Hope you all are doing good !!!
Now a days, in my current project I am working on, Azure Networking. So planning to start a series of articles, where I will discuss about all important networking component of Azure. We can find so many very good articles on each of the component. As I am new to this section, planning to make this article very simple so that it will help a beginner to understand the basic of Azure networking components.
Following are the most common components of Azure Networking.
Virtual Network (Vnet) :
Azure Virtual Network (Vnet) is a fundamental component, which is acts as an organisation’s network in azure. A virtual network is scoped to a single region. We can implement multiple virtual networks within each Azure subscription and Azure region. However, multiple virtual networks from different regions can be connected together using Virtual Network Peering. Virtual Network is the entry point for one or more Virtual Private Network (VPN) connections to other networks outside of Azure.
Here in this article, we can find more information about how to create and configure VNet in Azure .
IP Addresses :
An Internet Protocol address (IP address) is a numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing. IP addresses are usually written and displayed in human-readable notations, such as 172.16.254.1 in IPv4, and 2001:db8:0:1234:0:567:8:1 in IPv6. More details on IP Address can be found here.
Subnet or Subnetwork is logical division of huge network IP range. We have huge IPv4 range from 0.0.0.0 to 255.255.255.255 and IPv6 addresses are each 128 bits long. Because each digit in an IPv6 address can have 16 different values (from 0 to 15), each digit represents the overall value of 4 bits (one nibble), with 32 digits total. We can divide these IP range in different logical network for better user and network isolation.
CIDR Block :
Classless Inter-Domain Routing (CIDR) is an expansion of the IP addressing system that allows for a more efficient and appropriate allocation of addresses. CIDR introduced a new method of representation for IP addresses, now commonly known as CIDR notation, in which an address or routing prefix is written with a suffix indicating the number of bits of the prefix, such as 192.0.2.0/24 for IPv4, and 2001:db8::/32 for IPv6.
Network Security Group (NSG) :
A Network Security Group (NSG) contains a list of security rules that allow or deny network traffic to resources connected to Azure Virtual Networks (VNet). NSGs can be associated to subnets, individual VMs (classic), or individual network interfaces (NIC) attached to VMs (Resource Manager).
On-Premise Network Connectivity :
Azure VNet can integrate On-Premises Networks through private network connections between the on-premises network and the Azure Cloud Environment.
Point-to-Site VPN gateway is used to create a secure connection to our virtual network from an individual client computer.
Site-to-Site VPN gateway is used when we want to connect two networks and keep the communication up all the time.
In Azure, the Virtual Network Gateway is the platform providing both functionalities.
Network Interface Card ( NIC ) :
A Network Interface Card is an Azure resource which enables an Azure resource to communicate with internet, Azure, and on-premises resources. When creating a virtual machine using the Azure portal, the portal creates one network interface with default settings for us. We can also create our own private/public NIC and associate with any existing VM.
Azure Load Balancer :
Azure Load Balancer helps to scale our application and create high availability. It also improve network performance of our applications, by balancing or distributing incoming traffics among healthy instances. As of now Azure Load Balancer supports two types, that is Basic and extended.
Domain Name System (DNS) :
Domain Name System (DNS)is responsible for translating or resolving a website name or service name to its IP address.
Azure DNS is a hosting service, provided by Microsoft for DNS domains that provides name resolution by using Microsoft Azure infrastructure. By hosting our domains in Azure, we can manage our DNS records by using the same credentials, APIs, tools, and billing as your other Azure services.
Each DNS query is answered by the closest available DNS server to provide fast performance and high availability for our domain.
Azure DNS does not currently support purchasing of domain names. Now it associate with Go-daddy to reserve domain name.We can manage our domains and records via the Azure portal.
Azure Application Gateway :
Azure Application Gateway gives us application-level routing and load balancing services which let us build a scalable and highly-available web front end in Azure. we can control the size of the gateway and scale our deployment based on our needs. Azure Application Gateway is also considered as an Application Delivery Controller (ADC) as a service.
Traffic Manager :
Azure Traffic Manager is enables us to distribute traffic optimally to services across global Azure section,and same time it provides high availability. The client connects to the IP address to access the service. The most important point is to understand, that Traffic Manager works at the DNS level. Traffic Manager uses DNS to choose the destination, to direct clients to specific service endpoints based on the rules of the traffic-routing method.
User Defined route (UDR) :
Route table used by traffic manager to manage the traffic efficiently. Azure automatically creates all system routes and assigns the routes to each subnet in a virtual network. We can’t create system routes but we can override system routes with User Defined route ( UDR) routes.
ExpressRoute is an Azure service that allow us to establish private connections to Microsoft cloud services, such as Microsoft Azure, Office 365, and Dynamics 365. ExpressRoute is a dedicated connection between on-premises and Azure, so the here the content is not encrypted.
As this article is on the basic of each component , in my upcoming articles, I will explore all of the above components , one by one in more detail with related figures and examples.
Thanks for reading 😊
Keep reading, share your thoughts, experiences. Feel free to contact us to discuss more.
If you have any suggestion / feedback / doubt, you are most welcome. Stay tuned on Knowledge-Junction, will come up with more such articles