Networking: Azure Virtual Network, subnets, VNet peering, Azure DNS, VPN Gateway, ExpressRoute

Azure compute and networking services

📘Microsoft Certified: Azure Fundamentals (AZ-900)

Azure networking services let you connect, secure, and manage your resources in the cloud. Networking in Azure is essential because your virtual machines, databases, and applications need to communicate with each other and the internet.

1. Azure Virtual Network (VNet)

  • What it is:
    A Virtual Network (VNet) is like a private network in the cloud, similar to a network in a traditional on-premises data center. It allows Azure resources, such as virtual machines (VMs) and databases, to securely communicate with each other.
  • Key points for the exam:
    • A VNet is isolated, meaning only the resources inside it can communicate by default.
    • You can define IP address ranges using CIDR notation (like 10.0.0.0/16).
    • You can connect VNets to the internet, to on-premises networks, or to other VNets.
  • Real-life IT use:
    • You can have a VNet for your application servers and a separate VNet for your database servers, keeping them secure and segmented.

2. Subnets

  • What they are:
    Subnets are smaller network segments inside a VNet. They help organize and secure resources.
  • Key points for the exam:
    • Each subnet has its own IP address range, which must be within the VNet’s range.
    • Subnets allow network isolation and traffic management.
    • Azure uses subnets to define network security rules (through Network Security Groups, NSGs).
  • Real-life IT use:
    • You can create a subnet for web servers and another for database servers. This way, only allowed traffic flows between them.

3. VNet Peering

  • What it is:
    VNet peering connects two VNets so resources in different VNets can communicate privately without using the public internet.
  • Key points for the exam:
    • Peering is low-latency and high-bandwidth.
    • Peered VNets can be in the same region (intra-region) or different regions (global VNet peering).
    • Traffic stays within Microsoft’s backbone network, which is more secure than going over the internet.
  • Real-life IT use:
    • Your company has VNets in two regions (e.g., East US and West US) for redundancy. VNet peering allows your apps in both regions to communicate securely.

4. Azure DNS

  • What it is:
    Azure DNS is a service that translates domain names to IP addresses, just like traditional DNS.
  • Key points for the exam:
    • Allows your Azure resources to be reached using friendly names instead of IP addresses.
    • Supports public DNS for internet-facing apps and private DNS for internal networks.
  • Real-life IT use:
    • You can create webapp.contoso.com that points to the IP of your Azure VM hosting a website.

5. VPN Gateway

  • What it is:
    A VPN Gateway allows you to securely connect your on-premises network to Azure using a VPN over the public internet.
  • Key points for the exam:
    • Supports site-to-site VPN (connects entire networks) and point-to-site VPN (connects individual devices).
    • Encrypts traffic between your network and Azure for security.
    • Can be used for hybrid cloud scenarios, where part of your infrastructure is on-premises and part in Azure.
  • Real-life IT use:
    • Your company data center connects to Azure VNet using VPN Gateway so on-premises servers can access cloud resources securely.

6. ExpressRoute

  • What it is:
    ExpressRoute is a private, high-speed connection between your on-premises network and Azure, without going over the public internet.
  • Key points for the exam:
    • Provides faster speeds and lower latency than a VPN.
    • Traffic stays private and secure, which is important for sensitive data.
    • Can connect to Azure regions worldwide.
  • Real-life IT use:
    • A bank or healthcare provider may use ExpressRoute for a secure connection to Azure because public internet is too risky or slow.

Exam Tips for Networking Section

  1. Know the differences between services:
    • VNet vs Subnet: VNet is the overall network; subnets are smaller sections inside it.
    • VPN Gateway vs ExpressRoute: VPN uses the public internet; ExpressRoute is private.
    • VNet Peering: Connects VNets privately without internet.
  2. Understand network isolation and security:
    • VNets and subnets are used to organize and protect resources.
  3. Be familiar with DNS and name resolution in Azure:
    • Azure DNS lets you use friendly domain names instead of IPs.
  4. Hybrid connectivity options:
    • VPN Gateway → encrypted internet connection.
    • ExpressRoute → private dedicated connection.

Summary Table for Quick Exam Reference

ServicePurposeKey Points
VNetPrivate network in AzureIsolated, IP range defined, connects resources securely
SubnetSegment of VNetSeparate IP ranges, network isolation, NSG rules applied
VNet PeeringConnect two VNetsPrivate, low-latency, can be regional or global
Azure DNSDomain name resolutionPublic and private DNS, friendly names for resources
VPN GatewaySecure connection over internetSite-to-site or point-to-site, encrypts traffic
ExpressRoutePrivate dedicated connectionHigh-speed, low latency, traffic never goes over public internet
Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by