I have an Azure Virtual Network (VNet) that includes five subnets, but one of them is completely full. The only available IP address space left in my VNet is a /28 block (16 IPs).
Here's the current setup:
- Subnet A: 10.x.x.x/27 (fully utilized)
- Available space: 10.x.x.200/28 (all free)
All my infrastructure is managed through Bicep templates.
My question is: If I modify my Bicep template to change the existing subnet from /27 to /28, what will happen to the resources that currently have IP addresses assigned from the /27 range? Specifically:
- Will Azure automatically move or reassign those resources to fit the new /28 range?
- Or will the existing resources retain their current /27 IPs unless they are deleted or redeployed?
- Is it even possible to change the subnet CIDR for an existing subnet that has resources attached?
I'm looking for the safest way to manage this situation.
4 Answers
One option would be to simply add another IP block to your VNet instead of resizing the existing subnet.
According to official Azure docs, you can't change the address range of a subnet if anything is currently attached to it. You’ll need to plan accordingly.
Just to add on, you can actually add multiple IP address ranges to an existing subnet, which might be a better option! Check out the Microsoft documentation for details on how to do this: https://learn.microsoft.com/en-us/azure/virtual-network/how-to-multiple-prefixes-subnet?tabs=powershell
We recently did this when our Kubernetes cluster was scaling up. It worked like a charm!
Unfortunately, you can't change a subnet size while there are resources using it. One solution is to create a new subnet where the new resources can go. Alternatively, you could temporarily relocate the existing resources by creating a temporary subnet, setting up new network interfaces for them, deleting the old ones, adjusting the subnet, and then moving everything back.
Exactly! Plus, from earlier this year, the new CIDR doesn't need to be contiguous with the existing range.