Virtual Networks in Azure enable you to create your own virtual lab in the cloud. You can create a few virtual machines in Azure and then connect these virtual machines using an Azure Virtual Network.
Azure Virtual Networks not only allow you to set up a virtual lab in the cloud but also enable connectivity to on-premises resources using Site-to-Site and Point-To-Site VPN connections.
You can easily extend your data center by connecting your on-premises network to an Azure virtual network. Each Azure Virtual Network also acts as a DHCP server, which allows you to configure a DNS server to be leased out when you spin up a virtual machine in the cloud. The Azure Virtual Network is sometimes referred to as VNet for short.
VNet Frequently Asked Questions (FAQ)
Here’s a list of Questions and Answers for Azure Virtual Networks we have compiled for your easy reference:
Can I use VNet for any other services?
You can only use VNet in Microsoft Azure for connecting virtual machines and Cloud Services. At the time of this writing, other Azure components do not benefit from VNet.
How do you create a VNet?
There are multiple ways to create a VNet — the two most common methods are to use the Azure Management Portal or by using a virtual network configuration file, which is an XML file. You can also use PowerShell commands or the Azure Command Line Interface (CLI).
Can I use a Public IP address range in VNet?
Yes. You can define the address range as either public or private. The address range can only be reached from inside the virtual network, interconnected virtual networks, or from any connected on-premises networks. The following address ranges can not be added:
- 184.108.40.206/4 (Multicast)
- 255.255.255.255/32 (Broadcast)
- 127.0.0.0/8 (Loopback)
- 169.254.0.0/16 (Link-local)
- 220.127.116.11/32 (Internal DNS, DHCP, and Azure Load Balancer health probe)
How many virtual networks can I create in Azure?
There’s no limitation. You can create as many virtual networks as you need. It is important to remember though that you can create virtual subnets only in the Private IP Address range and they must not overlap.
Can I use all the IP addresses of a virtual subnet?
Azure reserves the first four addresses in each subnet range. For example, you cannot use .1 as the last IP address of a virtual subnet. There are also a few IP addresses that are reserved by the Azure Cloud services. IP addresses in the subnet address range are limited to one resource at a time.
Can I ping the default gateway address of a virtual subnet?
No, you cannot ping the default gateway address of a virtual subnet.
Does VNet support Layer 2?
Virtual Networks in Azure only support Layer 3 overlay networking. So you cannot bring your own Layer 2 VLANs in Azure.
Can I create custom routes?
Yes. It’s possible to create customer, user-defined routes to route traffic between subnets. This can be used to override Azure’s default system routes or to add additional routes.
Can I use multicast or broadcast modes in the virtual network?
Virtual Networks can only work in unicast mode. Multicasting and broadcasting functions are not supported by VNet.
What all protocols are supported by VNet?
Azure virtual networks support TCP/IP, UDP and ICMP protocols.
Can I add additional subnets to a VNet?
You can always configure additional subnets in a virtual network.
Can I change the virtual network or subnet of a virtual machine in Azure?
You cannot do so. You must delete the virtual machine and then assign it to a VNet of your choice.
Can I modify VNet configuration?
You can modify subnet configuration. For example, You can add, remove, expand or shrink a subnet if there are no virtual machines or services deployed within it. You can do this by using PowerShell cmdlets or the NETCFG file. You can also add, remove, expand or shrink any prefixes as long as the subnets that contain the virtual machines or cloud services are not affected by the change.
Can I modify my subnets in Virtual Subnet?
You can modify subnet configuration as long as there aren’t any virtual machines using these subnets. However, you cannot modify a subnet once virtual machines and services are using that subnet.
Can I deploy a Web Server in a VM and have it accessed over the Internet?
Yes. All services deployed within a VNet can connect to the internet. Every cloud service deployed in Azure has a public IP Address assigned to it. You will need to configure the necessary endpoints to enable these services to accept connections from the internet.
Can I use IPv6 in Azure Virtual Network?
Yes. VNet can host applications with IPv6 and IPv4 connectivity. Most networks for mobility and Internet of Things (IoT) are built or transformed on IPv6.
Can a virtual network span regions?
No. Virtual Machine networks are created in a single region. You are only allowed to select a single region when creating a virtual network. However, Global VNet peering allows you to peer VNets in other regions.
Do virtual networks talk to each other?
VNets do not talk to each other by default, but if you need to allow communication between different VNets in Azure, you can use REST API or Powershell commands to do so. There are a few things you need to take into consideration before connecting two virtual networks in Azure, though. For example, you must not use the same IP Address range or virtual subnet in both virtual networks.
How many DNS Servers can I configure in a VNet?
You configure a DNS server name in a VNet so when a virtual machine initializes it configures the DNS server in the TCP/IP property. You can configure a maximum of 12 DNS servers in a virtual network.
I changed my DNS server on the virtual network. Will the virtual machine receive the new DNS server configuration automatically?
You must restart the virtual machines if you need them to receive the new DNS server address. Please also note that virtual machines must be restarted in order to receive the new DNS server address and the Ipconfig /renew command does not work.
Are VNets Secure in Azure?
VNets are isolated from one another in Azure cloud and have their own set of properties. Network Security Groups (NSGs) can be used to restrict inbound or outbound traffic flow. You can also deploy a virtual firewall from multiple vendors through the Azure Marketplace.
What is Azure Monitor?
Azure Monitor is a cloud monitoring solution for monitoring Azure and on-premises resources and applications. It monitors availability, performance and application usage.
This article was updated in May 2021 by Kyle Guercio.