Azure Networking Basics


Azure Networking Basics

Before beginning towards Azure Networking concepts, one should have a basic understanding of networking terms that are going to be used as networking parameters.
This article covers some of the fundamental terms of Networking that is most widely used in Azure. Below are the topics that we are going to cover:

·      Virtual Network (VNET)
·      Subnet
·      IP Addressing
·      Private IP
·      Public IP
·      Network Security Group (NSG)
·      Internet Gateway
·      DNS





1.          Virtual Network (VNET)

An Azure Virtual Network (VNet) is a representation of your own network in the cloud. It is a logical isolation of the Azure cloud dedicated to your subscription.

·      The traffic could not be ingested inside your Virtual network or cannot go outside your virtual network unless you enable gateway or peering to your virtual network.



·      Only the external traffic will be allowed when you create any gateway for your virtual network. Gateway could be used to enable access to other Azure resources or to the internet or to the external network (On-premises).




2.          Subnet

A subnetwork or subnet is a logical subdivision of an IP network. The practice of dividing a network into two or more networks is called subnetting. Computers that belong to a subnet are addressed with an identical most-significant bit-group in their IP addresses.

·      There are two types of subnets in a VNet, a gateway subnet and a virtual machine-hosting subnet. Hosting subnet is further classified into a private subnet and public subnet.
·      Gateway subnet is used while configuring VPN (Virtual Private Network) connection between two or more networks.
·      Private Subnet is the one which has only private IP addresses inside it and no external network is allowed inside this network or subnet.
·      Public Subnet is the one which has the public accessibility, which will consist of a public IP or the gateway to allow external traffic to the resources inside the subnet.


3.         IP Addressing

An Internet Protocol address (IP address) is a numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing.

·      IPv4 and IPv6 are two different versions of IP addresses, IPv4 consist of four octets and IPv6 consist of 6 octets to define a particular IP address.
·      Generally, IPv4 is widely used for traditional workloads as IPv6 was introduced later as if IPv4 usability will exhaust then IPv6 will be used.
·      IPv6 is used for IoT based projects and others, while IPv4 is much popular, we will require a good understanding of IPv4 addressing to step into Azure.
·      IPv4 has four octets with which are separated by ‘.’ (dot) in between each octet.
·      Each octet has 8 binary bits which are represented in decimal format.
·      IP addresses are further classified into five classes – Class A, Class B, Class C, and Class D.
·      Class A IP address is more specifically used as Public IP addresses, where Class B and Class C are used as private IP addresses.



·      As suggested earlier in this article, subnetting is further division of a classful IP address range to classless IP address range.
·      Below table specifies how subnetting is calculated and how it is denoted.






4.          Private IP Address

A private IP address is a non-Internet facing IP address on an internal network. Private IP addresses are provided by network devices, such as routers, using network address translation (NAT).

·      The Internet Assigned Numbers Authority (IANA) reserves the following IP address blocks for use as private IP addresses:

o   10.0.0.0                     to        10.255.255.255
o   172.16.0.0                to        172.31.255.255
o   192.168.0.0              to        192.168.255.255

·      Why Private IP Addresses Are Used?

o   Instead of having devices inside a home or business network each use a public IP address, of which there's a limited supply, private IP addresses provide an entirely a separate set of addresses that still allow access on a network but without taking up a public IP address space.

5.          Public IP Address

A public IP address is an IP address that can be accessed over the Internet. Like postal address used to deliver a postal mail to your home, a public IP address is the globally unique IP address assigned to a computing device. Your public IP address can be found at ‘show my IP Address’ search on google.

·      Public IP addresses are the globally unique IP address assigned particularly to our resource and are first dynamically assigned to us if we want that IP to be reserved for us we can then change it to Static.
·      This IP is assigned with some cost if we don’t use it or if it is reserved and not assigned to any device.



