Azure Network Architecture

Below you can see the Azure Network Architecture Diagram along with azure services.

Vnet Peering

When you want to connect to Virtual Network when its in same region you can use VNet Peering.

VPN-VPN

When you want to connect to Virtual Network when its in different region you can use VPN-VPN connection

To connect to On-Premise data center we can use two ways

1. Site to Site VPN -: Used to have connectivity between cloud & On-premise data center. cheaper than two.
2. Express Route -: when you want private connectivity between cloud & On-premise data center we use Express Route.

Application Gateway

URL based routing of the sites ,like www.amzon.co.in/Fashion will go to app-1 VM & www.amzon.co.in/Appliance will go to app-2 VM.

Load Balancer

It is used to balance the load which in result provided high availability, good performance.

Two types -:

Public/Internet Load Balancer -: Load Balancing incoming internet traffic to VMs ,connect with public IP.

Internal Load Balancer -: Load Balancing across VMs inside Virtual Network

Load Balance Features -: It Uses a hash-based Algorithm for distribution of inbound flow. which is nothing but 5 tuple hash

1. Source IP
2. Source Port
3. Destination IP
4. Destination Port
5. Ip protocol

Traffic Manager

It is a DNS Based Traffic load balancer ,It distributes traffic based on different Routing Methods.

Traffic Manager Routing Method-:

1. Priority
2. weighted
3. performance
4. Geographic
5. Multi-value
6. Sub-net

a. It distributes traffic to lowest network latency ,as traffic can be served geographically.

b. Increase application availability .

c. Perform application maintenance without downtime.

User define Route

You can create custom, or user-defined(static), routes in Azure to override Azure’s default system routes, or to add additional routes to a subnet’s route table. In Azure, you create a route table, then associate the route table to zero or more virtual network subnets.

NSG

You can filter network traffic to and from Azure resources in an Azure virtual network with a network security group. A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.

Different type of Sub-net

1. Web Server Sub-net
2. App Server Sub-net
3. Database Sub-net
4. Gateway Sub-net
5. Virtual Appliance Sub-net