Hey folks! I'm coming from a background of on-premises system administration where I've handled switches, DHCP management, firewalls, hypervisors, VMs, and more. I've been working with Azure for about a year and a half now, and I'm really enjoying the experience! While I find that I can apply many of my existing skills, subnet design seems to be quite different. Is there any comprehensive guide out there that covers the different types of delegated subnets, their recommended sizes, and specific peculiarities? I generally design subnets based on needs—like DMZs, isolated networks, and management networks—but planning networks in Azure feels like a whole new challenge. I'd love to hear your tips on subnet and VNET design in Azure! How do you all typically plan and manage your subnets?
5 Answers
Keep in mind that if you're doing a lot of IaaS work with VMs, Azure site recovery can actually require more IPs per VM than you think!
Just a few key things to remember: Azure reserves the first four and last IP addresses in a subnet. So, for example, in a 10.0.0.0/x subnet, the first available IP will be 10.0.0.4. Also, you can't edit or delete a subnet if there are resources within it. Plus, you might have to delegate subnets to platform resources to enable private PaaS service deployments. Remember, you can add or expand a VNet address space provided it isn’t overlapping with another peered network.
Good points! And just to add, you can also shrink or reclaim unused space on a VNet as long as that space isn't actively being used.
Thanks for these insights! I often hear about needing delegated networks since my resources are mostly private. How do you guys plan for future PaaS needs with delegated networks?
You also mentioned some general L3 networking concepts that might apply differently in Azure. It’s good to keep in mind that some practices from on-prem may not translate directly to a cloud environment.
Consider using IP Address Management (IPAM) for your network planning. It really helps streamline things! Here's a link if you want to check it out: https://learn.microsoft.com/en-us/azure/virtual-network-manager/concept-ip-address-management.
I hadn’t even heard of IPAM before! It looks interesting and seems similar to subnets but with IP pools instead. It might offer a more dynamic approach to subnet management. I’ve got to try it out, thanks!
A great starting point is the Microsoft documentation! Check it out here: https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-vnet-plan-design-arm. It's really helpful for understanding subnet design in Azure.
Thanks for the link! This is just the resource I needed, really appreciate it!
There’s really just one type of subnet in Azure, which is basically a VNet IP range divided into smaller pieces. You can attach User-Defined Routes (UDRs) and Network Security Groups (NSGs) to it. I recommend looking into the Cloud Adoption Framework; it covers popular designs like hub-and-spoke and mesh networking.
True, only one type of subnet resource! But you can design each subnet differently based on needs. Certain dedicated subnets require different sizes, and depending on security requirements, specific UDRs and NSGs may be needed.
I think it would be beneficial to hear how others approach planning their subnets for individual VNets in Azure!
Great note! Luckily, I’m not doing a lot with dedicated VMs at this point. Most of the time, I’m working with VM images and scale sets. Does that extra IP requirement apply to container app environments with dedicated plans too?