Glossary // Azure Virtual Network (VNet)
What is an Azure Virtual Network (VNet)?
Azure Virtual Network allows many types of Azure resources, such as Azure virtual machines (VMs), to communicate securely with each other, with the Internet, and with local networks. The scope of a virtual network is a single region; however, several virtual networks of different regions can be connected together by virtual network pairing.
Azure Virtual Network provides the following important functionalities:
Isolation and Segmentation
Users can deploy multiple virtual networks within each subscription and Azure region. Each virtual network is isolated from the other virtual networks. To do this:
- Specify a private IP address space through public and private addresses (RFC 1918). Azure assigns a private IP address to the resources of a virtual network from the address space that you assign.
- Segment the virtual network into one or more subnets and assign a part of the address space of the virtual network for each subnet.
- Use the name resolution provided by Azure or specify your own DNS server to be used by resources connected to a virtual network.
Users can filter network traffic between subnets using one or both of the following options:
- Security Groups: Network security groups and application security groups can contain several security rules of entry and exit, that allow users to filter the traffic arriving and leaving the resources. This is accomplished through the IP address, port, and protocol of origin and destination.
- Virtual Network Appliance: A virtual network application is a virtual machine that executes a network function, such as a firewall or WAN optimization. A full list can be found on the Azure Marketplace.
By default, Azure routes traffic between subnets, connected virtual networks, local networks, and the Internet. Users can implement one or both of the following options to replace the default routes Azure creates:
- Route tables: Users can create custom route tables with the routes that control where traffic is routed to each subnet.
- Border Gateway Protocol (BGP) Paths: If users connect the virtual network to their local network through an Azure VPN Gateway or ExpressRoute connection, they can propagate local BGP routes to their virtual networks.