This post is to explain few basic concepts, which would be very handy to know before starting on Azure virtual networks.
Let’s quickly have a look at them.
A Network Interface (NIC) is an interconnection between a virtual machine and virtual network. A VM can have one or more NICs depending on size of Azure VM and the NICs can be added / removed from VM throughout the lifecycle of the VM.
A VM must have at least one NIC at any given point of time.
A virtual machine would certainly have an IP Address. This IP Address is assigned to the NIC. The IP Address would be either Public IP Address or Private IP Address.
A Public IP Address is the IP address which can be used to communicate with internet and rest of the Azure services. There are changes associated with Public IP. Also, there is a limitation on how many Public IPs can be allotted to a subscription.
A Private IP is the IP Address which can be used to communicate within the virtual network.
The public IPs can be assigned to the internet facing virtual machines or load balancers, while the private IP addresses can be assigned to internal resources, which do not directly interact with internet.
IP Address assignment can be either static or dynamic. The default method is dynamic, meaning an available IP address would be assigned to the VM when a stopped VM is started or when a new VM is created. The IP is released when a VM is stopped or deleted.
If you want to keep same IP for the virtual machine throughout its lifetime, you can choose to assign a static IP. The static assigned IP would be released only if the VM is deleted or the IP allocation is changed to be dynamic.
CIDR and Subnet mask
Every IP v4 address has 32 bits and those 32 bits are represented as 4 decimal numbers ranging from 0 to 255, separated by dots e.g. 127.0.0.1, or 255.255.255.255.
Every IP address has two parts, firstly, network identifier and then host identifier. A network identifier is some set of bits starting from very first bit on the left and host identifier is the set of bits after the network identifier.
For example, 192.168.10.0/24, is a CIDR notation, which specifies that first 24 bits are network identifier and last 8 bits are host identifier within that network.
CIDR notation is a compact representation of an IP address and its associated routing prefix. The notation is constructed from an IP address, a slash (‘/’) character, and a decimal number. The trailing number after slash is called as network mask, and represents number of 1 bits in the routing masks.
A subnet mask also conveys the same information. A subnet mask for 192.168.10.0/24 would be 255.255.255.0, all left side bits are 1 conveying first 24 bits represent the network identifier.
A subnet mask is a bitmask that encodes the prefix length associated with an IPv4 address or network in quad-dotted notation: 32 bits, starting with a number of 1 bits equal to the prefix length, ending with 0 bits, and encoded in four-part dotted-decimal format: 255.255.255.0.
Every network can further be divided into smaller networks. You may want to divide the IP range from a network into multiple smaller ranges, for the purpose of organizing resources or for configuring the security more effectively or for any other reason that seems appropriate based on your requirements.
The IP ranges from a subnet must not overlap with IP ranges from other subnet.
By default, there are no restrictions on accessing resources from another subnet. The Network Security Groups (NSG) can then be setup to control the traffic flow to and from the subnets.
I hope you found this information interesting. Let me know your thoughts.