0
0
Azurecloud~5 mins

Why advanced networking matters in Azure - Why It Works

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Introduction
Advanced networking helps connect cloud resources securely and efficiently. It solves problems like traffic control, security, and reliable communication between services.
When you want to keep your cloud apps safe from outside attacks by controlling who can access them.
When you need to connect different parts of your cloud setup across regions or data centers.
When you want to manage traffic flow to avoid slowdowns or crashes during busy times.
When you need to monitor and log network activity for troubleshooting or compliance.
When you want to create private networks that are isolated from the public internet.
Commands
This command creates a virtual network with a subnet in Azure. It sets up a private network space where your resources can communicate securely.
Terminal
az network vnet create --resource-group example-rg --name example-vnet --address-prefixes 10.0.0.0/16 --subnet-name example-subnet --subnet-prefix 10.0.1.0/24
Expected OutputExpected
{ "newVNet": { "addressSpace": { "addressPrefixes": [ "10.0.0.0/16" ] }, "subnets": [ { "name": "example-subnet", "addressPrefix": "10.0.1.0/24" } ], "resourceGroup": "example-rg", "name": "example-vnet", "location": "eastus" } }
--resource-group - Specifies the resource group where the network will be created
--address-prefixes - Defines the IP range for the virtual network
--subnet-prefix - Defines the IP range for the subnet inside the virtual network
This command creates a Network Security Group (NSG) which acts like a firewall to control traffic to and from resources in the network.
Terminal
az network nsg create --resource-group example-rg --name example-nsg
Expected OutputExpected
{ "newNSG": { "name": "example-nsg", "resourceGroup": "example-rg", "location": "eastus" } }
--resource-group - Specifies the resource group for the NSG
This command adds a rule to the NSG to allow incoming HTTP traffic on port 80. It controls what kind of traffic is allowed into the network.
Terminal
az network nsg rule create --resource-group example-rg --nsg-name example-nsg --name AllowHTTP --priority 100 --direction Inbound --access Allow --protocol Tcp --destination-port-ranges 80
Expected OutputExpected
{ "newRule": { "name": "AllowHTTP", "priority": 100, "direction": "Inbound", "access": "Allow", "protocol": "Tcp", "destinationPortRange": "80" } }
--priority - Sets the order of rule evaluation; lower numbers have higher priority
--direction - Specifies if the rule applies to inbound or outbound traffic
This command links the NSG firewall to the subnet, so the rules apply to all resources inside that subnet.
Terminal
az network vnet subnet update --resource-group example-rg --vnet-name example-vnet --name example-subnet --network-security-group example-nsg
Expected OutputExpected
{ "updatedSubnet": { "name": "example-subnet", "networkSecurityGroup": { "id": "/subscriptions/xxxx/resourceGroups/example-rg/providers/Microsoft.Network/networkSecurityGroups/example-nsg" } } }
--network-security-group - Associates the NSG with the subnet
This command lists all virtual networks in the resource group to verify the network setup.
Terminal
az network vnet list --resource-group example-rg
Expected OutputExpected
[ { "name": "example-vnet", "resourceGroup": "example-rg", "location": "eastus", "addressSpace": { "addressPrefixes": [ "10.0.0.0/16" ] }, "subnets": [ { "name": "example-subnet", "addressPrefix": "10.0.1.0/24" } ] } ]
Key Concept

If you remember nothing else from this pattern, remember: advanced networking lets you control and protect how your cloud resources talk to each other and the internet.

Common Mistakes
Not associating the Network Security Group with the subnet after creating it
Without linking, the firewall rules do not apply, leaving resources unprotected.
Always update the subnet to attach the NSG after creating firewall rules.
Using overlapping IP address ranges in virtual networks or subnets
Overlapping ranges cause routing conflicts and communication failures.
Plan and assign unique, non-overlapping IP ranges for each network and subnet.
Setting NSG rules with incorrect priority or direction
Rules may not work as expected if priority order or traffic direction is wrong.
Set correct priority numbers and specify inbound or outbound direction carefully.
Summary
Create a virtual network and subnet to define a private IP space for your cloud resources.
Create a Network Security Group to control traffic with firewall rules.
Attach the NSG to the subnet to enforce security rules on all resources inside.
Verify your network setup by listing virtual networks in your resource group.