What are some best practices in pruning

Azure Virtual Network Concepts and Best Practices

  • 2 minutes to read

This article describes the key concepts and best practices for Azure Virtual Network (VNet).

VNet concepts

  • Address space: When creating a VNet, you must enter a custom private IP address space with public and private addresses (RFC 1918). Azure assigns resources in a virtual network a private IP address from the address space you have assigned. For example, if you deploy a VM in a VNet with the address space, it will be assigned a private IP address; B.
  • Subnets: Using subnets, you can segment the virtual network into one or more subnets and assign part of the address space of the virtual network to each subnet. Then you can provision Azure resources in a specific subnet. As in a traditional network, you can use subnets to divide your VNet address space into segments that are suitable for the company's internal network. This also optimizes the address assignment. You can secure resources on subnets with network security groups. For more information, see Network Security Groups.
  • Regions: A VNet is limited to a region or location. However, multiple virtual networks from different regions can be interconnected using virtual network peering.
  • Subscription: A VNet is limited to one subscription. You can implement multiple virtual networks in each Azure subscription and in each Azure region.

Best practices

When building your network in Azure, keep these general design principles in mind:

  • Make sure that address spaces do not overlap. Make sure that the address space of your VNet (CIDR block) does not overlap with other network areas in your organization.
  • The subnets should not make up the entire address space of the VNET. Plan ahead and reserve address space for the future.
  • It is best to create a few large VNets instead of many small VNets. This reduces the administrative burden.
  • Protect your virtual networks by assigning network security groups (NSGs) to the subnets.

Next Steps

Next, create a virtual network, deploy some virtual machines in it, and communicate between the virtual machines to learn how to use virtual networks. For instructions, see Create a virtual network in the Azure portal.

Is this page helpful?