Azure Networking

💤0
Lv 10 XP
← ☁️ Microsoft Azure · AZ-104 Administration

Azure Networking

Intermediate ⭐ 80 XP ⏱ 20 min #azure#az-104#networking#vnet

Connect and secure resources with VNets, subnets, NSGs, and peering.

📖Theory

A Virtual Network (VNet) is your private network in Azure, carved into subnets. Traffic is controlled by Network Security Groups (NSGs) — stateful allow/deny rules attached to subnets or NICs.

Key building blocks:

  • VNet peering — privately connect two VNets (same or cross-region)
  • VPN Gateway / ExpressRoute — connect on-premises networks
  • Load Balancer (L4) and Application Gateway (L7) — distribute traffic
  • Public IP / NAT Gateway — inbound exposure / outbound internet for private subnets
  • Private Endpoints — reach PaaS services over the private network
🌍Real-World Example
az network vnet create -g rg-net -n vnet-app \
  --address-prefix 10.0.0.0/16 --subnet-name web --subnet-prefix 10.0.1.0/24

# NSG allowing HTTPS inbound
az network nsg create -g rg-net -n nsg-web
az network nsg rule create -g rg-net --nsg-name nsg-web -n allow-https \
  --priority 100 --destination-port-ranges 443 --access Allow --protocol Tcp
✍️Hands-On Exercise
  1. Design an address plan: a /16 VNet split into web, app, and data subnets.
  2. Write an NSG rule (in words) allowing only HTTPS from the internet to the web subnet.
  3. Explain when to use VNet peering vs a VPN gateway.
  4. Contrast a Load Balancer (L4) with an Application Gateway (L7).
🧾Cheat Sheet
ComponentRole
VNet / subnetPrivate network / segments
NSGStateful firewall rules
VNet peeringConnect VNets privately
VPN / ExpressRouteConnect on-premises
Load BalancerL4 traffic distribution
App GatewayL7 routing + WAF
Private EndpointPrivate access to PaaS
💬Common Interview Questions
What is an NSG and is it stateful?

A Network Security Group is a set of priority-ordered allow/deny rules attached to a subnet or NIC. It’s stateful: allowing an inbound flow automatically permits the return traffic.

When would you use VNet peering versus a VPN gateway?

Peering privately connects two Azure VNets with low latency over the Azure backbone. A VPN gateway connects Azure to on-premises networks over encrypted tunnels across the internet.

📚Official Documentation

📝 My notes on this topic

Auto-saves as you type