Virtual Networks on Azure are broken down into Address Spaces and Subnets:
- Virtual Networks (VNets) provide network connectivity for Azure resources both internally and externally via a VPN Gateway.
- Address spaces define the IP ranges in CIDR format which will be used within the VNet.
- Subnets are defined within Address spaces, from which resources are assigned IP addresses.
Virtual Machines have at least 2 IP addresses:
- Virtual IP (VIP) is a public facing IP address, dynamically assigned by default though up to 20 (default subscription limit) can be reserved
- Dynamic IP (DIP) is a private IP address, dynamically or statically assigned within a subnet
A third type of IP address also exists:
- Instance-Level Public IP (IL-PIP) is assigned directly to a VM rather than the Cloud Service in which it resides up to 5 (default subscription limit) can be assigned
Name resolution and DNS:
- VMs on the same network can resolve each other using the DIP address
- A DNS service is required for name resolution beyond this
- Role instances within a Cloud Service are set as the name of the VM appended with a 2 digit role number e.g. MyServer01, MyServer02, etc.
- The DNS name of a Cloud Service will be cloudservicename.cloudapp.net
- A custom domain can be associated with the Cloud Service using CNAME or A records
Access Control Lists (ACLs) and Network Security Groups (NSGs) control traffic.
- VM Endpoints map a Public Port to a Private Port
- RDP (TCP 3389) and SSH (TCP 22) are automatically set as endpoints for VMs
- The Public Port is associated with the VIP assigned to the Azure Load Balancer
- The Private Port is associated with the DIP assigned to the VM
- ACLs are applied to Endpoints to control traffic
- NSGs allow more granular rules to be defined to control traffic and can be associated with a VM or Subnet whereas ACLs are associated with an Endpoint
The following resource is available as an aid when designing a network architecture on Azure:
Microsoft Cloud Networking for Enterprise Architects is available in PDF and Visio format on Microsoft Technet.