5.1.1.1. Configure Virtual Networks and Subnets
💡 First Principle: A Virtual Network (VNet) provides a logically isolated section of the Azure cloud, while subnets enable segmentation and organization within that network, forming the fundamental building blocks for secure and scalable network design.
Scenario: You need to deploy a three-tier application (web, application, database) in Azure. Each tier needs to reside in its own isolated network segment. You also need to ensure that the IP addresses within your Azure network don't overlap with your on-premises network for future hybrid connectivity.
What It Is: A VNet is a logical representation of your network in the cloud. A subnet is a range of IP addresses in the VNet.
Key Concepts:
- Address Space: When creating a VNet, you define a private IP address range (e.g.,
10.1.0.0/16) using CIDR notation. - Subnets: VNets are divided into subnets, which are logical segments of the address space.
High-Level Steps to Create a VNet and Subnets:
- Select a resource group, VNet name, and Azure Region.
- Define the VNet’s address space.
- Add one or more subnets, each with its own address range.
- Optionally, associate NSGs to subnets.
Visual: Azure VNet and Subnet Segmentation
Loading diagram...
⚠️ Common Pitfall: Not planning the VNet address space carefully, leading to overlapping IP ranges with on-premises networks or other VNets, which complicates future hybrid connectivity and peering.
Key Trade-Offs:
- Address Space Size vs. Future Growth: A larger address space provides more room for future growth but may be harder to integrate with other networks. A smaller space is easier to manage but may become a constraint.
Reflection Question: How does careful IP address planning and segmentation into subnets within an Azure VNet fundamentally provide a secure, isolated, and scalable environment for your cloud resources, enabling strong segmentation and controlled communication?