Azure Networking Components¶
Comprehensive breakdown of core Azure networking resources and their primary functions.
| Component | Category | Layer | Purpose | Key Limit / Default |
|---|---|---|---|---|
| VNet | Foundation | 3 | Private IP address space | 1000 per subscription |
| Subnet | Foundation | 3 | Segmentation of VNet | 5 reserved IPs per subnet |
| NIC | Connectivity | 2 | Connects VM to VNet | Max NICs depend on VM size |
| NSG | Security | 3/4 | Filter traffic (IP/Port) | 1000 rules per NSG |
| UDR | Routing | 3 | Overwrite default routes | 400 routes per table |
| Public IP | Connectivity | 3 | Internet accessibility | Static or Dynamic |
| Private Endpoint | Connectivity | 3 | Private access to PaaS | Uses IP from subnet |
| Service Endpoint | Connectivity | 3 | Secure PaaS to VNet | No private IP assigned |
| NAT Gateway | Connectivity | 4 | Outbound SNAT | 64,512 SNAT ports per public IP |
| Load Balancer | Delivery | 4 | Hash-based distribution | L4 only (TCP/UDP) |
| Application Gateway v2 (recommended) | Delivery | 7 | Web traffic management | WAF support; v1 retires April 28, 2026 |
| Front Door | Delivery | 7 | Global CDN / App accel | Global service |
| Azure Firewall | Security | 3-7 | Managed cloud firewall | High availability built-in |
| Azure Bastion | Security | 7 | RDP/SSH via browser | No public IP on VM |
| VPN Gateway | Hybrid | 3 | Encrypted site-to-site | Max 10 Gbps |
| ExpressRoute | Hybrid | 3 | Private dedicated link | 50 Mbps to 10 Gbps per circuit |
| Private DNS | Resolution | 7 | VNet name resolution | Link to multiple VNets |
| Network Watcher | Monitoring | - | Diagnostic tools | Regional service |
mermaid graph TD VNet[Virtual Network] --> Subnet[Subnet] Subnet --> NIC[NIC] NIC --> VM[Virtual Machine] Subnet --> NSG[Network Security Group] Subnet --> UDR[Route Table / UDR] Subnet --> NAT[NAT Gateway] AppGW[Application Gateway v2] --> Subnet Bastion[Azure Bastion] --> Subnet
Warning
Component limits vary by SKU, region, and subscription quotas; validate current limits before production rollout.