Welcome to a new blog series about Azure networking. These series will guide you through networking in Azure. We begin with the basics and from there we will continue to networking security and the more advanced stuff.
First, networking in Azure isn’t some kind of magic like some people think. Networking in Azure can connect and deliver your hybrid and cloud-native applications with low-latency, Zero Trust based networking services. This is how Microsoft describes their product in Azure (source). A network in Azure is software defined, build and maintained by Microsoft. This is a huge advantage for customers because they don’t have to worry about routers, switches and other networking stuff. As a consumer of the Azure platform, you can easily create a network and let Microsoft do the rest.
Virtual Network (VNET)
When you begin in Azure by creating a resource, let’s say a virtual machine, you need a network. The network that Azure requires is called a virtual network. The virtual network is very often shortened by using the abbreviation VNET. This virtual network is the fundamental building block for your private network in Azure, as Microsoft calls it. The virtual network in Azure is a binding element of many resources. It can bind two virtual machines together or an on-premise environment to an Azure environment by using a virtual network gateway.
One of the first things you need to define when creating a virtual network is an address space. This address space must be specified as a custom private IP address space using public and private (RFC 1918) addresses. The example that is given by Microsoft during the creation of the virtual network is 10.0.0.0/8. During my journey as an Azure consultant, one of the best practice is that you need to keep in mind which address space the current environment of the customer has. The virtual network address space in Azure needs to be different from the current environment.
After defining the address space, you need to choose your subnet(s). This can be one or many if you wish. When defining the subnet(s) there is something you need to know. Some resources in Azure need an empty subnet when you want to be able to work with this resource. For example, when you want to create a virtual private network (VPN) to another environment, and you want to use the native VPN feature in Azure there needs to an empty subnet of at least 27 addresses. This subnet also needs to comply to a naming convention of Microsoft. The name of this subnet needs to be GatewaySubnet. So when defining the subnets, here is a list of resources that require a specific subnet when you want to be able to consume these:
- Azure Virtual Network Gateway (GatewaySubnet);
- Azure Firewall (AzureFirewallSubnet);
- Azure Bastion (AzureBastionSubnet).
After creating a virtual network in Azure, you are ready for consuming the first resources in Azure, like virtual machines or a virtual network gateway.
Thanks for reading this first blog of a series where I will explain the ‘magic’ of networking in Azure.