Step-by-Step: Create Azure virtual network

Setting up a Virtual Network (VNet) in Azure is one of the foundational steps when building cloud-based infrastructure.

It allows you to segment your network, control traffic flow, and configure communication between resources.

This guide will walk you through the entire process of:

1. Creating an Azure Virtual Network (VNet)

2. Configuring Subnets for different application tiers

3. Assigning Public IP Addresses for internet-facing resources

4. Assigning Private IP Addresses for internal communication

5. Associating IP addresses with network interfaces

6. Testing the setup

Step 1: Create an Azure Virtual Network (VNet)

What is a Virtual Network (VNet)?

A Virtual Network (VNet) in Azure is a logically isolated, private network within the Azure cloud.

It enables secure communication between Azure resources, such as Virtual Machines (VMs), Databases, and App Services.

Within a VNet, you can define IP address spaces, subnets, route tables, and configure Network Security Groups (NSGs).

Create a VNet Using Azure Portal

1. Navigate to the Azure Portal.

2. Create a Virtual Network:

   • In the left-hand navigation pane, search for Virtual Networks.

   • Click Create to begin creating a new VNet.

3. Configure VNet Settings:

   • Subscription: Choose the Azure subscription to which the VNet will be associated.

   • Resource Group: Either create a new Resource Group or select an existing one.

     • Resource groups logically group related Azure resources, which makes management easier.

   • Region: Choose the region where the VNet will reside.

     • For example, select East US or West Europe.

   • Name: Provide a name for your VNet (e.g., MyVNet).

   • Address Space: Enter the CIDR (Classless Inter-Domain Routing) notation for the address range of the VNet.

     • For example, 10.0.0.0/16 means the VNet can contain IP addresses from 10.0.0.0 to 10.255.255.255.

4. Additional Settings (optional):

   • DNS Servers: You can define custom DNS servers, or leave it as the default Azure DNS servers.

   • Security: You can configure security options such as DDoS Protection at this stage.

   • Click Next through the other tabs and leave the default settings unless you need to modify them.

5. Review and Create:

   • Review all the settings and click Create to deploy the VNet.

Create a VNet Using Azure CLI

If you prefer to use the Azure CLI, run the following command:

xxxxxxxxxx
5
1
az network vnet create \
2
  --resource-group MyResourceGroup \
3
  --name MyVNet \
4
  --address-prefix 10.0.0.0/16 \
5
  --location eastus

This will create a VNet with the address space 10.0.0.0/16 in the East US region within the MyResourceGroup.

Step 2: Configure Subnets for the VNet

What are Subnets in a VNet?

A Subnet is a range of IP addresses within a VNet.

It enables you to segment your network into smaller, more manageable parts.

For example, you might create separate subnets for web servers, database servers, and application servers.

Each subnet will have its own address space within the larger VNet range.

Create and Configure Subnets Using Azure Portal

1. Go to the Virtual Network:

   • After creating the VNet, navigate to the Virtual Network you created (e.g., MyVNet).

2. Add Subnets:

   • In the Settings section of the VNet page, click on Subnets.

   • Click + Subnet to add a new subnet.

3. Configure Subnet Settings:

   • Name: Provide a name for the subnet, for example, WebSubnet (for a front-end tier).

   • Address Range: Define the address range for the subnet (e.g., 10.0.1.0/24).

     • This specifies that this subnet will use IP addresses from 10.0.1.0 to 10.0.1.255.

   • Network Security Group (NSG): Optionally, associate an NSG to define traffic rules for this subnet (e.g., only allow HTTP/HTTPS traffic to web servers).

   • Route Table: Optionally, you can attach a route table if custom routing is required for the subnet.

   • Click Add to create the subnet.

4. Repeat for Additional Subnets:

   • You can create additional subnets for other layers of your application (e.g., AppSubnet, DBSubnet).

   • Ensure the subnets do not overlap in their IP address ranges.

Create Subnets Using Azure CLI

You can use the following Azure CLI commands to create subnets:

xxxxxxxxxx
13
1
# Create Web Subnet
2
az network vnet subnet create \
3
  --resource-group MyResourceGroup \
4
  --vnet-name MyVNet \
5
  --name WebSubnet \
6
  --address-prefix 10.0.1.0/24
7

8
# Create App Subnet
9
az network vnet subnet create \
10
  --resource-group MyResourceGroup \
11
  --vnet-name MyVNet \
12
  --name AppSubnet \
13
  --address-prefix 10.0.2.0/24

Step 3: Create a Public IP Address

What is a Public IP Address?

