Configure and manage virtual networks in Azure

Posted on by zeusexam

Skill 4.1: Configure and manage virtual networks in Azure

Azure Virtual Networks (VNets) form the foundation of the Azure networking infrastructure. Each VNet defines a network address space, comprising one or more IP address ranges. This network space is then carved into subnets. IP addresses for virtual machines, as well as some other services such as an internal Azure load balancer, are assigned from these subnets.

For each subnet, you define which network flows are permitted (using network security groups), and what network routes should be taken (using user-defined routes). You can use these features together to implement many common network topologies, such as a DMZ containing a network security appliance or a multitier application architecture with restricted communications between application tiers.

Create and configure virtual networks and subnets

A VNet is an Azure resource that defines address space, subnets, and connectivity for Azure resources. When you create a VNet, the most important setting is the IP range (or ranges) the VNet will use.

IP ranges are defined using classless inter-domain routing (CIDR) notation. For example, the range 10.5.0.0/16 represents all IP ranges starting with 10.5. The /16 represents the bitmask and indicates that the first 16 bits are the same for every IP in the address range. Each virtual network can use either a single IP range or multiple disjointed IP ranges.

It is recommended that your VNet IP ranges be taken from the private address ranges defined in RFC 1918:

  • 10.0.0.0–10.255.255.255 (10.0.0.0/8)
    • 172.16.0.0–172.31.255.255 (172.16.0.0/12)
    • 192.168.0.0– 192.168.255.255 (192.168.0.0/16)

You can also use public, internet-addressable IP ranges in your VNet. However, this is not recommended because the addresses within your VNet will take priority, and virtual machines in your VNet will no longer be able to access the corresponding internet addresses.

In addition, there are a small number of IP ranges you can’t use because they are reserved by the Azure platform:

  • 169.254.0.0/16 (Link-local)
  • 168.63.129.16/32 (Azure-provided DNS)

Leave a Reply

Your email address will not be published. Required fields are marked *