Azure Virtual Networks (VNet)

Understanding Azure Virtual Networks

Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. It enables you to provision and manage a network in Azure. VNets are logically isolated from other VNets in Azure, allowing you to have your own private space in the cloud.

With VNet, you can:

• Isolate your Azure resources from each other and from the internet.
• Control network traffic flow using security groups and routing.
• Connect your Azure resources to each other, to on-premises networks, and to the internet.
• Implement advanced networking features like load balancing, VPN gateways, and firewalls.

Key Concepts of Azure VNet

1. Subnets

A subnet is a range of IP addresses in the VNet. After you create a VNet, you can divide it into smaller subnets. Each subnet within a VNet can contain Azure resources. When you create a subnet, you specify a range of IP addresses that must be a subset of the VNet's IP address range.

{
  "name": "mySubnet",
  "properties": {
    "addressPrefix": "10.0.1.0/24"
  }
}

2. IP Addressing

VNets use private IP address spaces. You can define your own IP address ranges using CIDR notation. Azure assigns private IP addresses to resources within your VNet.

• Address Space: The range of IP addresses for your VNet (e.g., 10.0.0.0/16).
• Subnet Address Ranges: Subsets of the VNet's address space (e.g., 10.0.1.0/24).
• Service Endpoints: Enable direct connectivity to Azure services over the Azure backbone network.

3. Network Security Groups (NSGs)

NSGs act as a distributed firewall on your network interface or subnet. You can associate NSGs with subnets or individual network interfaces to filter traffic. Rules within an NSG allow or deny inbound network traffic to an Azure resource or outbound traffic from it.

{
  "name": "myNsgRule",
  "properties": {
    "priority": 100,
    "access": "Allow",
    "direction": "Inbound",
    "protocol": "Tcp",
    "sourcePortRange": "*",
    "destinationPortRange": "80",
    "sourceAddressPrefix": "*",
    "destinationAddressPrefix": "*"
  }
}

4. Routing

Azure automatically routes traffic between subnets within a VNet. You can also control traffic flow by defining custom routes (User Defined Routes - UDRs) to send traffic through network virtual appliances or to specific destinations.

Connecting to On-Premises Networks

Azure VNet allows you to extend your on-premises network to the cloud securely. This is typically achieved using:

• VPN Gateway: Establishes secure, encrypted connections over the public internet between your on-premises network and your Azure VNet.
• ExpressRoute: Provides dedicated, private connections from your premises to Azure, offering higher bandwidth and lower latency than VPNs.

Advanced Networking Features

• Load Balancing: Distribute incoming traffic across multiple instances of your applications using Azure Load Balancer or Application Gateway.
• Firewalls: Implement centralized network security with Azure Firewall.
• Private Link: Access Azure PaaS services securely from your VNet without exposing traffic to the public internet.
• Service Endpoints: Securely connect your VNet to supported Azure services.

Getting Started with Azure VNet

You can create and manage Azure VNets through the Azure portal, Azure CLI, Azure PowerShell, or ARM templates.

Steps to Create a VNet (Azure Portal):

1. Sign in to the Azure portal.
2. Navigate to "Virtual networks".
3. Click "+ Create".
4. Fill in the required details: Subscription, Resource Group, Name, Region.
5. Define the IP address space for your VNet.
6. Add initial subnets with their respective address ranges.
7. Review and create the VNet.

This tutorial provides a foundational understanding of Azure Virtual Networks. Explore the official Azure documentation for more in-depth details on advanced configurations and best practices.