none
Address Space/Range issue with Virtual Network, Subnet and Gateway Subnet on Azure RRS feed

  • Question

  • Hi,


    I am facing troubles with address space/range issue as follows.


    While creating a virtual network on Azure, it asks for

    Virtual Network name,
    Address space,
    Subnet name and
    Address range.

    Keeping in mind for creating two subnets in a virtual network, I filled information as


    Address space: x.0.0.0/28 (for 16 addresses x.0.0.1 - x.0.0.15)
    Address range: x.0.0.0/29 (for 8 addresses x.0.0.0 - x.0.0.7)


    Virtual network created successfully.


    While creating the Gateway Subnet, I am unable to understand what address range should I use here.


    I see following errors.


    Your subnet is not contained within the address space for this virtual network: x.0.0.0/28. and

    The specified address space overlaps with subnet 'default' which has a range of 'x.0.0.0/28'.


    I deleted virtual network and created another virtual network as follows


    Address space: x.0.0.0/24 (for 256 addresses x.0.0.0 - x.0.0.256)
    Address range: x.0.0.0/24 (for 256 addresses x.0.0.0 - x.0.0.256)


    Virtual network created successfully.


    While creating the Gateway Subnet, I see the same error message as above.


    Please be kind to fix this issue.

    Regards
    InTechSys

    InTechSys

    Saturday, March 2, 2019 6:10 PM

Answers

  • Hi, 

    VNET is the isolation point. All subnets within the VNET will be able to communicate with each other by default. Gateway Subnet is where you deploy the VPN / Express Route gateway via with you communicate with other VNET or On-Premises. 

    Regards, 

    Msrini

    Wednesday, March 13, 2019 6:49 PM
    Moderator
  • Hi, 

    Address space is the super set and subnet is the subset of IP address in Azure. 

    If you create a Address Space of 10.0.0.0/24 and if you  utilize all your IP address in a single subnet then you will not be able to create a gateway subnet. 

    Create a address space of 10.0.0.0/24 

     - Subnet1 - 10.0.0.0/27

     -Gateway Subnet - 10.0.0.32/27

    Regards, 

    Msrini

    Sunday, March 3, 2019 9:31 AM
    Moderator
  • Hi, 

    Yes, your understanding is correct. 

    Please 'Mark as answer' if any of the replies helped, so that others in the community who are looking for similar question, can benefit from it.

    Regards, 

    Msrini

    • Marked as answer by InTechSys Wednesday, May 22, 2019 2:36 PM
    Wednesday, March 13, 2019 7:46 PM
    Moderator
  • Yes, correct. VM NICs connected to subnets (same or different) within a VNet can communicate with each other without any extra configuration.

    Ref: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/network-overview.


    • Marked as answer by InTechSys Wednesday, May 22, 2019 2:36 PM
    Wednesday, March 13, 2019 7:49 PM
  • For "how many virtual networks", could be 100 on up to 1000 but all depends on your subscription. Please refer to Subscription Limits posted in the link below.

    And yes, for each vnet (with or without multiple subnets) only one gw subnet.

    https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits?toc=%2fazure%2fvirtual-network%2ftoc.json#networking-limits



    Wednesday, March 13, 2019 9:50 PM
  • The link: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/network-overview

    doesn’t work and the link: https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits?toc=%2fazure%2fvirtual-network%2ftoc.json#networking-limits is useful.

    Thank you for sharing the useful link.

    As you said previously, VM NICs connected to subnets (same or different) within a VNet can communicate with each other without any extra configuration.

    Taking a scenario, if there is more than one VNet in a resource group and if more than one resource group in a subscription, then I believe, by default, subnets of individual VNet will not be able to communicate each other.


    InTechSys



    • Edited by InTechSys Wednesday, April 3, 2019 7:26 PM edited
    • Marked as answer by InTechSys Wednesday, May 22, 2019 2:37 PM
    Wednesday, April 3, 2019 5:35 PM
  • Irrespective of whatever resource Group you deploy your VM, as long as the VMs are in the same VNET, by default VMs will be able to communicate with each other. 

    Regards, 

    Msrini

    Thursday, April 4, 2019 8:20 AM
    Moderator
  • Does it mean, Gateway Subnet is basically required for deployment of VPN/ Express Route for communication with other VNET or On-Premises?

    Yes, Gateway subnet is mandatory for the Gateway deployment without which you will not be able to deploy gateway in your VNET,

    • Marked as answer by InTechSys Wednesday, May 22, 2019 4:13 PM
    Wednesday, May 22, 2019 3:59 PM
    Moderator
  • As you said, Address space is the super set and subnet is the subset of IP address in Azure.

    I request to elaborate it.

    You can consider Address space as a big circle and subnets as smaller circles within the big circles.

