Have you ever run out of addresses in an Azure virtual network? Have you ever needed to add a different scope or address space to an existing Azure virtual network? If so, this post is for you.
Quite honestly, I did not know that this was possible until recently – it’s a setting in an Azure virtual network that I have never used or even looked at:
When you create a virtual network, you give it an address space. Typically that will be a 10.x.x.x range because that’s what the Azure Portal steers you towards and if offers a lot of address space to carve up. In the above virtual network, I created a virtual network with an address space of 192.168.1.0/24, one that should be very familiar to you. And the blades for setting up the virtual network created a single subnet consuming all of that space. What if I wanted to add another subnet? I used to think that it wasn’t possible, but I was wrong.
You can click Address Space in the Settings of the virtual network and add extra address spaces. In the above, I’ve added 10.0.0.0/16 and 172.16.0.0/16 (extreme but vivid examples) to my subnet. If that was an on-premises network, based on VLANs and routing, then life would get complicated. But this is software defined networking. These addresses are more for our comfort than for the “machine” that runs the network. In the end, NVGRE which powers the Azure network, is copying packets from a source NIC to destination NIC and is abstracts the underlying physical complexity through encapsulation (dig up Damian Flynn’s old NVGRE presentations on VMM logical software defined networks). In short … you add these address spaces, then create subnets and the subnets will route automatically across those spaces.
If you go into subnets, you now can create subnets within the address spaces of the virtual network and they just route.
To prove this simplicity, I deployed a VM in 192.168.1.0/24 and another in 172.16.1.0/24. I modified Windows Firewall to allow ICMP in (ping) and then ran some ping and tracert tests between the two machines in different address spaces. In a normal VLAN world, the results would illustrate the underlying complexity. In Azure’s software defined network, these are just 2 subnets in the same virtual network.
Pretty cool, right?