Microsoft Azure Virtual Network (VNet) Explained
Learning Center | Glossary | Virtual Network (VNet)
What is an Azure Virtual Network (vNet)?
Azure vNet Operations
Azure Virtual Network allows many types of Azure resources, such as Azure virtual machines (VMs), to communicate securely with each other, with the Internet, and with local networks. The scope of a virtual network is a single region; however, several virtual networks of different regions can be connected together by virtual network pairing.
Azure Virtual Network provides the following important functionalities:
Isolation and segmentation
You can deploy multiple virtual networks within each subscription and Azure region. Each virtual network is isolated from the other virtual networks.
- Specify a private IP address space through public and private addresses (RFC 1918). Azure assigns a private IP address to the resources of a virtual network from the address space that you assign.
- Segment the virtual network into one or more subnets and assign a part of the address space of the virtual network for each subnet.
- Use the name resolution provided by Azure or specify your own DNS server to be used by resources connected to a virtual network.
You can filter network traffic between subnets using one or both of the following options:
- Security groups: network security groups and application security groups can contain several security rules of entry and exit that allow you to filter the traffic arriving and leaving the resources by IP address, port, and protocol of origin and destination. For more information, see network security groups and application security groups.
- Virtual network Appliance: A virtual network application is a virtual machine that executes a network function, such as a firewall, WAN optimization or other network function. To see a list of virtual network applications that can be deployed in a virtual network, see Azure Marketplace.
By default, Azure routes traffic between subnets, connected virtual networks, local networks, and the Internet. You can implement one or both of the following options to replace the default routes Azure creates:
- Route tables: you can create custom route tables with the routes that control where traffic is routed to each subnet. More information on route tables.
- Border Gateway Protocol (BGP) Paths: If you connect the virtual network to your local network through an Azure VPN Gateway or ExpressRoute connection, you can propagate local BGP routes to your virtual networks. More information about the use of BGP with Azure VPN Gateway and ExpressRoute.