Virtual Network Addressing in Azure

Understanding and effectively planning your IP addressing scheme is crucial for the success of your Azure Virtual Network (VNet) deployments. This document covers the fundamentals of VNet addressing, including address spaces, CIDR notation, and best practices.

Address Spaces

An address space is a public or private IP address range that is used to assign IP addresses to resources within a VNet. Azure VNets support IPv4 and IPv6 address spaces. When you create a VNet, you define one or more address spaces for it. These address spaces can be represented using Classless Inter-Domain Routing (CIDR) notation.

Private Address Spaces

You can use the following private IP address ranges for your Azure VNets:

10.0.0.0/8
172.16.0.0/12
192.168.0.0/16

These ranges are compliant with RFC 1918 and are not routable on the public internet. They can also be used for on-premises networks, allowing for seamless hybrid connectivity.

Public Address Spaces

While VNets primarily use private IP addresses, you can assign public IP addresses to specific resources like Virtual Machines (VMs), Load Balancers, and VPN Gateways to enable direct internet access or connectivity to on-premises networks.

CIDR Notation

CIDR notation is a compact way to represent an IP address and its associated network prefix. It consists of an IP address followed by a forward slash and a number (e.g., 10.0.0.0/16). The number indicates the number of bits in the network portion of the address, determining the size of the address space and the number of available IP addresses.

For example:

A /16 prefix provides 65,536 IP addresses (2^(32-16)).
A /24 prefix provides 256 IP addresses (2^(32-24)).

Reserved IP Addresses

Within each VNet address space and subnet, Azure reserves a small number of IP addresses for its own use. These addresses cannot be assigned to your resources.

The reserved IP addresses are:

The first four IP addresses in the subnet.
The last IP address in the subnet.

For example, in a subnet with the address space 10.0.0.0/24:

10.0.0.0: Network address
10.0.0.1: Azure DNS
10.0.0.2: Reserved for future use
10.0.0.3: Reserved for future use
10.0.0.255: Broadcast address

This means that in a /24 subnet, you have 251 usable IP addresses for your resources.

IP Address Assignment

Azure resources within a VNet are assigned IP addresses from the VNet's address space. You can assign IP addresses statically or dynamically:

Dynamic Assignment: IP addresses are assigned from the available pool of IP addresses in the subnet. When a resource is deallocated and then restarted, its IP address might change.
Static Assignment: You can reserve a specific IP address from the subnet's address range for a resource. This IP address will remain assigned to the resource until it is explicitly unassigned.

Address Space Planning Best Practices

To ensure a scalable and manageable network, consider the following best practices:

Plan for growth: Allocate a larger address space than you currently need to accommodate future expansion.
Use non-overlapping address spaces: When peering VNets or connecting to on-premises networks, ensure that address spaces do not overlap to avoid routing conflicts.
Leverage private IP ranges: Utilize RFC 1918 private IP address ranges for internal communication.
Subnetting: Divide your VNet into smaller subnets for better organization and security segmentation.
Documentation: Maintain clear documentation of your VNet address spaces, subnet configurations, and IP address assignments.

Example Scenario

Let's consider a simple scenario:

You create a VNet named MyVNet with the address space 10.1.0.0/16. This gives you approximately 65,536 IP addresses. You then create two subnets:

FrontendSubnet with address space 10.1.1.0/24 (251 usable IPs) for your web servers.
BackendSubnet with address space 10.1.2.0/24 (251 usable IPs) for your database servers.

                
# Azure CLI Example
az network vnet create \
    --resource-group MyResourceGroup \
    --name MyVNet \
    --address-prefixes 10.1.0.0/16

az network vnet subnet create \
    --resource-group MyResourceGroup \
    --vnet-name MyVNet \
    --name FrontendSubnet \
    --address-prefixes 10.1.1.0/24

az network vnet subnet create \
    --resource-group MyResourceGroup \
    --vnet-name MyVNet \
    --name BackendSubnet \
    --address-prefixes 10.1.2.0/24
                
            

This structured approach allows for efficient management and communication within your Azure environment.