Virtual Network Services

Virtual Networks on Azure are broken down into Address Spaces and Subnets:

  • Virtual Networks (VNets) provide network connectivity for Azure resources both internally and externally via a VPN Gateway.
  • Address spaces define the IP ranges in CIDR format which will be used within the VNet.
  • Subnets are defined within Address spaces, from which resources are assigned IP addresses.

Virtual Machines have at least 2 IP addresses:

  • Virtual IP (VIP) is a public facing IP address, dynamically assigned by default though up to 20 (default subscription limit) can be reserved
  • Dynamic IP (DIP) is a private IP address, dynamically or statically assigned within a subnet

A third type of IP address also exists:

  • Instance-Level Public IP (IL-PIP) is assigned directly to a VM rather than the Cloud Service in which it resides up to 5 (default subscription limit) can be assigned

Name resolution and DNS:

  • VMs on the same network can resolve each other using the DIP address
  • A DNS service is required for name resolution beyond this
  • Role instances within a Cloud Service are set as the name of the VM appended with a 2 digit role number e.g. MyServer01, MyServer02, etc.
  • The DNS name of a Cloud Service will be cloudservicename.cloudapp.net
  • A custom domain can be associated with the Cloud Service using CNAME or A records

Access Control Lists (ACLs) and Network Security Groups (NSGs) control traffic.

  • VM Endpoints map a Public Port to a Private Port
  • RDP (TCP 3389) and SSH (TCP 22) are automatically set as endpoints for VMs
  • The Public Port is associated with the VIP assigned to the Azure Load Balancer
  • The Private Port is associated with the DIP assigned to the VM
  • ACLs are applied to Endpoints to control traffic
  • NSGs allow more granular rules to be defined to control traffic and can be associated with a VM or Subnet whereas ACLs are associated with an Endpoint

The following resource is available as an aid when designing a network architecture on Azure:

Microsoft Cloud Networking for Enterprise Architects is available in PDF and Visio format on Microsoft Technet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s