Microsoft Azure: Networking Services

As part of the Microsoft Enterprise Skills Initiative I am looking into different topics in Azure and summarize my learnings. This post is about Azure networking services

Azure networking services is a virtual networking services on Azure which enables Azure resources to communicate with each other, with users on the internet, and with your on-premises client computers.

  • Isolation and segmentation allows isolated networks with private IP addresses
  • Internet communications by assigning a public IP to a resource, one can communicate with directly from internet
  • Communicate between Azure resources enables Azure resources to communicate securely with each other
  • Communicate with on-premises resources using a VPN Gateway
    • Point-to-site virtual private network
    • Site-to-site virtual private networks links your on-premises VPN device or gateway to the Azure VPN gateway in a virtual network
    • Azure ExpressRoute provides dedicated private connectivity to Azure that doesn’t travel over the internet. Be careful though, even so the connectivity is private, it’s not encrypted.
  • Route network traffic using routing tables or Border Gateway Protocol Border Gateway Protocol (BGP).
  • Filter network traffic using Network Security Groups (NSGs) or Network virtual appliances.
  • Connect virtual networks by linking virtual networks together by using virtual network peering, and user-defined Routing (UDR) to control the routing tables.

VPN Gateway can be either one of the following:

  • Policy-based VPNs uses a set of static IP address to define which packet goes trough the tunnel.
  • Route-based VPNs uses IPSec tunnel, which are modeled as a network interface or virtual tunnel interface. IP routing (either static routes or dynamic routing protocols) decides which one of these tunnel interfaces to use when sending each packet