VNet¶
a logical representation of a network used to isolate and securely connect resources
contained within a resource group and is hosted within a region
cannot span multiple regions but can span all datacenters within a region
Connection¶
- resources within the same region and subscription
VNet peering
resources within the same (different) region in another subscription
- VNet peering
Gateway: extra charges but allow encryption
to on-premises resources
- Point-to-site VPN
- Site-to-site VPN
- ExpressRoute: not through public internet but costly
Communicate with the internet¶
outboundto the internet, by default, can be managed bypublic IP,NAT gateway, orpublic load balancerinboundto a resource by assigning apublic IP addressorpublic load balancer
Communicate between Azure resources¶
- VNet
- connect VMs
connect other Azure Resources, such as App Service Environment, Azure Kubernetes Service, and Azure Virtual Machine Scale Sets
VNet service endpoint
- used to connect to other Azure resource types, such as Azure SQL databases and storage accounts
services and VMs within the same VNet can communicate directly and securely with each other in the cloud
VNet peering
- can connect virtual networks to each other by using virtual peering
Communicate with on-premises resources¶
Point-to-site VPN
Site-to-site VPN
Azure ExpressRoute
Filter network traffic¶
filter network traffic between subnets using any combination of
network security groups and
network virtual appliances like
firewalls, gateways, proxies, and Network Address Translation (NAT) services
Route network traffic¶
Azure routes traffic between
subnets,connected virtual networks,on-premises networks, and theInternet, by defaultYou can implement
route tablesorborder gateway protocol(BGP) routes to override the default routes Azure creates
IP address space¶
can be used:
Cannot be used: