AZ104 – Networks

VIRTUAL NETWORKS

 Azure Virtual Network is a service that

provides the fundamental building block
for your private network in Azure. An
instance of the service (a virtual network)
enables many types of Azure resources to
securely communicate with each other,
the internet, and on-premises networks.
These Azure resources include virtual
machines (VMs).
KEY SCENARIOS

• Communication of Azure resources with

the internet.
• Communication between Azure resources.
• Communication with on-premises
resources.
• Filtering of network traffic.
• Routing of network traffic.
• Integration with Azure services.
VIRTUAL NETWORKS

• An Azure virtual network is a logical isolation of the

Azure cloud resources.
• You can use virtual networks to provision and
manage virtual private networks (VPNs) in Azure.
• Each virtual network has its own Classless Inter-
Domain Routing (CIDR) block and can be linked to
other virtual networks and on-premises networks.
• You can link virtual networks with an on-premises IT
infrastructure to create hybrid or cross-premises
solutions, when the CIDR blocks of the connecting
networks don't overlap.
• You control the DNS server settings for virtual
networks, and segmentation of the virtual network
into subnets.
THINGS TO KNOW ABOUT CREATING VIRTUAL
NETWORKS

• When you create a virtual network, you need to define the

IP address space for the network.
• Plan to use an IP address space that's not already in use
in your organization.
• The address space for the network can be either on-
premises or in the cloud, but not both.
• Once you create the IP address space, it can't be changed.
If you plan your address space for cloud-only virtual
networks, you might later decide to connect an on-premises
site.
• To create a virtual network, you need to define at least
one subnet.
• Each subnet contains a range of IP addresses that fall within
the virtual network address space.
• The address range for each subnet must be unique within
the address space for the virtual network.
• The range for one subnet can't overlap with other subnet IP
address ranges in the same virtual network.
• You can create a virtual network in the Azure portal.
Provide the Azure subscription, resource group, virtual
network name, and service region for the network.
CREATE SUBNETS

• Each subnet contains a range of IP addresses

that fall within the virtual network address
space.
• The address range for a subnet must be unique
within the address space for the virtual
network.
• The range for one subnet can't overlap with
other subnet IP address ranges in the same
virtual network.
• The IP address space for a subnet must be
specified by using CIDR notation.
• You can segment a virtual network into one or
more subnets in the Azure portal.
RESERVED ADDRESSES

 For each subnet, Azure reserves five IP

addresses. The first four addresses and
the last address are reserved.
PLAN IP ADDRESSING

 You can assign IP addresses to Azure resources to

communicate with other Azure resources, your on-
premises network, and the internet. There are two
types of Azure IP addresses: private and public.
 Private IP addresses enable communication
within an Azure virtual network and your on-
premises network. You create a private IP address
for your resource when you use a VPN gateway or
Azure ExpressRoute circuit to extend your network
to Azure.
 Public IP addresses allow your resource to
communicate with the internet. You can create a
public IP address to connect with Azure public-
facing services.
ASSOCIATE PUBLIC IP ADDRESSES

 A public IP address resource can be

associated with virtual machine network
interfaces, internet-facing load balancers,
VPN gateways, and application gateways.
You can associate your resource with both
dynamic and static public IP addresses.

 When you create a public IP address, you

select the Basic or Standard SKU. Your SKU
choice affects the IP assignment method,
security, available resources, and
redundancy options.
ALLOCATE OR ASSIGN PRIVATE IP ADDRESSES

A private IP address resource can be associated with virtual

machine network interfaces, internal load balancers, and
application gateways. Azure can provide an IP address
(dynamic assignment) or you can assign the IP address (static
assignment).
Private IP address assignment
A private IP address is allocated from the address range of
the virtual network subnet that a resource is deployed in.
There are two options: dynamic and static.
Dynamic: Azure assigns the next available unassigned or
unreserved IP address in the subnet's address range.
Dynamic assignment is the default allocation method.
Suppose addresses 10.0.0.4 through 10.0.0.9 are already
assigned to other resources. In this case, Azure assigns the
address 10.0.0.10 to a new resource.
Static: You select and assign any unassigned or unreserved
IP address in the subnet's address range.
Suppose a subnet's address range is 10.0.0.0/16, and
addresses 10.0.0.4 through 10.0.0.9 are already assigned to
other resources. In this scenario, you can assign any address
SUMMARY

• Azure virtual networks allow different Azure resources to securely communicate with each
other, the internet, and on-premises networks.
• Subnets within virtual networks provide logical divisions, improving security, performance,
and management.
• When creating virtual networks, ensure that the IP address space is unique and doesn't
overlap with other subnets.
• IP addresses can provide public or private access to resources.
 Knowledge check - Training | Microsoft Lea
rn