Azure – Networking – Part 1 – Overview Of Azure Networking
Hope you all are doing good !!!
Now a days, in my current project I am working on, Azure Networking. So planning to start a series of articles, where I will discuss about all important networking component of Azure. We can find so many very good articles on each of the component. As I am new to this section, planning to make this article very simple so that it will help a beginner to understand the basic of Azure networking components.
Following are the most common components of Azure Networking.
Azure Virtual Network (Vnet) :
Vnet is a fundamental component, which is acts as an organisation’s network in azure. A virtual network is scoped to a single region. We can implement multiple virtual networks within each Azure subscription and Azure region. However, multiple virtual networks from different regions can be connected together using Virtual Network Peering. Virtual Network is the entry point for one or more Virtual Private Network (VPN) connections to other networks outside of Azure. For more information, see
Part 2 – Azure Virtual Network (Vnet) on how to create and configure VNet in Azure .
IP Addresses :
An Internet Protocol address (IP address) is a numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing. IP addresses are usually written and displayed in human-readable notations, such as 172.16.254.1 in IPv4, and 2001:db8:0:1234:0:567:8:1 in IPv6. More details on IP Address can be found in this article.
Network Interface Card ( NIC ) :
A Network Interface Card is an Azure resource which enables an Azure resource to communicate with internet, Azure, and on-premises resources. When creating a virtual machine using the Azure portal, the portal creates one network interface with default settings for us. We can also create our own private/public NIC and associate with any existing VM.
Subnet or Subnetwork is logical division of huge network IP range. We have huge IPv4 range from 0.0.0.0 to 255.255.255.255 and IPv6 addresses are each 128 bits long. Because each digit in an IPv6 address can have 16 different values (from 0 to 15), each digit represents the overall value of 4 bits (one nibble), with 32 digits total. We can divide these IP range in different logical network for better user and network isolation. For more information on subnet , see Part 3 – Subnet in Azure .
Classless Inter-Domain Routing (CIDR) Block :
CIDR is an expansion of the IP addressing system that allows for a more efficient and appropriate allocation of addresses. CIDR introduced a new method of representation for IP addresses, now commonly known as CIDR notation, in which an address or routing prefix is written with a suffix indicating the number of bits of the prefix, such as 192.0.2.0/24 for IPv4, and 2001:db8::/32 for IPv6. For more information on CIDR see Networking – CIDR ( Classless Inter-Domain Routing ) .
Network Security Group (NSG) :
A Network Security Group (NSG) contains a list of security rules that allow or deny network traffic to resources connected to Azure Virtual Networks (VNet). NSGs can be associated to subnets, individual VMs (classic), or individual network interfaces (NIC) attached to VMs (Resource Manager). For more information, see Part 4 – Network Security Group (NSG) in Azure
Virtual Network Gateway For On-Premise Network Connectivity :
Azure VNet can integrate On-Premises Networks through private network connections between the on-premises network and the Azure Cloud Environment. For more information, see Part 12 – Azure VPN Network Gateway
Point-to-Site VPN connection gateway is used to create a secure connection to our virtual network from an individual client computer. For more information, see Part 13 – Configure Azure Point-to-Site VPN
Site-to-Site VPN Connection is used when we want to connect two networks and keep the communication up all the time.
In Azure, the Virtual Network Gateway is the platform providing both functionalities. For more information, see Part 15 – Configure Azure Site-to-Site VPN Connection
VNet-To-VNet Connection :
Connecting a virtual network (VNet) to another virtual network (VNet) works same way as connecting a virtual network with On-premise network (VNet-to-Site) . It allow us to establish network typologies that combine cross-promises connectivity with inter-virtual network connectivity . For more information, see Part 14 – Configure Azure VNet-to-VNet Connection.
Virtual Network Peering :
VNet peering enables us to seamlessly connect Azure virtual networks. Once peering is done, the virtual networks appear as one, for connectivity purposes. It means, we can connect with virtual machine in different VNet as it is in same VNet. Azure supports:
- VNet peering – connecting VNets within the same Azure region
- Global VNet peering – connecting VNets across Azure regions
For more information, see Part 16 – Azure Virtual Network (VNet) peering
ExpressRoute is an Azure service that allow us to establish private connections to Microsoft cloud services, such as Microsoft Azure, Office 365, and Dynamics 365. ExpressRoute is a dedicated connection between on-premises and Azure, so the here the content is not encrypted. For more information, see Part 11 – ExpressRoute
Azure Load Balancer :
Azure Load Balancer helps to scale our application and create high availability. It also improve network performance of our applications, by balancing or distributing incoming traffics among healthy instances. As of now Azure Load Balancer supports two types, that is Basic and extended.
Domain Name System (DNS) :
Domain Name System (DNS) is responsible for translating or resolving a website name or service name to its IP address.
Azure DNS is a hosting service, provided by Microsoft for DNS domains that provides name resolution by using Microsoft Azure infrastructure. By hosting our domains in Azure, we can manage our DNS records by using the same credentials, APIs, tools, and billing as your other Azure services.
Each DNS query is answered by the closest available DNS server to provide fast performance and high availability for our domain.
Azure DNS does not currently support purchasing of domain names. Now it associate with Go-daddy to reserve domain name.We can manage our domains and records via the Azure portal. For more information, see Part 9 – Configure Custom Domain In Azure DNS
Azure Application Gateway :
Azure Application Gateway gives us application-level routing and load balancing services which let us build a scalable and highly-available web front end in Azure. we can control the size of the gateway and scale our deployment based on our needs. Azure Application Gateway is also considered as an Application Delivery Controller (ADC) as a service. For more information, see Part 5 – Basics of Azure Application Gateway and Part 6 – Azure Application Gateway Features .
Azure Traffic Manager :
Azure Traffic Manager is enables us to distribute traffic optimally to services across global Azure section,and same time it provides high availability. The client connects to the IP address to access the service. The most important point is to understand, that Traffic Manager works at the DNS level. Traffic Manager uses DNS to choose the destination, to direct clients to specific service endpoints based on the rules of the traffic-routing method. For more information, see Part 18 – Azure Traffic Manager 1 and Part 19 – Azure Traffic Manager 2 -Create Traffic Manager Profile using (Cloud Shell) PowerShell
User Defined route (UDR) :
Route table used by traffic manager to manage the traffic efficiently. Azure automatically creates all system routes and assigns the routes to each subnet in a virtual network. We can’t create system routes but we can override system routes with User Defined route ( UDR) routes. For more information, see Part 20 – Azure Route Table and Part 21 – Azure Route Table 2 – Configure User Define Route (UDR).
Azure Virtual WAN :
Virtual WAN offers the following advantages: Integrated connectivity solutions in hub and spoke: Automate site-to-site configuration and connectivity between on-premises sites and an Azure hub. Automated spoke setup and configuration: Connect your virtual networks and workloads to the Azure hub seamlessly.
As this article is on the basic of each component , in my upcoming articles, I will explore all of the above components , one by one in more detail with related figures and examples. The next article of this series is Part 2 – Azure Virtual Network (Vnet) .
Thanks for reading 😊
Keep reading, share your thoughts, experiences. Feel free to contact us to discuss more.
If you have any suggestion / feedback / doubt, you are most welcome. Stay tuned on Knowledge-Junction, will come up with more such articles