[DEEP] Azure Networking Basics

Before we can five deeper into Azure Networking it is important to understand how the overall Azure Network is set-up and working.

As already discussed in the [BASIC] Azure Regions article there is a difference between Production Sites and Edge Sites. So have a look into this one to understand the differences.

Today we want to go a bit deeper…

How does Azure Networking work?!

One thing you really have to know is, that all Networking Resources you will use as a customer in Microsoft Azure are Software-Defined. You will never use a physical Firewall or LoadBalancer. For a customer in Azure everything is Software-Defined.

This is key to the separation of customer workloads, as with Software-Defined Networks you can easily separate customers using the same hardware. This also results in some behavior you would not expect … but let’s check this out in a later post.

The whole operation of the global network has been made available by Microsoft via project SONiC (Software for Open Networking in the Cloud)

But for sure … under the hood there are physical layers … so let’s see…

What is the physical layer?

As you can imagine running a global network for more than 50 regions is not the easiest thing to do. The overall structure of the global Azure Network is based on the ability to grow above and beyond:

• multiple Data Centers together are building a region
• every Data Center has a connection to Regional Network Gateways (RNG)
• Those gateways allow in region communication and also are bundling the outgoing bandwidth
• a region is connected with 1.6 Pbps bandwidth
• those RNGs are connected to the Microsoft Global WAN
• the WAN has connection points into the Edge Sites
• In the Edge Site you find aggregators for things like ExpressRoute, Azure Front Door and all Internet Traffic
• from here the connection to customers is established

That mean, when you access any Azure Resource you always connect through an edge site. From here you are directed into the desired region. But at the same time you can see, that if all regions are connected to the MS WAN you could also use this. And this is why Microsoft states „Our network is your network„

So if you are in Europe and you want to access a resource in the US you could go via Public Internet to the US … or you could use your Azure Connection and use the Microsoft WAN to access it.

If you think about this, it could lead to a whole new global network structure for you … but we will cover this in a later post.

If you are in a region with Availability Zones the whole setup looks like this:

More information on Azure Global Network

If you use the search tool of your choice you will find the information around Azure Global Networking. But here a small collection for you:

• Microsoft global network
• Azure network round trip latency statistics
• Azure Global Network
• SONiC: The networking switch software that powers the Microsoft Global Cloud
• …

A good overview is also given in BRK2483 of Microsoft Ignite 2018

So happy networking 🙂