askvity

What is VNet?

Published in Azure Networking 3 mins read

Azure VNet, or Azure Virtual Network, is the fundamental building block for your private network in Azure. It allows various Azure resources to communicate securely with each other, the internet, and on-premises networks.

Understanding Azure VNet

According to Azure documentation, specifically the "Azure vNet Operations" context, Azure Virtual Network allows many types of Azure resources, such as Azure virtual machines (VMs), to communicate securely with each other, with the Internet, and with local networks. Think of a VNet as your own custom network in the cloud. You define its IP address space and can segment it into subnets.

Key Capabilities

A VNet provides essential networking capabilities for your cloud deployments:

  • Communication between Azure Resources: You can deploy resources like VMs into a VNet and enable them to communicate privately using private IP addresses.
  • Internet Communication: Resources within a VNet can communicate outbound to the internet by default. You can also enable inbound communication by assigning a public IP address or using other services like Azure Load Balancer or Application Gateway.
  • Communication with On-Premises Networks: Extend your corporate network into Azure using connectivity methods like VPN (Virtual Private Network) or Azure ExpressRoute, enabling seamless communication between your cloud resources and your data center.
  • Routing Control: VNets allow you to define custom routing tables to control how traffic flows between subnets, VNets, and on-premises networks.
  • Security Filtering: Implement network security groups (NSGs) within your VNet to filter network traffic to and from resources based on source/destination IP address, port, and protocol.

How VNet Works

When you create an Azure VNet, you specify a private IP address range using CIDR (Classless Inter-Domain Routing) notation. This range must be within the private IP address spaces (10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16). You then create one or more subnets within this VNet IP range. Resources deployed into a subnet are assigned private IP addresses from that subnet's range.

For example:

  1. Create a VNet named MyAzureVNet with address space 10.0.0.0/16.
  2. Create a subnet named AppSubnet within MyAzureVNet with address space 10.0.1.0/24.
  3. Create a subnet named DbSubnet within MyAzureVNet with address space 10.0.2.0/24.
  4. Deploy a VM for your web application into AppSubnet. It gets an IP like 10.0.1.4.
  5. Deploy a VM for your database into DbSubnet. It gets an IP like 10.0.2.5.
  6. The App VM can communicate with the Db VM using their private IPs 10.0.1.4 and 10.0.2.5 within the secure VNet.

This structured approach provides network isolation and segmentation, which is crucial for building secure and scalable applications in Azure.

Related Articles