Azure Networking Documentation

Introduction to Azure Networking

Azure Networking provides a comprehensive set of networking capabilities that enable you to build and manage cloud solutions that are secure, scalable, and highly available. This documentation covers the core concepts and services within Azure Networking, empowering you to design robust network architectures for your applications.

Virtual Networks (VNet)

Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. It allows Azure resources, such as virtual machines, to securely communicate with each other, the internet, and on-premises networks. VNets are regional resources and provide isolation between different networks.

Key Features:
Global Isolation: Your VNet is isolated from other VNets in Azure.
Address Space Customization: Define your own private IP address spaces.
Subnetting: Divide your VNet into smaller, manageable subnets.
Security: Control traffic flow with Network Security Groups and firewalls.
Connectivity: Connect to on-premises networks or other VNets.

Subnets

Subnets are a division of an Azure VNet's IP address range. By creating subnets, you can segment your VNet into smaller, more manageable networks. Resources within the same subnet can communicate with each other directly, and resources in different subnets communicate through routing mechanisms.

                Best Practice: When designing your VNet, plan your subnets carefully. Consider future growth and the types of resources you will deploy.
            

IP Addressing

Azure supports both private and public IP addresses. Private IP addresses are used for internal communication within your VNet and for on-premises connectivity. Public IP addresses are used to enable communication with resources on the internet.

Private IP Addresses: Assigned to network interfaces of Azure resources. Can be dynamic or static.
Public IP Addresses: Can be dynamic or static, used for internet-facing services.

Network Security Groups (NSG)

Network Security Groups (NSGs) act as a virtual firewall for your VNet resources. They contain a list of security rules that allow or deny inbound network traffic to, and outbound network traffic from, various Azure resources.

NSGs can be associated with network interfaces (NICs) or subnets. Rules are evaluated based on priority, and the first rule that matches the traffic is applied.


# Example of an NSG rule configuration
{
  "name": "Allow-SSH",
  "properties": {
    "priority": 100,
    "protocol": "Tcp",
    "access": "Allow",
    "direction": "Inbound",
    "sourceAddressPrefix": "*",
    "sourcePortRange": "*",
    "destinationAddressPrefix": "*",
    "destinationPortRange": "22"
  }
}

Azure Firewall

Azure Firewall is a cloud-native, intelligent network firewall security service that protects your Azure Virtual Network resources. It's a fully stateful firewall as a service with built-in high availability and unlimited cloud scalability.

Key Capabilities:
Network-level filtering: Filter traffic based on IP address, port, and protocol.
Application-level filtering: Filter traffic based on FQDN and application ID.
Threat intelligence-based filtering: Block known malicious IP addresses and domains.
Centralized logging and monitoring.

Load Balancing

Azure Load Balancer provides high availability and network scalability to your applications. It distributes incoming traffic across multiple virtual machines, ensuring that no single VM becomes a bottleneck. Azure offers both Layer 4 (TCP/UDP) and Layer 7 (HTTP/HTTPS) load balancing solutions.

Gateways

Azure provides several types of gateways to facilitate connectivity:

Virtual Network Gateway: Enables connectivity between VNets, or between an on-premises network and a VNet (VPN Gateway).
Application Gateway: A web traffic load balancer that enables you to manage traffic to your web applications (Layer 7 load balancing).
Azure VPN Gateway: Securely connects your on-premises networks to your Azure VNets over the public internet.
Azure ExpressRoute: Provides private, high-bandwidth connections between your on-premises environment and Azure.

Azure DNS

Azure DNS provides a highly available and secure DNS hosting service for your domains. You can host your DNS domains in Azure and manage DNS records using the Azure portal, Azure CLI, or Azure PowerShell.

Hybrid Connectivity

Azure offers robust solutions for hybrid connectivity, allowing seamless integration of your on-premises infrastructure with your Azure cloud environment.

Site-to-Site VPN: Securely connect your on-premises network to your Azure VNet.
Point-to-Site VPN: Securely connect individual client devices to your Azure VNet.
ExpressRoute: Dedicated private connection for higher bandwidth and lower latency.