Azure Networking Concepts

Posted by on

1. VNet (Virtual Network):

  • A VNet is like a private network in Azure. It allows different resources like Virtual Machines (VMs) to communicate securely with each other and with the internet. It’s like setting up your own internal network but in the cloud.

2. Subnet:

  • A Subnet is a smaller section of a VNet. It’s like dividing your private network into smaller groups. Each subnet can have its own specific purpose, like one for databases and another for web servers. Subnets help organize your network and apply security settings to specific areas.

3. VNet Address Spaces:

  • Address Spaces are the range of IP addresses assigned to your VNet. For example, 10.0.0.0/16 could be your VNet’s address space, and you can divide this into smaller subnets. Think of it as the IP range for your network and subnets.

4. NSG (Network Security Group):

  • An NSG acts like a security guard for your VNet or subnet. It controls what traffic is allowed in and out of your network based on rules you set, such as blocking or allowing specific types of connections.

5. NSG Rules:

  • NSG Rules are like instructions for the NSG. These rules tell the NSG to either allow or block certain types of traffic. For example, you can create a rule that allows HTTP traffic (web traffic) but blocks SSH (remote login) traffic.

6. Security Group:

  • Similar to an NSG, a Security Group is used to control traffic but at the level of specific applications. It groups resources (like VMs) together so that you can apply the same security settings to all of them easily.

7. VPN Gateway:

  • A VPN Gateway is like a secure tunnel that connects your Azure Virtual Network (VNet) to other networks, such as your on-premises network or even another VNet. It allows safe data transfer over the internet.

8. P2P (Point-to-Point VPN):

  • Point-to-Point (P2P) VPN connects a single device (like your laptop) to a Virtual Network. It’s useful if you need to securely access Azure resources from a remote location.

9. S2S (Site-to-Site VPN):

  • Site-to-Site VPN connects your entire on-premises network to an Azure Virtual Network. It’s like setting up a long-distance connection between your office network and your Azure network.

10. ExpressRoute:

  • ExpressRoute provides a private, high-speed connection between your on-premises network and Azure, bypassing the public internet. It’s faster and more secure than a typical VPN.

11. ExpressRoute vs VPN Gateway:

  • ExpressRoute is a private connection with more security and faster speeds, but it's more expensive. VPN Gateway uses the public internet, so it’s cheaper, but slower and less secure compared to ExpressRoute.

12. VNet Peering:

  • VNet Peering connects two Virtual Networks so that resources in each VNet can communicate with each other. It’s like building a bridge between two networks so they can share resources easily.

13. Global VNet Peering:

  • Global VNet Peering connects VNets in different Azure regions (e.g., one in the US and one in Europe) so that resources can communicate across regions.

14. Azure Load Balancer:

  • An Azure Load Balancer distributes incoming network traffic evenly across multiple servers or VMs. It ensures that no single resource gets overwhelmed with traffic.

    • Public Load Balancer: Balances traffic coming from the internet to your resources (like web servers).

    • Internal Load Balancer: Balances traffic within a private network, typically for internal applications.

15. Load Balancing Rules:

  • Load Balancing Rules define how traffic should be distributed. For example, you can set a rule that balances HTTP traffic (port 80) between two or more web servers.

16. Inbound NAT (Network Address Translation):

  • Inbound NAT rules allow specific types of inbound traffic to be forwarded to a particular VM or server. For example, you can create a rule that forwards remote desktop traffic to a specific server.

17. Layer 7 Load Balancer (Application Gateway):

  • A Layer 7 Load Balancer, also known as Azure Application Gateway, is smarter than a regular load balancer because it understands the content of the traffic (like URLs). It can direct traffic to specific servers based on things like URL paths, making it ideal for web applications.

18. WAF (Web Application Firewall):

  • A Web Application Firewall (WAF) is a security feature of Azure Application Gateway. It protects your web apps from common attacks like SQL injection or cross-site scripting (XSS). It’s like a shield that filters out harmful traffic.

19. DNS-based Traffic Load Balancer (Traffic Manager):

  • Traffic Manager is a DNS-based load balancer that directs traffic to different locations based on DNS queries. It’s useful for distributing traffic across multiple regions or data centers, ensuring high availability and performance for global users.

20. Traffic Routing Methods in Azure:

  • Azure offers several ways to route traffic:
    • Priority Routing: Sends traffic to the resource with the highest priority.
    • Weighted Routing: Distributes traffic based on weights you assign to different resources (e.g., 70% of traffic goes to one server, 30% to another).
    • Performance Routing: Sends traffic to the server or region with the lowest latency for the user, improving performance.
    • Geographic Routing: Directs traffic based on the user’s geographic location, useful for compliance or legal requirements.

Summary:

  • VNet and Subnets allow you to organize and secure your network.
  • NSGs, Security Groups, and WAF help protect your resources from unwanted traffic.
  • VPN Gateway and ExpressRoute provide secure ways to connect Azure to other networks.
  • VNet Peering connects different virtual networks, even across regions.
  • Load Balancers and Traffic Manager distribute traffic to ensure your applications stay available and efficient.

Each of these features in Azure networking helps you build, secure, and scale your infrastructure based on your needs.

Comments

Post a Comment