10.0.0.0/16
172.16.0.0/16
192.168.0.0/16
This defines the total IP pool available.
Important: You cannot overlap address spaces when connecting VNets or hybrid networks.

2️⃣ Subnets

Subnets are:

Segments of VNet address space
Used to group workloads
Security and routing boundaries

Example:

10.0.0.0/16
├── 10.0.1.0/24 (Web)
├── 10.0.2.0/24 (App)
└── 10.0.3.0/24 (DB)

Each subnet:

Assigns IPs to resources
Can have NSGs
Can have route tables
Can enable service endpoints

3️⃣ Connected Devices

Connected devices include:

Virtual Machines
NICs
Load Balancers
Bastion
Private Endpoints

Each connected device receives:

✔ Private IP (via Azure DHCP) ✔ Optional Public IP

4️⃣ Private IP Addressing (DHCP)

Azure provides:

Managed DHCP
Automatic IP assignment
DNS configuration distribution

Important:

You cannot deploy your own DHCP server to replace Azure DHCP for VM IP assignment.

5️⃣ Public IP Association

A resource may have:

Private IP (inside VNet)
Public IP (internet accessible)

Public IP is attached to:

Network Interface
Load Balancer
NAT Gateway
Security Best Practice: Avoid unnecessary public IPs.

System Routes (Default)

These are:

Automatically created
Immutable
Control traffic within VNet and internet

Examples:

VNet local route
Default internet route (0.0.0.0/0)

Custom Routes (User Defined Routes – UDRs)

You can:

Override system routes
Send traffic to NVA (firewall)
Control hybrid routing

Route types:

Virtual Appliance
Internet
VNet Peering
Service Endpoint
BGP propagated routes

7️⃣ DNS Settings

By default:

Azure provides internal DNS (168.63.129.16)

Options:

✔ Azure-provided DNS ✔ Custom DNS servers ✔ Domain controllers in subnet
If using AD DS: You must configure custom DNS settings.

4️⃣ Hybrid Connectivity Options

VNets support:

Azure VPN Gateway
Azure ExpressRoute

This allows:

On-prem ↔ Azure network extension
Important: Address space must not overlap.

5️⃣ VNet as Security Boundary

VNets provide:

✔ Isolation from other Azure customers ✔ Segmentation via subnets ✔ Network Security Group enforcement ✔ Routing control ✔ Private connectivity

Think of VNet as:

Layer 3 boundary in Azure.

6️⃣ Common Exam Concepts (AZ-104 / AZ-700)

🔹 VNet must have non-overlapping IP space 🔹 Subnets cannot overlap 🔹 Azure DHCP is managed 🔹 System routes cannot be removed 🔹 Custom DNS overrides Azure DNS 🔹 Public IP is optional

7️⃣ Architectural Pattern Example

Typical 3-tier architecture:

Internet → Public Load Balancer → Web Subnet → App Subnet → DB Subnet

Optional:

Hybrid connectivity via VPN Gateway.

✔ Plan address space carefully ✔ Avoid overlapping IP ranges ✔ Use subnet segmentation ✔ Minimize public IP usage ✔ Use NSGs per subnet ✔ Use UDRs for traffic inspection ✔ Use private endpoints for PaaS

9️⃣ Troubleshooting Scenarios

If VM cannot communicate:

Check subnet placement
Check NSGs
Check route tables
Verify DNS configuration
Confirm IP address assignment

🔟 Reference Documentation

Virtual Network Overview
IP Address Planning
Routing Overview
DNS in Azure
Hybrid Connectivity

Final Conceptual Summary

Azure Virtual Network is:

Your isolated private cloud network
Built on RFC 1918 address space
Segmented into subnets
Controlled by routing & NSGs
Integrated with IaaS, PaaS, and hybrid
Everything networking-related in Azure starts with VNet.

If you'd like, I can now create:

🧠 30 VNet exam questions
📊 Visual comparison of VNet components
🏗 Hub-Spoke architecture deep dive
📄 One-page AZ-104 networking cheat sheet
Tell me which certification you’re targeting next.

More in Microsoft Azure

AZ-104 Hands-on Lab Guide

5 hours

AZ-305: Azure Solutions Architect Expert — Study Guide

10-12 weeks

AZ-400: Azure DevOps Engineer Expert — Study Guide

8-10 weeks

Back to Microsoft Azure

Conceptualizing Virtual Networks

1️⃣ What Is an Azure Virtual Network?

2️⃣ What Can a VNet Connect?

✔ IaaS Services

✔ PaaS Services

✔ Hybrid Environments

3️⃣ Core Components of a Virtual Network

1️⃣ Address Space