Understanding Azure Networking

Alla YasheelaAlla Yasheela
4 min read

Table of contents

In this blog, we'll break down some key networking concepts that are essential for anyone looking to get started with Azure. Don't worry if you're new to this—I'll keep things simple and easy to understand.

1. Virtual Network (VNet)

Diagram that shows how peering works between virtual networks, one of which includes an Azure Database for PostgreSQL flexible server.

Think of a Virtual Network (VNet) as your private space in the cloud. Just like a local network in your office or home, a VNet allows different resources, like virtual machines (VMs), to communicate with each other securely. Imagine it as creating a virtual version of your office's internal network but in Azure.

2. CIDR (Classless Inter-Domain Routing) and Subnets

azurevnetcidr file3

CIDR is a method used to define IP address ranges. When setting up a VNet, you decide how big your network is by choosing a CIDR block, like 10.0.0.0/16. This range is then divided into smaller segments called Subnets. Subnets allow you to organize your network and control which parts can talk to each other. For example, you might have one subnet for your web servers and another for your database servers, keeping them separated for better security and management.

3. Network Security Group (NSG) & Application Security Group (ASG)

Application security groups

Security is crucial in any network. In Azure,

Network Security Groups (NSGs) act like virtual firewalls, controlling traffic in and out of your subnets and VMs. You set rules to allow or block specific types of traffic, ensuring that only the right data gets through.

Application Security Groups (ASGs) take this a step further by allowing you to group similar servers together, like all your web servers, and apply the same security rules to them. This makes managing security much easier when you have a large number of resources.

4. Firewall

Example use of Azure Firewall and NSGs together

An Azure Firewall is a fully managed service that protects your VNet by filtering traffic based on rules you define. It's like a security guard checking every visitor at the entrance to your building, ensuring only those with permission can enter.

5. Load Balancer (L4) vs. Application Gateway (L7)

Load Balancers and Application Gateways are both used to distribute incoming traffic across multiple servers, but they work at different levels:

  • Load Balancer (Layer 4): Operates at the transport layer (TCP/UDP). It forwards traffic based on IP address and port but doesn't look at the actual data being sent. It’s great for basic traffic distribution.

  • Application Gateway (Layer 7): Operates at the application layer, which means it can make decisions based on the content of the requests (like URLs or cookies). It’s perfect for web applications where you need to manage traffic in a more sophisticated way.

In short, use a Load Balancer when you just need to spread the load, and use an Application Gateway when you need to be smart about how traffic is handled.

6. VNet Peering

azure fundamentals image 1

VNet Peering allows you to connect two VNets so that resources in both networks can communicate with each other. It’s like creating a bridge between two separate islands, enabling them to share resources without needing to leave their respective spaces. This connection is fast and secure, and it’s useful when you need to connect different parts of your infrastructure.

7. Web Application Firewall (WAF)

Diagram depicting a web application firewall protecting web application servers from common threats such as the OWASP Top 10 which could compromise web application security.

A Web Application Firewall (WAF) is a special type of firewall that specifically protects web applications from common attacks, like SQL injection or cross-site scripting (XSS). Think of it as an extra layer of protection for your websites, ensuring that malicious traffic is blocked before it can cause harm.

8. VPN Gateway

Benefits of VPN Gateway

A VPN Gateway allows you to connect your on-premises network to your Azure VNet securely over the internet. It's like setting up a secure tunnel between your office network and your Azure resources, allowing data to flow safely between the two.

Conclusion

Azure offers a variety of tools to help you build and secure your networks in the cloud. Whether you're just getting started or looking to expand your knowledge, understanding these basic concepts will give you a solid foundation. Remember, networking in the cloud might seem complex at first, but with a bit of practice, it becomes much easier to manage.

Happy Learning :)

0
Subscribe to my newsletter

Read articles from Alla Yasheela directly inside your inbox. Subscribe to the newsletter, and don't miss out.

networkingvnetLoad Balancinggateway

Written by

Alla Yasheela
Alla Yasheela

I'm Yasheela, an undergraduate with a deep interest in DevOps, and cloud technologies. Currently working on exciting projects on all things DevOps. I’m passionate about simplifying complex concepts and sharing practical insights. Through my Hashnode blog, I document my learning journey, from building scalable applications to mastering cloud services, with the goal of empowering others to grow their tech skills. Let's Learn Together !!