtual network to communicate with each other as if they were within the same network. Traffic between peered virtual networks is routed through the Microsoft backbone network; it does not traverse the public internet.
- Low Latency: Optimal performance for inter-VNet communication.
- High Bandwidth: Scalable connectivity.
Discover Virtual Network Peering.
Azure VPN Gateway
Azure VPN Gateway allows you to send encrypted traffic between your on-premises networks and your Azure virtual networks across the public internet. It also enables secure cross-premises connectivity.
- Site-to-Site VPN: Connect your on-premises network to an Azure VNet.
- Point-to-Site VPN: Connect individual clients to an Azure VNet.
- Network-to-Network: Connect two Azure VNets.
Learn about VPN Gateway.
Azure ExpressRoute
Azure ExpressRoute provides private, dedicated connections between your on-premises infrastructure and Microsoft Azure. Using ExpressRoute offers higher security, reliability, and speeds, and lower latencies than typical internet connections.
- Dedicated Connectivity: Bypass the public internet for greater reliability.
- Global Reach: Connect from hundreds of locations worldwide.
Explore ExpressRoute.
Common Services and Features
Azure Load Balancer
Azure Load Balancer is a Layer 4 (TCP, UDP) load balancer that enables you to distribute network traffic to your applications. It can handle millions of requests per second while keeping your applications highly available and resilient.
- High Availability: Distributes traffic to healthy instances.
- Scalability: Scales with your application demands.
Understand Azure Load Balancer.
Azure Application Gateway
Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. It provides Layer 7 (HTTP/HTTPS) load balancing capabilities, allowing you to route based on request attributes like URL path or host headers.
- SSL Termination: Offload SSL encryption/decryption.
- Web Application Firewall (WAF): Protect against common web vulnerabilities.
- URL-Based Routing: Direct traffic to different backend pools.
Discover Application Gateway.
Azure DNS
Azure DNS provides a highly available and secure DNS service to resolve names for your Azure and non-Azure resources. It enables you to host your DNS domains in Azure and manage DNS records.
- Managed DNS: Reliable and scalable DNS resolution.
- Custom Domains: Use your own domain names.
Learn more about Azure DNS.
Next Steps
This overview covers the fundamental concepts. To build robust and secure cloud networks, consider exploring these related areas: