Azure virtual networking infrastructure provides the foundational building blocks for deploying secure, scalable, and highly available networked resources in Microsoft Azure. Components of Azure virtual networking infrastructure:
๐น 1. Virtual Network (VNet)
- Core component of Azure networking, similar to a traditional on-premises network.
- Enables resources (VMs, databases, etc.) to securely communicate.
- VNets are isolated from each other by default.
- Supports address space, subnets, routing, network security, and peering.
๐น 2. Subnets
- Logical subdivisions of a VNet.
- Allow you to segment your network for different workloads or services.
- Can assign Network Security Groups (NSGs) and route tables at the subnet level.
๐น 3. Network Security Groups (NSGs)
- Act as virtual firewalls that filter traffic to/from Azure resources.
- Contain security rules that define allow/deny traffic based on source, destination, port, and protocol.
๐น 4. Route Tables (User-Defined Routes – UDRs)
- Allow you to override Azureโs default system routing.
- Useful for implementing custom traffic flows, such as routing traffic through a firewall or NVA.
๐น 5. Azure Firewall
- A stateful, managed firewall as a service.
- Supports threat intelligence filtering, network and application rules, and log analytics.
๐น 6. Network Virtual Appliances (NVAs)
- Third-party appliances (like Fortinet, Palo Alto, etc.) deployed in VNets.
- Provide advanced firewall, routing, and VPN capabilities.
๐น 7. Azure VPN Gateway
- Connects your on-premises network to Azure over IPsec/IKE VPN tunnels.
- Supports site-to-site, point-to-site, and VNet-to-VNet connections.
๐น 8. Azure ExpressRoute
- Private, dedicated connection from on-premises to Azure (not over the internet).
- Provides higher bandwidth, lower latency, and more security than VPN.
๐น 9. Azure Application Gateway
- A Layer 7 (HTTP/HTTPS) load balancer with features like:
- Web Application Firewall (WAF)
- SSL termination
- Path-based routing
๐น 10. Azure Load Balancer
- Layer 4 (TCP/UDP) load balancer.
- Comes in two flavors:
- Basic โ simple, non-zone-redundant
- Standard โ supports high availability zones, diagnostics, and more features.
๐น 11. Azure Bastion
- Provides secure RDP/SSH access to VMs without exposing public IPs.
- Uses the Azure portal over TLS.
๐น 12. Private Endpoints
- Private IPs assigned to Azure PaaS resources (like Azure Storage, SQL DB).
- Traffic stays within your VNet via Private Link.
๐น 13. Public IP Addresses
- Used to expose Azure resources to the internet.
- Can be:
- Static or dynamic
- Basic or Standard SKU
๐น 14. VNet Peering
- Connects two VNets, enabling traffic between them using Microsoftโs backbone network.
- Global VNet peering allows peering across regions.
๐น 15. DNS Services
- Azure-provided or custom DNS settings per VNet.
- Integrates with Azure Private DNS Zones for internal resolution.
๐น 16. Service Endpoints
- Extend your VNet to Azure services directly over Azure backbone (no public internet).
- Adds a layer of security and access control to Azure PaaS.
๐น 17. Network Watcher
- Monitoring and diagnostic tool for Azure networking.
- Offers:
- Connection troubleshooting
- Packet capture
- Topology views
- IP flow verify
