Hub and Spoke Architecture

Topics need to be discussed

Ip addressing
An IP address (Internet Protocol address) is a unique numerical label assigned to devices connected
to a computer network that uses the Internet Protocol for communication. It serves two primary
purposes:

1. Identification: It identifies a device on a network, ensuring data is sent to the correct

2. Location Addressing: It helps locate devices on a network, like a home address for physical
locations.

Types of IP Addresses

1. IPv4:

o Format: Four numbers separated by dots (e.g., 192.168.1.1).

o Range: Each number (octet) ranges from 0 to 255.

o Widely used but limited to ~4.3 billion unique addresses.

2. IPv6:

o Format: Eight groups of four hexadecimal digits separated by colons (e.g.,

o Provides a much larger address space than IPv4.

o Adopted due to the scarcity of IPv4 addresses.

1. Private IP Addresses:

o Used within private networks (e.g., home, office).

o Cannot be accessed directly over the internet.

o Examples: 192.168.x.x, 10.x.x.x, 172.16.x.x to 172.31.x.x.

2. Public IP Addresses:

o Assigned to devices directly connected to the internet.

o Unique across the internet.

3. Static IP Addresses:

o Manually assigned and do not change over time.

o Common for servers and devices requiring consistent addresses.

4. Dynamic IP Addresses:

o Assigned by a DHCP (Dynamic Host Configuration Protocol) server.

o Can change over time, typically used for most devices.

IPv4: 10.1.1.100, 67.45.69.89, 192.168.1.100

IPv4 limit: 0.0.0.0 to 255.255.255.255

Here, they have divided the above range into classes

Class A: 1.0.0.0 to 126.255.255.255

Private: 10.0.0. to 10.255.255.255

Class B: 128.0.0.0. to 191.255.255.255

Private: 172.16.0.0 to 172.31.255.255

Class C: 192.0.0.0 to 223.255.255.255

Private: 192.168.0.0 to 192.168.2555.255

Below are class D and class E which are not useful

Class D: 224.0.0.0. to 239.255.255.255

Class E:240.0.0.0. to 255.255.255.255

Explaining classes A, B, and C with real-time examples like Google, Flipkart, amazon

You should understand one thing to access any website globally that website should have an IP
address that is public without public IP we cannot access any website.
Public IP will expose the internet >> in your browser any website you search will contain a public IP

To see internet provider public ip: ipconfig.io

What Is My IP? Best Way To Check Your Public IP Address

Loppback Address:127.x.x.x. (we will not use )

Private IP ranges -RFC1918

Office example, school 10th example

100userwith machines>>Router gateway>>publicip>>Internet provider>>internet>>google.com

Resource group>> Resources can be from any location

A virtual network is an address space and region-dependent provides range of address for user

Vnet can be divided into subents

Resources like VM,LB,APPGw, firewall can be deployed within vnet

How to create vnet >>vnet1>>eastus>>it will ask for ip range selection>>10.0.38.0

Subnetting in realtime ……

I walk you through the hub and spoke networking architecture for an enterprise-scale landing zone in
Azure. We explore the core components and services involved in this setup, ensuring a scalable,
secure, and efficient network. Through a detailed whiteboard session, I visually design and explain
the entire architecture, breaking down how the hub connects to various spokes and the best
practices for deploying this architecture in a cloud environment. Perfect for cloud architects and
engineers looking to optimize their network setup for enterprise workloads!
 1. Inbound Traffic:

o A user from the internet sends an HTTP request to your application. The NSG allows
traffic on port 80/443 and blocks all other requests.

2. Outbound Traffic:

o The VM sends log data to Splunk on port 9997 (allowed by NSG outbound rules).

o The VM downloads updates from the specific update server (allowed by outbound
rule).

o All other outbound requests are blocked.

3. NAT Gateway:

o The VM accesses the update server using the NAT Gateway, ensuring its private IP is
not exposed while using the public IP of the NAT Gateway.

Practical Example of Subnetting:

Suppose your company has 500 devices in a single network using the IP range 192.168.1.0/24.
Subnetting allows you to split this into smaller groups:

 Subnet 1: HR Department (192.168.1.0/26 - 64 IPs)

 Subnet 2: IT Department (192.168.1.64/26 - 64 IPs)

 Subnet 3: Finance Department (192.168.1.128/26 - 64 IPs)

This way, each department is isolated and managed independently.

A subnet (short for "subnetwork") is a smaller network inside a larger network. It divides a large
network into smaller, more manageable parts. Subnets help organize and secure the network by
isolating groups of devices.

Subnetting is the process of dividing a large network into smaller subnets. It involves splitting the IP
address range of the larger network into smaller ranges, so each subnet gets its own portion of
addresses.

A firewall in networking is a security device or software that acts as a barrier between a trusted
internal network and untrusted external networks, such as the internet. Its primary purpose is to
monitor and control incoming and outgoing network traffic based on predefined security rules,
thereby protecting networks, devices, and data from unauthorized access and cyber threats.