• Articles
  • Tutorials
  • Interview Questions

What is Azure Virtual Network (VNet)?

What is Azure Virtual Network (VNet)?

The basic building piece for your Azure private network is the Azure Virtual Network (VNet). VNet enables numerous types of Azure resources, including Azure Virtual Machines (VM), to securely connect to one another, the internet, and on-premises networks. When it comes to scale, availability, and isolation, VNet is identical to a traditional network within your own data center but comes with additional Azure infrastructure features.

Table of Contents:

Check out this Intellipaat Microsoft Azure Full Course video:

Why use an Azure Virtual network?

Azure virtual networks enable on-premises networks and the internet to be safely connected to Azure resources. A virtual network can be used to filter network traffic, route network traffic, interact with Azure services, and communicate between Azure resources, and on-premises resources.

Advantages of using Azure Virtual Network

Several benefits of using the Azure virtual network are:

  • It provides a safe environment for your applications.
  • By default, a subnet in a VNet can connect to the public internet.
  • We can easily route traffic from resources.
  • It is a very secure network.
  • It has excellent network connectivity.
  • It simply creates complicated network topologies.

Want to read more about Azure? Go through this Azure Tutorial!

Azure Vnet Capabilities

Below mentioned are the capabilities of Azure  Vnet:

  • Isolation and segmentation: Virtual machines will be isolated from other resources when deployed into virtual networks. Because we’ve added the virtual machine to a virtual network, it can’t be accessed from the Internet or other Azure resources unless we permit connectivity between them. We can also employ subnets within virtual networks to further segment our network resources.
  • Communication with the Internet: By default, all virtual network resources can communicate outbound to the Internet. However, it must create an inbound Internet connection. We have the option of using public IP addresses or load balancers.
  • Communicate between resources: Communication between the virtual network’s resources or with other resources via service endpoints.
  • Communication with on-premises resources: Your workloads in the Azure virtual network can interact with workloads in our on-premises data center smoothly by deploying either a point-to-site VPN, a site-to-site VPN, or an Express route.

Features of Azure Virtual Network

There are numerous features available within the Azure virtual network for traffic control:

  • Filter network traffic:  To filter traffic arriving at virtual network resources, we can utilize Network Security Groups, Application Security Groups, Azure firewalls, or third-party network virtual appliances.
  • Route network traffic: We can route network traffic using routing tables, or we can set user-defined routes to route all outgoing traffic, for example, through a firewall.
  • Monitor network traffic: You will be able to monitor both inbound and outgoing communications using network security groups and traffic analysis monitoring systems.
  • Subnet: The subnet is important since various configurations will be performed at the subnet level. It is a set of IP addresses in the VNet. Vnet can be divided into numerous subnets based on various architectural concerns, such as deploying a virtual machine, an App services environment, an integration service environment, and so on. VMs and PaaS services are installed in separate subnets inside the same VNet and can connect with one another without any further configuration. Subnets are set up with route tables, NSG, service endpoints, and policies.

Master the core concepts of Azure through this Azure Course for becoming a Certified Administrator.

Cloud Computing IITM Pravartak

Azure Virtual Network Architecture

Azure Virtual Network Architecture

A typical virtual network design for an n-tier application architecture is shown in the diagram above.

The virtual network has been partitioned into subnets depending on workloads such as the:

  • web tier, which contains the user interface,
  • the business tier, which operates the business logic,
  • and the data tier, which hosts the data source.

In order to assign one Network Security Group (NSG) to each subnet and control traffic flows between the tiers, it is essential to create separate subnets for each group of virtual machines.

For instance, the data tier subnet shouldn’t immediately receive an HTTP request from the internet.

The Network Security Group of the Data Tier Subnet can be given an access policy that restricts access to inbound requests to the business tier subnet only.

Any further attempts to access the data tier using a protocol other than the business tier will be denied

In a similar manner, we can set up an access policy on the business tier subnet’s NSG such that the inbound request source IP address is within the bounds of the web tier subnet.

Additionally, by assigning them to a separate Subnet within a Virtual Network, we may control the traffic requests to Active Directory.

Prepare for the Azure Interview and crack like a pro with these Azure Interview Questions.

Azure Virtual Network limits

Only networking resources managed by Azure Resource Manager per region per subscription are subject to the following limitations.

Virtual network1,000
Subnets per virtual network3,000
Virtual network peerings per virtual network500
VPN gateways per virtual network1
DNS servers per virtual network20
Private IP addresses per virtual network65,536
Private IP address per network interface256
Private IP address per virtual machine256

Got confused between Azure Availability Set and Azure Zone. Go through Azure Availability Set vs Azure Zone Blog to get your answers.

Get 100% Hike!

Master Most in Demand Skills Now !


Microsoft Azure provides a free Virtual Network. Each subscription allows for the creation of up to 50 Virtual Networks across all regions.

VNET Peering connects two virtual networks, either in the same or different areas, and allows you to route traffic between them using private IP addresses (carry a nominal charge).

At both ends of the peer networks, inbound and outgoing traffic is charged. Network equipment that run within a virtual network, such as VPN Gateway and Application Gateway, are also charged.

Virtual network peering: 

Through virtual network peering, you can transport communication between virtual networks using private IP addresses. At both ends of the peer networks, ingress and egress traffic is charged.

VNET Peering within the same region

Inbound data transfer$0.01 per GB
Outbound data transfer$0.01 per GB


A virtual network is a group of IP addresses that are joined together. It is a crucial factor to take into account while creating cloud-based apps.

It is advised to create distinct subnets for distinct tiers of an application and attach each subnet to a network security group with constrained inbound and outgoing security rules in order to safeguard each layer of the application architecture within a highly secured network.

In case you want to get certified and become an Azure Specialist, here is the course you are looking for Microsoft Azure Masters Program!

Course Schedule

Name Date Details
Azure Training 22 Jun 2024(Sat-Sun) Weekend Batch
View Details
Azure Training 29 Jun 2024(Sat-Sun) Weekend Batch
View Details
Azure Training 06 Jul 2024(Sat-Sun) Weekend Batch
View Details

About the Author

Application Architect

Rupinder is a certified IT expert in AWS and Azure, working as a DevOps Architect and specializing in cloud and infrastructure. He designs and builds entire IT setups for important apps in banking, insurance, and finance.