Microsoft Azure: Networking Services

As part of the Microsoft Enterprise Skills Initiative I am looking into different topics in Azure and summarize my learnings. This post is about Azure networking services

Azure networking services is a virtual networking services on Azure which enables Azure resources to communicate with each other, with users on the internet, and with your on-premises client computers.

• Isolation and segmentation allows isolated networks with private IP addresses
• Internet communications by assigning a public IP to a resource, one can communicate with directly from internet
• Communicate between Azure resources enables Azure resources to communicate securely with each other
• Communicate with on-premises resources using a VPN Gateway
  • Point-to-site virtual private network
  • Site-to-site virtual private networks links your on-premises VPN device or gateway to the Azure VPN gateway in a virtual network
  • Azure ExpressRoute provides dedicated private connectivity to Azure that doesn’t travel over the internet. Be careful though, even so the connectivity is private, it’s not encrypted.
• Route network traffic using routing tables or Border Gateway Protocol Border Gateway Protocol (BGP).
• Filter network traffic using Network Security Groups (NSGs) or Network virtual appliances.
• Connect virtual networks by linking virtual networks together by using virtual network peering, and user-defined Routing (UDR) to control the routing tables.

VPN Gateway can be either one of the following:

• Policy-based VPNs uses a set of static IP address to define which packet goes trough the tunnel.
• Route-based VPNs uses IPSec tunnel, which are modeled as a network interface or virtual tunnel interface. IP routing (either static routes or dynamic routing protocols) decides which one of these tunnel interfaces to use when sending each packet