Microsoft Azure Documentation

Azure Virtual Network

Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. It represents your own network in the cloud, allowing you to deploy Azure resources in a virtual network that you define. VNet enables many types of Azure resources, such as Azure Virtual Machines, to communicate securely with each other, the internet, and your on-premises networks.

With Azure VNet, you can:

• Isolate cloud services and control network traffic.
• Connect Azure resources to each other.
• Connect Azure resources to the internet.
• Connect Azure resources to your on-premises networks.

Key Concepts

Address Spaces

An address space is a private IP address range that you reserve for your VNet. Azure resources within the VNet are assigned IP addresses from this range. You can define one or more address spaces for your VNet, and these can be public or private IP address ranges.

Subnets

Subnets allow you to segment your VNet's address space into smaller, manageable portions. You can then deploy Azure resources into specific subnets. Each subnet must have a unique address range within the VNet's address space.

Route Tables

Route tables are used to define custom routes to control how traffic flows within your VNet and to/from your VNet. You can create user-defined routes (UDRs) to override Azure's default system routes.

Network Interfaces

A Network Interface (NIC) connects an Azure resource, such as a Virtual Machine, to a Virtual Network. Each NIC is configured with one or more private IP addresses.

Network Security Groups

Network Security Groups (NSGs) act as a distributed firewall for your VNet. You can define security rules to allow or deny inbound and outbound network traffic to resources connected to Azure Virtual Network.

Common Scenarios

• Isolating resources: Create separate VNets for different applications or environments (e.g., production, development).
• Hybrid connectivity: Connect your on-premises network to your Azure VNet using VPN Gateway or ExpressRoute.
• Secure communication: Use NSGs and firewalls to control traffic flow between subnets and to the internet.
• Load balancing: Distribute incoming traffic across multiple virtual machines or services.

Tutorials

Explore our step-by-step tutorials to learn how to:

• Create a Virtual Network
• Connect VNets using VNet peering
• Configure VPN Gateway for hybrid connectivity
• Implement Network Security Groups for traffic control

API Reference

For programmatic management of Azure Virtual Networks, refer to the Azure REST API documentation:

• Virtual Network API
• Subnet API
• Network Security Group API

# Example: Creating a Virtual Network using Azure CLI

az network vnet create \
    --resource-group MyResourceGroup \
    --name MyVNet \
    --address-prefix 10.0.0.0/16 \
    --location westus2

az network vnet subnet create \
    --resource-group MyResourceGroup \
    --vnet-name MyVNet \
    --name MySubnet \
    --address-prefix 10.0.1.0/24