Virtual Networks – Virtual Networking
Whenever you are implementing infrastructure, the first thing you should think about isn’t virtual machine; it’s the network. As mentioned earlier, the network is the fundamental building block that enables communication and requires the most planning. In Azure, virtual networks represent your own network in the cloud. Working with the Azure VNet service is similar to working with a traditional network in your on-premises; however, there are some additional benefits that virtual networks bring to the table. These benefits include scalability, availability, and network isolation.
With VNet, you can do the following:
- Establish a private connection between the Azure virtual machines and other Azure services
- Extend your on-premises architecture to the cloud for hybrid solutions
- Link with other virtual networks in the same region or different regions for private communication
- Enable virtual machines to connect with the Internet securely
Now that you have had a quick introduction to virtual networks, let’s go ahead and learn about some concepts related to the Azure VNet service.
VNet Concepts
The following are the concepts related to the Azure VNet service.
Address Space
The term address space might not be new for administrators who handle on-premises networking. In on-premises, you manage address spaces with the CIDR block. The same concept appears in the cloud as well. In Azure, using public and private (RFC 1918) addresses, you must specify an address space for your virtual network whenever you create one. The IP address for your resources will be assigned from this address space. For example, if you deploy a VM to the virtual network with the address space 172.16.0.0/16, then Azure will assign an IP address from this address space to your VM, say 172.16.0.4.
Whenever you create a virtual network, you are required to have an address space associated to it. Also, it’s a best practice that your address space doesn’t overlap with other address spaces that you have in your organization. This could lead to a conflict when you are connecting the virtual networks to each other or when setting up hybrid connections.
Subnets
Another concept from traditional networking is a subnet. Using subnets, you create one or more subnetworks by segmenting your virtual network. Once the virtual network is segmented, then you can deploy resources to the specific subnet. Subnetting helps in segmenting addresses or different workloads and also enhances the address allocation efficiency. At the subnet level, you can configure network security groups (NSGs) to secure your workloads. We will discuss NSGs later in this chapter.
For example, you can create a virtual network with address space 172.16.0.0/16 and then segment the network to subnetworks like 172.16.0.0/24, 172.16.1.0/24, and so on. Then you could use the first subnet 172.16.0.0/24 for your frontend and use the second subnet 172.16.1.0/24 for your databases.
The CIDR block for the subnet is decided based on how many hosts or servers you want to deploy to the subnet. It’s recommended that your subnets not cover the entire address space of the virtual network. You can plan ahead and reserve some IP addresses for your future use when your infrastructure is expanding.