6.          Network Security Group (NSG)

A network security group (NSG) is a networking filter (firewall) containing a list of security rules allowing or denying network traffic to resources connected to Azure VNets. These rules can manage both inbound and outbound traffic.

·      NSG Rules are the mechanism defining traffic the administrator is looking to control.  All NSGs have a set of default rules. These default rules cannot be deleted, but since they have the lowest possible priority, they can be overridden by the rules that you create. The lower the number, the sooner it will take precedence.
·      Understanding the effective rules of NSGs is critical. Security rules are applied to the traffic by priority in each NSG in the following order:

o   Inbound Traffic:
§  NSG applied to subnet: If a subnet NSG has a matching rule to deny traffic, the packet is dropped.
§  NSG applied to NIC: If VM\NIC NSG has a matching rule that denies traffic, packets are dropped at the VM\NIC, even if a subnet NSG has a matching rule that allows traffic.
o   Outbound Traffic:
§  NSG applied to NIC: If a VM\NIC NSG has a matching rule that denies traffic, packets are dropped.
§  NSG applied to subnet: If a subnet NSG has a matching rule that denies traffic, packets are dropped, even if a VM\NIC NSG has a matching rule that allows traffic.
  

Below is the example image, which shows the parameters for enabling inbound NSG rules:


7.          Internet Gateway

An Internet gateway is a network "node" that connects two different networks that use different protocols (rules) for communicating. In the most basic terms, an Internet gateway is where data stops on its way to or from other networks. Thanks to gateways, we can communicate and send data back and forth with each other.

If your Internet gateway is a computer server, which is more likely in an office or business situation, it acts as a firewall and a proxy server. A firewall, as discussed earlier, keeps unwanted traffic and outside computers out of a private network. A proxy server makes sure that the actual server can handle your online data requests.
Below is the icon which represents internet gateway in Azure:


8.          DNS

Azure DNS is a hosting service for DNS domains that provides name resolution by using Microsoft Azure infrastructure. By hosting your domains in Azure, you can manage your DNS records by using the same credentials, APIs, tools, and billing as your other Azure services.

·       Host your domain in Azure DNS
·       Create custom DNS records for a web app
·       Create private DNS zone and record
·       Configure an alias record to refer to an Azure Public IP address
·       Configure an alias record to support apex domain names with Traffic Manager
·       Configure an alias record for zone records


Comments

Post a Comment

Popular posts from this blog

PowerShell Cheat Code Sheet For Server Core Installation

70-410 Power shell Cheat Sheet Please find the below list of Powershell commands which may be useful for the beginner to start with Powershell commands and execution in windows server environment. Start List Cmdlet Description Add-ADCentralAccessPolicyMember Adds central access rules to a central access policy in Active Directory Add-ADgroupmember PhoenixAdmins PhoenixAdmin01, PhoenixAdmin02 Add members to group Add-ADResourcePropertyListMember Adds one or more resource properties to a resource property list in Active Directory Add-Computer –DomainName  domainname.com Joins a computer to domain Add-NetSwitchTeamMember Adds a network adapter member to an existing switch team Add-PhysicalDisk Adds a physical disk to storage pool Add-WindowsFeature Adds a role or feature Configure-SMRemoting.exe –Enable Used to configure a computer runn...
Read more

Basic understanding – What is Cloud.

Image
Definition: Using internet, we can access different services provided by the service providers is called cloud. Let me elaborate the definition to understand more clearly, Please refer the below diagram: Considering any website that a user wants to use on his machine (computer), let’s say for example as shown in image – portal.azure.com or www.office.com this URL are linked to the internet. (The owner must have Reserved Public facing IP addresses through ISP for hosting this websites over the internet, Microsoft is the owner in our case) Now, when a user is triggering this website(s) this request will go to ISP (Internet Service Provider), for the time being we may consider a simple term i.e Internet. When the website is triggered, request will go to internet and through the internet the request will be diverted to the origin (Hosting machine or server) – which is available on Service Provider’s Data Center, wh...
Read more