A vNet provides a logical isolation inside the Azure Cloud that is dedicated to your subscription.

A vNet needs a few things.

Standard things like the names subscription details etc. Let’s look at the Address Space. The default Address Base Azure gives you is In this case the /16 refers to the number of subnet IP addresses available, in this case 65,636. Let’s say we change that to, then we will have 256 subnet IP addresses available to us.

Once the vNet has been created, additional address bases can be added. So if you started with, then you could add,, ans so on each adding 256 IP address to the network.

IP Ranges

Each of the IP addresses here that begins with 10, 192, 172 are referred to as the RFC 1918 addresses. Specifically, the following ranges of IP addresses cannot be routed on the Internet:

  • – (10/8 prefix)
  • – (172.16/12 prefix)
  • – (192.168/16 prefix)


By default the first subnet name is called Default. This can be any name. And the IP address for this subnet must be within the Address space of the vNet. Let’s say we want to create a small subnet. We can used an IP address of This will give us 16 IP address in total in that subnet, but only 11 of that will be usable. The first and the last IP addresses in that range will not be available as it is used by the network it self (for gateway and broadcast). Another 3 are taken up by Azure itself for network management services.

There is another type of subnet called the Gateway Subnet. The gateway is how we get back to our on-premise resources

So why would you want to have subnets anyway? In a virtual network, everything is accessible by everything else by default. You may not want to do that and want to isolate services into various subnets, or you may also want to allow only one of the subnets to access the internet etc. This is done using Network Security Groups.

DNS Services

Domain Name System (DNS) by default is provided by a Azure so that Azure is hosting the DNS service for you so every VM that you would have in Azure would have a fully qualified domain name. If you are managing a production network with Azure AD for example, you would want to use custom DNS.


Peerings is where you can have your virtual network connect to other virtual networks that are in the same subscription or other subscriptions that are managed by you in the same Azure AD.

Service Endpoints

Service Endpoint is where there are services in Azure that has some internet facing presence (i.e. Event Hubs, SQL etc.), but you want to access it privately so you don’t want this traffic to route out to the Internet. You want to route directly to that service using the Azure backbone.