Introduction – Training | Microsoft Learn
Explore Azure Virtual Networks
Each VNet you create has its own CIDR block and can be linked to other VNets and on-premises networks as long as the CIDR blocks don’t overlap.
Communication with the internet.
Communication between Azure resources.
Communication between on-premises resources.
Filtering network traffic.
Routing network traffic.
Design considerations for Azure Virtual Networks
When creating a VNet, it’s recommended that you use the address ranges enumerated in RFC 1918:
10.0.0.0 – 10.255.255.255 (10/8 prefix)
172.16.0.0 – 172.31.255.255 (172.16/12 prefix)
192.168.0.0 – 192.168.255.255 (192.168/16 prefix)
Example / 26
Example /24
Example / 22
In addition, you can’t add the following address ranges:
224.0.0.0/4 (Multicast)
255.255.255.255/32 (Broadcast)
127.0.0.0/8 (Loopback)
169.254.0.0/16 (Link-local)
168.63.129.16/32 (Internal DNS)
Azure reserves the first four and last IP address for a total of 5 IP addresses within each subnet. These are x.x.x.0-x.x.x.3 and the last address of the subnet.
When planning to implement virtual networks, you need to consider the following:
Ensure non-overlapping address spaces. Make sure your VNet address space (CIDR block) doesn’t overlap with your organization’s other network ranges.
Is any security isolation required?
Do you need to mitigate any IP addressing limitations?
Will there be connections between Azure VNets and on-premises networks?
Is there any isolation required for administrative purposes?
Are you using any Azure services that create their own VNets?
Subnets
A subnet is a range of IP address in the VNet. You can segment VNets into different size subnets, creating as many subnets as you require for organization and security within the subscription limit.
Example
Determine a naming convention
For example, a public IP resource for a production SharePoint workload residing in the West US region might be pip-sharepoint-prod-westus-001
Understand Regions and Subscriptions
All Azure resources are created in an Azure region and subscription. A resource can only be created in a virtual network that exists in the same region and subscription as the resource. You can, however, connect virtual networks that exist in different subscriptions and regions. Azure regions are important to consider as you design your Azure network in relation to your infrastructure, data, applications, and end users.
Configure public IP services
Just public and private ip
Use dynamic and static public IP addresses
A dynamic public IP address is an assigned address that can change over the lifespan of the Azure resource.
The default allocation method is dynamic.
A static public IP address is an assigned address that won’t change over the lifespan of the Azure resource.
Create a public IP address prefix
Public IP prefixes are assigned from a pool of addresses in each Azure region. You create a public IP address prefix in an Azure region and subscription by specifying a name and prefix size.
Custom IP address prefix (BYOIP)
Addresses from a custom IP address prefix can be used in the same way as Azure owned public IP address prefixes.
Exercise: Design and implement a virtual network in Azure
Exercise: Design and implement a virtual network in Azure – Training | Microsoft Learn
DO IT