Address Spaces for Azure Virtual Networks

An Azure Virtual Network (VNet) is a representation of your own network in the cloud. It is a logical isolation of the Azure cloud dedicated to your subscription. VNets enable you to provision and manage resources within a private network space that you define. The core of a VNet's network definition lies in its address space.

Understanding Address Spaces

The address space of a VNet is a collection of one or more private IP address ranges that are not routable on the internet. These ranges are defined using CIDR (Classless Inter-Domain Routing) notation. When you create a VNet, you specify an address space that defines the IP addresses that can be used by resources within that VNet.

Key Concepts:

IP Address Ranges: These are the IP addresses available for use within your VNet. Common private IP address ranges include:
- 10.0.0.0/8 (10.0.0.0 to 10.255.255.255)
- 172.16.0.0/12 (172.16.0.0 to 172.31.255.255)
- 192.168.0.0/16 (192.168.0.0 to 192.168.255.255)
CIDR Notation: This is a compact way to represent an IP address range. For example, 10.1.0.0/16 defines a network with 65,536 IP addresses.
Address Space Limitations: Azure VNets can have a single address space or multiple, non-overlapping address spaces. The total address space for a VNet can be between /8 and /24 in size.

Adding and Managing Address Spaces

You can define the address space for a VNet during creation or modify it later. It's crucial to plan your address spaces carefully to avoid conflicts, especially if you intend to connect multiple VNets or establish on-premises connectivity.

Considerations for Address Space Planning:

On-Premises Connectivity: Ensure your VNet address space does not overlap with your on-premises network address spaces if you plan to use VPN gateways or ExpressRoute.
VNet Peering: If you plan to peer VNets, their address spaces must not overlap.
Future Growth: Allocate sufficient IP addresses to accommodate future expansion of your network resources.

Important: Once you create a VNet, you cannot change its address space if it contains any subnets. You must delete all subnets before you can modify the VNet's address space.

Example

Let's say you create a VNet named MyVNet with the address space 10.1.0.0/16. This VNet will have a total of 65,536 IP addresses available for use. You can then create subnets within this address space.


# Example of creating a VNet with a specific address space using Azure CLI
az network vnet create \
  --name MyVNet \
  --resource-group MyResourceGroup \
  --address-prefixes 10.1.0.0/16

If you need to accommodate more IP addresses or want to segment your network further, you can add additional, non-overlapping address spaces to your VNet:


# Example of adding an additional address space to an existing VNet
az network vnet address-space add \
  --vnet-name MyVNet \
  --resource-group MyResourceGroup \
  --address-prefixes 10.2.0.0/16

CIDR and IP Address Allocation

The CIDR notation determines the number of available IP addresses and the network and host portions of an IP address. A smaller CIDR prefix (e.g., /8) represents a larger address space, while a larger prefix (e.g., /24) represents a smaller address space.

CIDR Prefix	IP Address Range	Number of Addresses
`/24`	`192.168.1.0 - 192.168.1.255`	256
`/22`	`10.1.0.0 - 10.1.3.255`	1024
`/16`	`172.16.0.0 - 172.16.255.255`	65,536
`/8`	`10.0.0.0 - 10.255.255.255`	16,777,216

Tip: Always reserve the first four IP addresses and the last IP address in any subnet for Azure's use. For a /24 subnet, the first four are .0 to .3 and the last is .255.

1 2 3 ... 10