Microsoft Azure offers robust networking capabilities to build secure and scalable cloud solutions. Virtual networks (VNETs) provide the fundamental building blocks for an enterprise's private cloud network in Azure. VNETs allow you to create isolated networks just like in an on-premises data center.
To enable communication within Azure resources, you first need to create a VNET with a defined address space and subnets. The address space, specified in Classless Inter-Domain Routing (CIDR) notation, determines the maximum number of IP addresses available in the VNET. Azure reserves five addresses in each subnet, so only 251 addresses in a /24 subnet are usable.
Subnets provide logical separation within a VNET, allowing you to group resources based on security or functionality. By default, resources within a subnet can communicate with each other. You can also peer VNETs to enable cross-subnet connectivity.
Network security groups (NSGs) allow you to control inbound and outbound traffic at the subnet and network interface level. NSGs contain allow and deny security rules based on priorities. Lower priority numbers get processed first.
NSGs have built-in default security rules that cannot be modified. You can create custom rules to allow or deny access based on IP addresses, port ranges, and protocols. For example, open port 3389 for RDP access.
When creating Azure VMs, you can assign static or dynamic private IP addresses. Static addresses don't change, while dynamic ones can change when resources are restarted. You can also assign multiple IP addresses to a network interface.
Public IP addresses allow Internet resources to communicate inbound to your Azure resources. You can associate public IPs to VMs or other resources like load balancers.
Overall, Azure networking provides the capabilities to customize isolated VNETs and control traffic flow to suit your application security and connectivity needs.