Back to Azure
Azure Networking
Virtual networks, VPN, and connectivity
Virtual Networks (VNets)
Azure Virtual Networks provide isolated network environments for your resources.
Key Concepts
- * Address Space: CIDR blocks defining the VNet IP range (e.g., 10.0.0.0/16)
- * Subnets: Subdivisions within a VNet for resource organization
- * Peering: Connecting VNets for cross-network communication
- * Service Endpoints: Direct connectivity to Azure services
Best Practices
- * Plan IP address space to avoid overlaps with on-premises networks
- * Use Network Security Groups (NSGs) on all subnets
- * Enable VNet flow logs for troubleshooting
- * Consider Hub-Spoke topology for multi-VNet architectures
VPN Gateway
Azure VPN Gateway enables secure site-to-site and point-to-site connectivity.
Connection Types
| Type | Use Case |
|---|---|
| Site-to-Site (S2S) | Connect on-premises to Azure via IPsec tunnel |
| Point-to-Site (P2S) | Individual client connections (remote users) |
| VNet-to-VNet | Connect Azure VNets across regions |
SKU Selection
- * Basic: Development/test only (being retired)
- * VpnGw1-3: Production workloads with varying throughput
- * VpnGw1-5AZ: Zone-redundant for high availability
Network Security Groups
NSGs filter network traffic to and from Azure resources.
Rule Components
- * Priority: 100-4096, lower numbers processed first
- * Source/Destination: IP, service tag, or ASG
- * Protocol: TCP, UDP, ICMP, or Any
- * Action: Allow or Deny
Tip: Use Application Security Groups (ASGs) to group VMs logically instead of managing individual IP addresses.