What is Azure Virtual Network?

Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure.
VNet enables many types of Azure resources, such as Azure Virtual Machines (VM), to securely communicate with each other, the internet, and on-premises networks.
VNet is similar to a traditional network that you’d operate in your own data center, but brings with it additional benefits of Azure’s infrastructure such as scale, availability, and isolation.

If I am running my services in a VNet, can I connect to the internet?

Yes. All services deployed within a VNet can connect outbound to the internet. To learn more about outbound internet connections in Azure, see Outbound connections.
If you want to connect inbound to a resource deployed through Resource Manager, the resource must have a public IP address assigned to it. To learn more about public IP addresses, see Public IP addresses. Every Azure Cloud Service deployed in Azure has a publicly addressable VIP assigned to it. You define input endpoints for PaaS roles and endpoints for virtual machines to enable these services to accept connections from the internet.

Certain scenarios require virtual machines or compute instances to have outbound connectivity to the internet. The frontend IPs of an Azure public load balancer can be used to provide outbound connectivity to the internet for backend instances. This configuration uses source network address translation (SNAT) to translate virtual machine’s private IP into Load Balancer’s public IP address. SNAT maps the IP address of the backend to the public IP address of your load balancer. SNAT prevents outside sources from having a direct address to the backend instances.

Azure’s outbound connectivity methods

1. Using the frontend IP address of a load balancer for outbound via outbound rules

2. Associating a NAT gateway to the subnet

3. Assigning a public IP to the virtual machine

4. Default Outbound Access

Public IP addresses are not directly accessible from the internet.

Azure reserves 5 IP addresses within each subnet. These are x.x.x.0-x.x.x.3 and the last address of the subnet. x.x.x.1-x.x.x.3 is reserved in each subnet for Azure services.

x.x.x.0: Network address
x.x.x.1: Reserved by Azure for the default gateway
x.x.x.2, x.x.x.3: Reserved by Azure to map the Azure DNS IPs to the VNet space
x.x.x.255: Network broadcast address for subnets of size /25 and larger. This will be a different address in smaller subnets.
You can create a route table and associate it to a subnet. For more information about routing in Azure, see Routing overview.
You can add, remove, expand, or shrink a subnet if there are no VMs or services deployed within it.
A VNet is limited to a single region. A virtual network does, however, span availability zones. To learn more about availability zones, see Availability zones overview. You can connect virtual networks in different regions with virtual network peering. For details, see Virtual network peering overview
You can connect one VNet to another VNet using either:
- Virtual network peering: For details, see VNet peering overview
- An Azure VPN Gateway: For details, see Configure a VNet-to-VNet connection

Virtual network peering

Tutorial: Connect virtual networks with virtual network peering using the Azure portal