Friday, January 10, 2025

Azure Networking

 

Azure Networking

Azure Networking provides the foundational infrastructure to connect, secure, and manage communication between Azure resources and on-premises systems. A core component of this is the Virtual Network (VNet), which enables private, secure communication in the cloud.

1. Virtual Network (VNet)

A Virtual Network in Azure is a logically isolated section of the Azure cloud. It allows Azure resources like virtual machines (VMs) and services to securely communicate with each other, the internet, and on-premises environments.

Key Features of VNets:

  • Isolation: VNets are isolated from each other, allowing complete control over your networking environment.

  • Subnetting: Divide VNets into subnets to organize resources and control traffic flow.

  • Address Space: Each VNet is assigned an IP address range using CIDR (Classless Inter-Domain Routing) notation.

2. Subnets and CIDR

Subnets

Subnets are segments of a Virtual Network, used to:

  • Organize resources by function or application tier (e.g., web, app, database).

  • Control traffic routing and security boundaries.

CIDR (Classless Inter-Domain Routing)

  • CIDR notation defines the IP address range of a VNet or subnet.

  • Example: 10.0.0.0/16 for a VNet, and 10.0.1.0/24 for a subnet within it.

3. Routes and Route Tables

Routes

Routes determine how network traffic is directed within Azure networks or to external destinations.

  • A route includes a destination prefix and a next hop (such as a virtual appliance, VPN gateway, or internet).

Route Tables

  • Collections of user-defined routes.

  • Associated with subnets to override default Azure routing and implement custom traffic flows.

4. Network Security Groups (NSGs)

NSGs are used to control inbound and outbound traffic to Azure resources at the subnet or NIC (network interface) level.

Key Features:

  • Security Rules: Each rule defines traffic allowance or denial based on source/destination IP, port, and protocol.

  • Default Rules: NSGs include default rules to allow traffic within the VNet and restrict internet access.

  • Associations: NSGs can be applied to subnets and/or individual NICs for granular control.

5. Application Security Groups (ASGs)

ASGs provide a more scalable and manageable approach to applying security rules.

Key Features:

  • Simplified Rule Management: Group VMs by application role (e.g., web servers, database servers) instead of IP addresses.

  • Dynamic Membership: VM membership in ASGs can be managed using tags or other attributes.

  • Flexible Rule Assignment: NSG rules can reference ASGs directly, allowing for cleaner and scalable security policies.

Summary

ComponentPurpose
VNetCreates isolated network environments in Azure
SubnetSegments the VNet for logical grouping and traffic control
CIDRDefines IP address range using prefix notation
Route TableCustomizes traffic routing between subnets and outside Azure
NSGSecures network traffic using access rules
ASGGroups VMs by role for simplified NSG rule management
at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)