Azure Networking services | Azure Fundamentals(Az-900) Part-7
What is Azure virtual networking?
Azure virtual networks allow Azure services, like virtual machines, web applications, and databases, to connect with one other, as well as with internet users and on-premises client PCs. An Azure network is a collection of resources that work together to connect other Azure resources.
Some of the key networking functionalities that Azure virtual networks provide are listed below.
- Isolation and segmentation
- Internet communications
- Communicate between Azure resources
- Communicate with on-premises resources
- Route network traffic
- Filter network traffic
- Connect virtual networks
Azure VPN Gateway fundamentals
What is a VPN?
Virtual private network or VPNs function by creating an encrypted tunnel between two networks. They're most commonly used to join two or more trusted private networks over an insecure network (typically the public internet). To avoid eavesdropping or other attacks, traffic is encrypted while travelling across an untrusted network.
What is VPN Gateway?
A virtual network gateway, or VPN gateway, is a specific form of virtual network gateway. Azure VPN Gateway instances are deployed in Azure Virtual Network instances and provide connection for the following
- Connect on-premises datacenters to virtual networks through a site-to-site connection.
- Connect individual devices to virtual networks through a point-to-site connection.
- Connect virtual networks to other virtual networks through a network-to-network connection.
As the data travels across the internet, it is encrypted in a private tunnel. Each virtual network can only have one VPN gateway, but it can connect to multiple locations, such as other virtual networks or on-premises data centers, using one gateway.
When you deploy a VPN gateway, you specify the VPN type: either policy-based or route-based.
Policy based policy
The IP address of packets that should be encrypted across each tunnel is specified statically by policy-based VPN gateways. This sort of device compares each data packet against those sets of IP addresses to determine which tunnel it should be transmitted through.
Role based policy
Route-based gateways can be utilised if determining which IP addresses are behind each tunnel is too difficult. IPSec tunnels are modelled as a network interface or virtual tunnel interface with route-based gateways. When transmitting each packet, IP routing (either static routes or dynamic routing protocols) determines which of these tunnel interfaces to utilise. For on-premises devices, route-based VPNs are the primary connection technique. They're more resistant to changes in topology, such as the addition of additional subnets.
Azure ExpressRoute With the support of a connectivity provider, ExpressRoute enables you to expand your on-premises networks into the Microsoft cloud through a secure connection. You may connect to Microsoft cloud services like Azure and Microsoft 365 with ExpressRoute. An IP VPN network, a point-to-point Ethernet network, or a virtual cross-connection through a colocation facility's connectivity provider are all options for connectivity. ExpressRoute connections are not made through the Internet. ExpressRoute connections can now provide more dependability, quicker speeds, consistent latencies, and stronger security than traditional Internet connections.