A Public IP Address is required for resources that need to be accessed over the internet, such as web servers, load balancers, and VPN gateways.

Public IPs can be either dynamic (changes when the resource is restarted) or static (remains the same).

Create Public IP Address Using Azure Portal

1. In the Azure Portal, search for Public IP addresses.

2. Click Create to begin creating a new Public IP.

3. Configure Public IP Settings:

   • Subscription: Select the subscription.

   • Resource Group: Select the resource group where the Public IP will reside.

   • Name: Provide a name for the Public IP (e.g., MyPublicIP).

   • SKU: Choose Basic or Standard.

     • The Standard SKU offers higher availability and security features.

   • IP Version: Select IPv4 or IPv6.

   • IP Assignment: Choose Static if you need a fixed public IP address, or leave as Dynamic if a changing IP is acceptable.

4. Review and Create: After reviewing the settings, click Create.

Create Public IP Address Using Azure CLI

xxxxxxxxxx
5
1
az network public-ip create \
2
  --resource-group MyResourceGroup \
3
  --name MyPublicIP \
4
  --allocation-method Static \
5
  --sku Standard

This will create a Static Public IP with the Standard SKU in the specified resource group.

Step 4: Create a Private IP Address

What is a Private IP Address?

A Private IP Address is used for communication between Azure resources that do not need to be accessible from the internet.

Private IPs are assigned to resources within a VNet, such as Virtual Machines or Azure App Services.

Assign a Private IP Address to a Resource (e.g., VM)

1. Create a Virtual Machine:

   • In the Create a Virtual Machine wizard, under the Networking section, you will assign a private IP to the VM's network interface.

2. Configure Private IP:

   • Under IP Address, select Static if you want the IP to remain constant.

   • The VM will automatically receive a Private IP from the subnet you specify (e.g., 10.0.1.4 for a VM in the WebSubnet).

3. Review and Create: Click Create to deploy the VM with the private IP.

Assign Private IP Using Azure CLI

xxxxxxxxxx
5
1
az network nic ip-config update \
2
  --resource-group MyResourceGroup \
3
  --nic-name MyVMNic \
4
  --name ipconfig1 \
5
  --private-ip-address 10.0.1.4

This will assign a static private IP (10.0.1.4) to the network interface MyVMNic in the resource group.

Step 5: Associate Public IP to Resources (VM Example)

To expose an internal resource (e.g., a VM) to the internet, you need to associate the Public IP with its network interface.

Associate Public IP to VM Using Azure Portal

1. Navigate to the Virtual Machine that needs to be exposed to the public internet.

2. Associate Public IP:

   • In the Networking section of the VM, click on the network interface (NIC).

   • In the IP Configuration section, click Associate next to Public IP address.

   • Select the Public IP you created earlier (e.g., MyPublicIP).

3. Save the changes.

Associate Public IP Using Azure CLI

xxxxxxxxxx
5
1
az network nic ip-config update \
2
  --resource-group MyResourceGroup \
3
  --nic-name MyVMNic \
4
  --name ipconfig1 \
5
  --public-ip-address MyPublicIP

This command will associate the Public IP (MyPublicIP) with the Network Interface Card (NIC) attached to the VM.

Step 6: Test the Configuration

1. Private IP Connectivity:

Test the connectivity between internal resources within the VNet to ensure they can communicate using their private IPs.

For example, try pinging or connecting from a VM in the WebSubnet to a VM in the AppSubnet.

2. Public IP Connectivity:

• Use a browser or a tool like curl or telnet to access the resource using the public IP.

• Ensure that public-facing resources like a web server on the VM are accessible from the internet via the public IP address.

Conclusion

By following these steps, you’ve successfully created an Azure Virtual Network (VNet), configured subnets, and assigned public and private IP addresses to your resources.

You've also ensured that you have both internal (private) communication for secure workloads and external (public) access for internet-facing services.

This network setup is fundamental for managing and securing applications and workloads in Azure while ensuring smooth and efficient traffic flow.

By adhering to Azure best practices, such as network segmentation using subnets and applying network security groups (NSGs), you can ensure that your network infrastructure remains secure, scalable, and well-organized.