The Everything Feed - All Packet Pushers Pods D2DO273: Azure VNets Don’t Exist
May 28, 2025
Aidan Finn, a principal consultant at Innofactor with a decade of Azure experience, discusses the fundamental shifts in networking when moving to the cloud. He emphasizes that traditional designs don’t fit Azure’s architecture, highlighting the role of network security groups over subnets. Aidan shares insights on the evolution of Azure, the challenges of transitioning to cloud environments, and best practices for managing security. He advocates for a hub-and-spoke model in Azure networking, discussing the strategic placement of gateways to enhance both performance and security.
AI Snips
Chapters
Transcript
Episode notes
Azure VNets Are Abstract Constructs
- Azure virtual networks don't have physical cables; packets travel directly from source to destination via encapsulation.
- The concept of virtual subnetting and gateways is an abstraction; actual communication relies on Hyper-V virtual switches and Azure Fabric.
Azure NICs Are Routers and Firewalls
- Each Azure virtual NIC acts as both a router and a firewall, implementing security at the hypervisor level through Hyper-V PortACLs.
- Network Security Groups use this technology to enforce per-VM traffic filtering.
Design Small, Manageable VNets
- Avoid creating large VNets with many subnets and complex routing; this leads to management overhead and inefficiency.
- Use network security groups for segmentation instead of subnets and keep VNets smaller and workload-specific.