Azure Virtual Network

Hi guys today we are going to understand about Azure Virtual Network.

As per the previous blog we came to know about the azure virtual machine and its creation and in today’s topic we are going to know about azure virtual network. 

What is Azure Virtual Network?

So Azure Virtual Network which is shortly called as Azure VNet is the fundamental building block for your private network in Azure. is a representation of your own network in the cloud. It is a logical isolation of the Azure cloud dedicated to your subscription. You can use VNets to provision and manage virtual private networks (VPNs) in Azure. It provides secure communication within the virtual machine.

How does Azure Virtual Network works?

So, once you assign a virtual network to your environment azure assigns resources with the IP address that you have assigned it to be in. So, these requires the below requisites:

•  Address space: It is the IP range within which your network supports. It can be both public address or private address. So, azure will assign an IP address which is free within the range you specify. (Ex: 192.168.0.0/16) VM will be assigned IP like 192.168.0.1

Below are the ranges that can be used in the virtual network.

1. 10.0.0.0 - 10.255.255.255 (10/8 prefix)
2. 172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
3. 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

• Subnets: It helps is splitting the address space you provide into blocks of individual address withing the address space range which improves address allocation efficiency. You can secure resources within subnets using Network Security Groups.
• Regions: So. each virtual network is dedicated to a specific region. In order to establish multiple region connection, we need to peer the networks across the regions.
• Subscription: Vnet is bound within the subscription. It is limited within your subscription account and region. So, a subscription is a must to create the virtual network.

So below are the protocols that are used in the virtual networks:

• TCP: TCP/IP protocols within VNets.
• UDP: Unicast is supported within VNets, with the exception of Dynamic Host Configuration Protocol (DHCP) via Unicast (source port UDP/68 / destination port UDP/67) and UDP source port 65330 which is reserved for the host. Multicast, broadcast, IP-in-IP encapsulated packets, and Generic Routing Encapsulation (GRE) packets are blocked within VNets.
• ICMP: Used for checking whether the Virtaul machines are reachable via ping whether they pass the ping test.

So, each Azure Virtual Network belongs under a resource group that is created during the initial stages. It enables Azure resources, like VMs, to securely communicate with each other and with the internet.

Virtual Network Creation:

In order to create Virtual network.

1.     From the Azure portal menu, select Create a resource. From the Azure Marketplace, select Networking > Virtual network.

2.     In Create virtual network, enter or select this information:

•  Subscription
• Resource group
• Name
• Location

3.     Select Next: IP Addresses, and for IPv4 address space, enter 10.1.0.0/16 or enter any range as per requirement.

4.     Select Add subnet, then enter subnet name for Subnet name and 10.1.0.0/24 for Subnet address range.

5.     Select Add, then select Review + create. Leave the rest as default and select Create.

6.     In Create virtual network, select Create.

After the Virtual network is created, we can create the Virtual machines. So, this can be done through the portal and even through Azure Power Shell and Command Line Interface.

Network Security Groups (NSGs):

Azure network security groups are used to filter network traffic to and from Azure resources in an Azure virtual network. It contains the rules of inbound and outbound traffic that can allow or deny the traffic to resources. For each rule, you can specify source and destination, port, and protocol. The NSGs in Azure are stateful. Meaning that if you open an incoming port, the outgoing port will be open automatically to allow the traffic. The default rules in a Network Security Group allow for outbound access and inbound access is denied by default. Access within the VNet is allowed by default.

Best Practices in building Azure Network:

There are some recommendations that can be followed while creating the virtual networks.

• We need to create the IP address as non-overlapping address spaces the ip ranges must not we overlap.
• We need to reserve the IP addresses. So that there is no threat of utilizing all the IP addresses from the address pool.
• We can use large IP range.
• Secure the Vnet’s using Network Security Groups.

So, hope this blog will help you to understand the Azure Virtual Network and its features. If you enjoyed this post, I’d be very grateful if you’d help it spread by emailing it to a friend, or sharing it on Twitter or Facebook. Thank you!