Azure VNet
AZURENETWORK
- A virtual network exists
- Within a specific subscription
- Within a specific region
- spans multiple [[202404081830 Azure Availability Zones|AZs]] in that region
- It cannot span subscriptions nor regions
- A virtual network consists of one or more IP ranges
- IP address type:
- [[202407271143 Public IP address allows inbound access based on tier in Azure|Public IP Address]]
- [[202407281228 Azure Private IP Address|Azure Private IP Address]]
- Allocation can be static or dynamic
- Typically from RFC 1918 but not exclusively
- The address space is broken up into subnets with the smallest subnet possible being a /29 which will give 3 usable IP addresses
- From every subnet we lose 5 IPs
- .0 - NW
- .1 - GW
- .2-.3 - DNS
- .255 - broadcast
- Can be ipv6 as well/ but not only ipv6
- IP address type:
- Subnets are regional and span Availability Zones
- All subnets within a [[202404121703 Azure VNet|VNet]] can talk to each other by default
- we can use [[202404141419 Network Security Groups|NSG]] to deny traffic as needed
- Ingress is free, Egress costs money
Supported types of traffic
- Standard IP-based protocols supported including:
- TCP
- UDP
- ICMP (Ping)
- Multicast, broadcast, IP-in-IP encapsulated packets and Generic Routing Encapsulation (GRE) blocked
- Can not deploy DHCP server
- You cannot ping the Azure gateway or use tools such as tracert
- Traditional Layer 2 VLANs are not supported
Commands
[[202407141408 Create VNet in Azure]]
az network vnet create --name vnet-1 --resource-group test-rg --address-prefix 10.0.0.0/16 --subnet-name subnet-1 --subnet-prefixes 10.0.0.0/24