The Azure Trail

Creating Azure Virtual Network, Subnet and NSG

Coming from a developer background it’s not unusual that involvement with network setup wouldn’t be something that you encounter regularly.

When looking at provisioning some of the azure IaaS offerings for example azure VMs or azure scale sets , even if it’s just for testing purposes, there will be a requirement to set up the following network elements

  • Virtual network and subnets
  • NSG rules
    • provide access to the machine over RDP
    • allow access to port 80 so you can access your web application.

Setting up a VM or scaleset resource through the azure portal makes creating of the networking elements very straightforward, it can be done by just selecting a few options or indeed accepting preselected defaults.

This post is going to give an overview of setting up these individual networking components separately so it gives us a better understanding of the elements.

Azure Virtual Network (VNET)

This is the key building block for creating a private network in azure. The purpose of the VNET is to allow resources (e.g Virtual Machines) to securely communicate with 

  • other azure resources
  • the internet 
  • on- premise networks. 

There are 2 key elements that we need for setting up a VNET

  1. Address Space – an IP range for e.g 10.0.0.0/16
    • The /16 or /24 at the end of the IP range indicates how many IP addresses are available within that address space. For example 10.0.0.0/24 will give you a total of 256 IP addresses but /16 will give you 65536 IP addresses
  2. Subnets
    • Subnets allow you to split the VNET into sub-networks and allocate a portion of the address space to each subnet.

More detailed information on all these features is available here Azure Documentation VNET  

Network Security Group (NSG)

The NSG is used to control network traffic to and from the resources within the virtual network (VNET), for e.g allowing access to port 80 on a VM 

The NSG allows you to set up security rules to allow or deny this network traffic.

You can create an NSG on both a subnet and also on a network interface tied to a VM itself, azure processes the rules in an NSG on a subnet first(if one exists) and then the rules on the NSG associated to the network interface (if one exists)

https://docs.microsoft.com/en-us/azure/virtual-network/security-overview

Key considerations on creating an Azure Virtual Network

If creating a VNET for a production environment there are a few things worth spending time considering before creating it.

  • If you will be connecting to other virtual networks e.g existing on premise networks or VPN connections to outside networks, then ensure you don’t create overlapping address spaces as they will conflict and cause issues.
    • Don’t use commonly used address spaces e.g 192.168.0.0
  • Plan ahead and reserve address space for the future, you might only have 10 VMs that require IP addresses right now, but limiting the size of the address space could cause so much unnecessary pain in the future
    • Some azure resources require empty subnets to deploy into , you might want to create resources in the future like ASE or Managed SQL

Walkthrough demo on creating Azure VNET, Subnets and NSG

The demo video will walk through 

  • Creating a resource group 
  • Adding a virtual network to the resource group and setting up 2 subnets within it
  • Adding an NSG to a subnet with access rules

Tags:

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *