You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A virtual network is a logical representation of your network in the cloud. It allows you to define your own private IP address space and segment the network into subnets. Virtual networks serve as a trust boundary to host your compute resources such as Azure Virtual Machines and load balancers. A virtual network allows direct private IP communication between the resources hosted in it. You can link a virtual network to an on-premises network through a VPN Gateway or ExpressRoute, to enable hybrid cloud scenarios and to securely extend your datacenter into Azure.
19
+
A virtual network is a logical representation of your network in the cloud. With a virtual network, you can define your own private IP address space and segment the network into subnets. Virtual networks serve as a trust boundary to host your compute resources such as Azure Virtual Machines and load balancers. A virtual network allows direct private IP communication between the resources that are hosted in it. To enable hybrid cloud scenarios and securely extend your datacenter into Azure, you can link a virtual network to an on-premises network through a VPN Gateway or ExpressRoute,
20
20
21
21
## Production deployment recommendations
22
22
23
-
As you build your virtual network in Azure, it's important to keep in mind the following universal design principles that help to improve the reliability of your solution:
23
+
As you build your virtual network in Azure, it's important to improve the reliability of your solution, by keeping in mind the following universal design principles:
24
24
25
-
* Ensure address spaces don't overlap. Make sure your virtual network address space (CIDR block) doesn't overlap with your organization's other network ranges.
26
-
* Your subnets shouldn't cover the entire address space of the virtual network. Plan ahead and reserve some address space for the future.
27
-
* Use a few large virtual networks instead of multiple small ones to reduce management overhead.
28
-
* Secure your virtual networks by assigning Network Security Groups (NSGs) to the subnets beneath them.
25
+
- Ensure address spaces don't overlap. Make sure your virtual network address space (CIDR block) doesn't overlap with your organization's other network ranges.
26
+
- Your subnets shouldn't cover the entire address space of the virtual network. Plan ahead and reserve some address space for the future.
27
+
- To reduce management overhead, use a few large virtual networks instead of multiple small ones.
28
+
- Secure your virtual networks by assigning Network Security Groups (NSGs) to the subnets beneath them.
29
29
30
-
To learn more about how to design your Azure virtual network with reliablity principles in mind, as well as other important best practices, see [Architecture best practices for Azure Virtual Network](/azure/well-architected/service-guides/virtual-network).
30
+
To learn more about how to design your Azure virtual network with reliability principles in mind, as well as other important best practices, see [Architecture best practices for Azure Virtual Network](/azure/well-architected/service-guides/virtual-network).
31
31
32
32
## Reliability architecture overview
33
33
34
-
A virtual network is one of several core networking components in Azure. When you create virtual networks, you typically create a set of resources that collectively define your networking configuration, including:
34
+
A virtual network is one of several core networking components in Azure. When you create a virtual network, you create a set of resources that collectively define your networking configuration. These resources include:
35
35
36
36
- Network security groups (NSGs) and application security groups (ASGs), which restrict communication between parts of your network.
37
37
- User-defined routes, which control how traffic flows.
@@ -40,22 +40,22 @@ A virtual network is one of several core networking components in Azure. When yo
40
40
- Network interface cards (NICs), which provide network connectivity to Azure virtual machines.
41
41
- Private endpoints, which provide private connectivity to Azure services and to resources outside of your own virtual network.
42
42
43
-
You might also deploy *appliances*, including ExpressRoute gateways, VPN gateways, and firewalls. Appliances provide services to support your networking needs, such as connecting to on-premises environments or providing sophisticated controls on traffic flow.
43
+
You might also deploy *appliances*, such as ExpressRoute gateways, VPN gateways, and firewalls. Appliances provide services to support your networking requirements, such as connecting to on-premises environments or providing sophisticated controls on traffic flow.
44
44
45
45
Finally, you deploy your own components, like virtual machines that run applications or databases, as well as other Azure services that provide virtual network integration.
46
46
47
47
> [!IMPORTANT]
48
48
> This guide focuses on Azure virtual networks, which are just one component in your network architecture.
49
49
>
50
-
> From a reliability perspective, it's important that you consider each component in your solution individually as well as how they behave together. Many core Azure networking services provide high resiliency by default, but you might need to consider how other network appliances, virtual machines, and other components can support your reliability needs. Review the reliability guides for each Azure service you use to understand how that service supports reliability.
50
+
> From a reliability perspective, it's important that you consider each component in your solution individually as well as how they behave together. Many core Azure networking services provide high resiliency by default, but you might need to consider how other network appliances, virtual machines, and other components can support your reliability needs. Review the [reliability guides for each Azure service](./overview-reliability-guidance.md) you use to understand how that service supports reliability.
51
51
52
52
To learn more about networking in Azure, see [Networking architecture design](/azure/architecture/networking/).
Virtual networks themselves aren't typically affected by transient faults themselves. However, transient faults might affect resources deployed within a virtual network. Review the reliability guide for each resource you use to understand their transient fault handling behaviors.
58
+
Virtual networks themselves aren't usually affected by transient faults. However, transient faults might affect resources deployed within a virtual network. Review the [reliability guide for each resource](./overview-reliability-guidance.md) you use to understand their transient fault handling behaviors.
59
59
60
60
## Availability zone support
61
61
@@ -71,7 +71,7 @@ Zone-redundant virtual networks can be deployed in [any region that supports ava
71
71
72
72
### Cost
73
73
74
-
Zone redundancy for Azure Virtual Networks doesn't incur a charge.
74
+
There is no extra cost for zone redundancy for Azure Virtual Networks.
75
75
76
76
### Configure availability zone support
77
77
@@ -81,17 +81,17 @@ Zone redundancy is configured automatically when a virtual network is deployed i
81
81
82
82
Azure virtual networks are designed to be resilient to zone failures. When a zone becomes unavailable, Azure Virtual Network automatically reroutes virtual network requests to the remaining zones. This process is seamless and doesn't require any action from you.
83
83
84
-
However, any resources within the virtual network need to be considered individually, because each resource might have a different set of behaviors during the loss of an availability zone. Consult the reliability guide for each resource you use to understand their availability zone support and behavior when a zone is unavailable.
84
+
However, any resources within the virtual network need to be considered individually, because each resource might have a different set of behaviors during the loss of an availability zone. Consult the [reliability guide for each resource(./overview-reliability-guidance.md) you use to understand their availability zone support and behavior when a zone is unavailable.
85
85
86
86
### Failback
87
87
88
88
When the zone recovers, Microsoft initiates a failback process to ensure that virtual networks continue to work in the recovered zone. The failback process is automatic and doesn't require any action from you.
89
89
90
-
However, you should verify the failback behaviors of any resources you deploy within the virtual network.
90
+
However, you should verify the failback behaviors of any resources you deploy within the virtual network. For more information, consult the [reliability guide for each resource(./overview-reliability-guidance.md).
91
91
92
92
### Testing for zone failures
93
93
94
-
The Azure Virtual Network platform manages traffic routing, failover, and failback for virtual networks across availability zones. You don't need to initiate anything. Because this feature is fully managed, you don't need to validate availability zone failure processes.
94
+
The Azure Virtual Network platform manages traffic routing, failover, and failback for virtual networks across availability zones. Because this feature is fully managed, you don't need to validate availability zone failure processes.
95
95
96
96
## Multi-region support
97
97
@@ -103,7 +103,7 @@ You can create virtual networks in multiple regions, and you can optionally *pee
103
103
104
104
By creating virtual networks and other resources in multiple regions, you can be resilient to regional outages. However, you need to consider many factors, including:
105
105
106
-
-**Traffic routing:** If you host internet-facing services in the virtual network, you need to decide how to route incoming traffic among your regions and components. Services like Azure Traffic Manager and Azure Front Door enable you to route internet traffic based on rules you specify.
106
+
-**Traffic routing:** If you host internet-facing services in the virtual network, you need to decide how to route incoming traffic among your regions and components. With services such as Azure Traffic Manager and Azure Front Door, you can route internet traffic based on rules you specify.
107
107
108
108
-**Failover:** If an Azure region is unavailable, you typically need to *fail over* by processing traffic in healthy regions. Azure Traffic Manager and Azure Front Door provide failover capabilities for internet applications.
109
109
@@ -117,7 +117,7 @@ For an example of a multi-region networking architecture for web applications, s
117
117
118
118
## Service-level agreement
119
119
120
-
There isn't a defined SLA for Azure Virtual Network due to the nature of the service.
120
+
Due to the nature of the service provided. there isn't a defined SLA for Azure Virtual Network.
0 commit comments