Networking on Azure and AWS
Elastic Load Balancing, Azure Load Balancer, and Azure Application Gateway
The Azure equivalent of the Elastic Load Balancing services are:
Load Balancer: Provides the same network layer 4 capabilities as the AWS Network Load Balancer and Classic Load Balancer, allowing you to distribute traffic for multiple VMs at the network level. It also provides a failover capability.
Application Gateway: Offers application-level rule-based routing comparable to the AWS Application Load Balancer.
Route 53, Azure DNS, and Azure Traffic Manager
In AWS, Route 53 provides both DNS name management and DNS-level traffic routing and failover services. In Azure this is handled through two services:
Azure DNS provides domain and DNS management.
Traffic Manager provides DNS level traffic routing, load balancing, and failover capabilities.
Direct connect and Azure ExpressRoute
Azure provides similar site-to-site dedicated connections through its ExpressRoute service. ExpressRoute allows you to connect your local network directly to Azure resources using a dedicated private network connection. Azure also offers more conventional site-to-site VPN connections at a lower cost.
Route tables
AWS provides route tables that contain routes to direct traffic, from a subnet/gateway subnet to the destination. In Azure, this feature is called user-defined routes (UDRs).
With user-defined routes, you can create custom or user-defined (static) routes in Azure, to override the Azure default system routes, or to add more routes to a subnet's route table.
Private Link
Similar to AWS PrivateLink, Azure Private Link provides private connectivity from a virtual network to an Azure platform as a service (PaaS) solution, a customer-owned service, or a Microsoft partner service.
VPC peering, virtual network peering in Azure
In AWS, a VPC peering connection is a networking connection between two VPCs, which enables you to route traffic between them using private Internet Protocol version 4 (IPv4) addresses or Internet Protocol version 6 (IPv6) addresses.
Azure virtual network (VNet) peering enables you to seamlessly connect two or more Virtual Networks in Azure. The virtual networks appear as one for connectivity purposes. The traffic between virtual machines in peered virtual networks uses the Microsoft backbone infrastructure. Like traffic between virtual machines in the same network, traffic is routed through Microsoft's private network only.
Content delivery networks - CloudFront and Azure Front Door
In AWS, CloudFront provides content delivery network (CDN) services, to globally deliver data, videos, applications, and APIs. This is similar to Azure Front Door.
Azure Front Door is a modern cloud content delivery network service that delivers high performance, scalability, and secure user experiences for your content and applications. For a full list of Azure Front Door product offerings, see Overview of Azure Front Door tiers.
Network service comparison
Area | AWS service | Azure service | Description |
---|---|---|---|
Cloud virtual networking | Virtual Private Cloud (VPC) | Virtual Network | Provides an isolated, private environment in the cloud. Users have control over their virtual networking environment, including selection of their own IP address range, creation of subnets, and configuration of route tables and network gateways. |
NAT gateways | NAT Gateways | Virtual Network NAT | A service that simplifies outbound-only Internet connectivity for virtual networks. When configured on a subnet, all outbound connectivity uses your specified static public IP addresses. Outbound connectivity is possible without a load balancer or public IP addresses directly attached to virtual machines. |
Cross-premises connectivity | VPN Gateway | VPN Gateway | Connects Azure virtual networks to other Azure virtual networks, or customer on-premises networks (Site To Site). Allows end users to connect to Azure services through VPN tunneling (Point To Site). |
DNS management | Route 53 | DNS | Manage your DNS records using the same credentials and billing and support contract as your other Azure services |
DNS-based routing | Route 53 | Traffic Manager | A service that hosts domain names, plus routes users to Internet applications, connects user requests to datacenters, manages traffic to apps, and improves app availability with automatic failover. |
Dedicated network | Direct Connect | ExpressRoute | Establishes a dedicated, private network connection from a location to the cloud provider (not over the Internet). |
Load balancing | Network Load Balancer | Load Balancer | Azure Load Balancer load balances traffic at layer 4 (TCP or UDP). Standard Load Balancer also supports cross-region or global load balancing. |
Application-level load balancing | Application Load Balancer | Application Gateway | Application Gateway is a layer 7 load balancer. It supports SSL termination, cookie-based session affinity, and round robin for load-balancing traffic. |
Route table | Custom Route Tables | User Defined Routes | Custom, or user-defined (static) routes to override default system routes, or to add more routes to a subnet's route table. |
Private link | PrivateLink | Azure Private Link | Azure Private Link provides private access to services that are hosted on the Azure platform. This keeps your data on the Microsoft network. |
Private PaaS connectivity | VPC endpoints | Private Endpoint | Private Endpoint provides secured, private connectivity to various Azure platform as a service (PaaS) resources, over a backbone Microsoft private network. |
Virtual network peering | VPC Peering | VNET Peering | VNet peering is a mechanism that connects two virtual networks (VNets) in the same region through the Azure backbone network. Once peered, the two virtual networks appear as one for all connectivity purposes. |
Content delivery networks | CloudFront | Front Door | Azure Front Door is a modern cloud content delivery network (CDN) service that delivers high performance, scalability, and secure user experiences for your content and applications. |
Network Monitoring | VPC Flow Logs | Azure Network Watcher | Azure Network Watcher allows you to monitor, diagnose, and analyze the traffic in Azure Virtual Network. |
Networking architectures
Architecture | Description |
---|---|
Deploy highly available NVAs | Learn how to deploy network virtual appliances for high availability in Azure. This article includes example architectures for ingress, egress, and both. |
Hub-spoke network topology in Azure | Learn how to implement a hub-spoke topology in Azure, where the hub is a virtual network and the spokes are virtual networks that peer with the hub. |
Implement a secure hybrid network | See a secure hybrid network that extends an on-premises network to Azure with a perimeter network between the on-premises network and an Azure virtual network. |