Classless Inter-Domain Routing (CIDR) notation
This is a compact representation of an IP address and it is associated with the routing prefix. It is constructed from an IP address, a slash, and a decimal number. The number here is the count of the leading 1 bits in the routing mask which is usually called the network mask. So, for example, 192.168.0.0/24 is a CIDR notation.
Subnets
A subnet is a range of IP addresses in the VNet where you can divide a VNet into multiple subnets mainly security and for better organization.
- All the VMs and PaaS role instances that are deployed to subnets, whether same or different, within a VNet can easily communicate with each other without any extra configuration.
- Additionally, you can configure route tables and Network Security Groups that handle the inbound and outbound traffic to a subnet.
- A subnet mask is set based on the number of systems in a network. For example, 255.255.255.0 is for 28 systems where the first three bytes will be the same.
- And similarly, 255.255.0.0 is for 216 systems and 255.0.0.0 is for 224 systems.
Network Security Group (NSG)
Like I said earlier, Network Security Groups are used to control inbound and outbound traffic to Network Interfaces, VMs, and subnets. Each Network Security Group contains one or more rules that specify whether the traffic is approved or denied based on various parameters like the source of IP addresses, source port, destination IP address and the destination port.
Network Interface Card(NIC)
For the communication between VMs and for their communication with the other resources on the network, they use Virtual Network Interface card. By default, the Virtual NICs have a compulsory private IP but they have the option to have a public IP as well. VMs can have more than one NIC for different network configuration based on their requirements.
Azure Load Balancers
Virtual Machines and Cloud Services in a VNet can be exposed to the Internet using Azure Load Balancers.
- External Load Balancer
If you’re accessing the IaaS VMs and PaaS roles instances from a public internet, then you need to use an external load balancer.
- Internal Load Balancer
If you’re accessing the IaaS VMs and PaaS roles instances from other services within your VNet then you need to use an internal load balancer.
Azure DNS
Remembering a Virtual Machine by its IP address is tedious. So, the Domain Naming System for Azure enables clients to resolve user-friendly fully qualified domain names (FQDNs). Azure DNS allows you to host your own domains with your own Azure apps. Within your Azure subscription, you can manage your DNS records.
Simplified On-Premises Network
- Through the Internet, when a request comes into the network, it must be first cleared by the router.
- Then it will go to the firewall. If the firewall doesn’t allow it to pass, the request gets denied there only.
- Then the request goes to the Internet Facing Load Balancer which will then pass the request to one of the web servers that are clustered with each other, because we would have hosted the same website on multiple web servers for availability and for the sake of security as well.
- These web servers will then execute the request and they might need to access the database for the same.
- It then again must go through a firewall to access the database. Now just in case there is a lot of traffic, we again have an internal load balancer for load balancing.
- That internal load balancer will then divide the load into the multiple instances of the replicated database.
- Within the network, we have a DNS server for name resolving and a Domain Controller (DC) for authentication.
- Anything that has to be made public has to be put into DMZ (Demilitarized Zone). A DMZ is a physical or logical sub-network that separates an internal LAN from other untrusted networks, which is usually the internet.
- However, the database instances must be kept internal and not be accessed openly. Only web servers with the help of firewalls can have access to the database.
- Let’s see how the same on-premises network can be replicated in an Azure Virtual Network.
Same Network Hosted In Azure