Networking Fundamentals
Start with the minimum networking concepts needed to design and troubleshoot Azure environments: packets, IP addresses, routing, public/private reachability, and CIDR notation.
What Is It? (Simple Explanation)
Networking is how computers talk to each other. Think of each computer as a house and each IP address as a postal address. Data is split into packets, and routers move packets between addresses.
Why Do We Need It?
- Applications are multi-tier and distributed across VMs, containers, and managed services.
- Security depends on controlling who can reach what over the network.
- Performance and reliability depend on correct routing and load distribution.
Real-world Analogy
A city has streets, traffic signals, and address numbers. If addresses are duplicated or roads are blocked, deliveries fail. Cloud networking works exactly the same way for application traffic.
How It Works (Technical)
| Concept | Meaning | Azure Relevance |
|---|---|---|
| IP address | Unique address for a network interface | Assigned to NICs, VMs, load balancers, gateways |
| Port | Logical endpoint on a host (80, 443, 22) | Controlled by NSG rules and firewall policies |
| Routing | Path selection from source to destination | System routes + user-defined routes in VNets |
| NAT | Address translation between private/public spaces | Used by Azure LB outbound SNAT, NAT Gateway |
Private vs Public IP
- Private IPs exist inside private networks and are not internet-routable.
- Public IPs are reachable from internet routes and must be protected.
- Production pattern: keep workloads private, publish only controlled entry points.
CIDR Basics
CIDR tells how many addresses are in a network block.
| CIDR | Addresses | Typical Use |
|---|---|---|
| /24 | 256 | Small subnet |
| /20 | 4096 | Medium VNet section |
| /16 | 65536 | Large VNet space |
Visual Representation
Hands-on Commands
# Create resource group
az group create --name rg-net-basics --location eastus
# Create a basic VNet and subnet
az network vnet create \
--resource-group rg-net-basics \
--name vnet-basics \
--address-prefix 10.10.0.0/16 \
--subnet-name snet-app \
--subnet-prefix 10.10.1.0/24
# List VNet and subnet ranges
az network vnet show --resource-group rg-net-basics --name vnet-basics \
--query "{vnet:addressSpace.addressPrefixes,subnets:subnets[].addressPrefix}"Real-world Use Case
A three-tier web app uses one VNet with separate subnets for web, app, and data tiers. Public access is only allowed to the web entry point; app and data traffic remain private.
Debugging Scenario
Issue: App cannot reach database.
- Validate DNS resolution for DB endpoint.
- Check NSG rules for destination port (for example 1433).
- Check effective routes and ensure no forced route blackhole.
- Verify database firewall or private endpoint configuration.
Interview Questions
Beginner
A unique address assigned to a network interface so packets can be sent to and from it.
Private IP is internal-only. Public IP is internet-routable and externally reachable.
Intermediate
To define scalable address ranges and subnet boundaries efficiently for routing and policy control.
NAT translates private source addresses to a public address for outbound internet traffic.
Scenario-based
Check port-level rules, route consistency, and whether API backend has stable private connectivity and healthy endpoints.
Summary
Networking fundamentals are the base layer for every Azure design. Get IP planning, routing, and reachability right first; security and scale become much easier afterward.