    • Marked as answer by InTechSys Wednesday, May 22, 2019 4:13 PM
    Wednesday, May 22, 2019 4:00 PM
    Moderator
  • Hi, 

    In Azure, the first 4 address of a subnet cannot be assigned to a resource. And the last address which is a broadcast address cannot be used. 

    I would suggest you to go for a bigger address space so that you can add more resources in the future if needed. 

    Go with 11.0.0.0/24 as Address space and create 4 subnets from it. 

    11.0.0.0/26 - (64 address)

    11.0.0.64/26 - (64 address)

    11.0.0.128/26 - (64 address)

    11.0.0.192/26 -(64 address)

    Regards, 

    Msrini

    Saturday, May 25, 2019 6:15 AM
    Moderator

All replies

  • Hi, 

    Address space is the super set and subnet is the subset of IP address in Azure. 

    If you create a Address Space of 10.0.0.0/24 and if you  utilize all your IP address in a single subnet then you will not be able to create a gateway subnet. 

    Create a address space of 10.0.0.0/24 

     - Subnet1 - 10.0.0.0/27

     -Gateway Subnet - 10.0.0.32/27

    Regards, 

    Msrini

    Sunday, March 3, 2019 9:31 AM
    Moderator
  • In terms of pricing & subscription type, does it matter how many virtual network I can create/ keep in a resource group?

    While creating a Gateway Subnet, I observed,

    • For each virtual network, there can be only one Gateway Subnet.
    • If there are more than one subnet in a virtual network, it doesn’t matter. Only one Gateway subnet will be used for all subnets.

    Am I right?

    If I am right, in terms of isolated network, if there are more than one subnet in a virtual network (e.g. VNet1), all subnets are isolated to each other in VNet1. If there is another virtual network (e.g. VNet2) containing more than one subnet. Now, isolation among subnets in a virtual network and isolation between a subnet of a virtual network and a subnet of another virtual network. What is the difference between both isolation?

    Please resolve my multiple queries related to virtual network, subnet and Gateway subnet.


    InTechSys

    Wednesday, March 13, 2019 6:35 PM
  • Hi, 

    VNET is the isolation point. All subnets within the VNET will be able to communicate with each other by default. Gateway Subnet is where you deploy the VPN / Express Route gateway via with you communicate with other VNET or On-Premises. 

    Regards, 

    Msrini

    Wednesday, March 13, 2019 6:49 PM
    Moderator
  • As you said, all subnets within the VNET will be able to communicate with each other by default.

    A subnet can have a VM. Then, by default, can one VM communicate with another VM of another subnet within the VNET?



    InTechSys

    Wednesday, March 13, 2019 7:21 PM
  • Hi, 

    Yes, your understanding is correct. 

    Please 'Mark as answer' if any of the replies helped, so that others in the community who are looking for similar question, can benefit from it.

    Regards, 

    Msrini

    • Marked as answer by InTechSys Wednesday, May 22, 2019 2:36 PM
    Wednesday, March 13, 2019 7:46 PM
    Moderator
  • Yes, correct. VM NICs connected to subnets (same or different) within a VNet can communicate with each other without any extra configuration.

    Ref: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/network-overview.


    • Marked as answer by InTechSys Wednesday, May 22, 2019 2:36 PM
    Wednesday, March 13, 2019 7:49 PM
  • Thank you for clarifying concept.

    As I asked previously...

    In terms of pricing & subscription type, does it matter how many virtual network I can create/ keep in a resource group?

    While creating a Gateway Subnet, I observed,

    For each virtual network, there can be only one Gateway Subnet.

    If there are more than one subnet in a virtual network, it doesn’t matter. Only one Gateway subnet will be used for all subnets.

    Am I right?


    InTechSys

    Wednesday, March 13, 2019 8:23 PM
  • For "how many virtual networks", could be 100 on up to 1000 but all depends on your subscription. Please refer to Subscription Limits posted in the link below.

    And yes, for each vnet (with or without multiple subnets) only one gw subnet.

    https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits?toc=%2fazure%2fvirtual-network%2ftoc.json#networking-limits



    Wednesday, March 13, 2019 9:50 PM
  • Any update on this issue? If the proposed answer helped please remember to mark it as the answer so others who encounter a similar issue can easily find the solution. 
    Friday, March 15, 2019 10:47 PM
    Moderator
  • Any update on this issue? If the answer helped you resolve the problem remember to mark as answer so others in the community can easily find the solution
    Friday, March 22, 2019 8:03 PM
    Moderator
  • The link: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/network-overview

    doesn’t work and the link: https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits?toc=%2fazure%2fvirtual-network%2ftoc.json#networking-limits is useful.

    Thank you for sharing the useful link.

    As you said previously, VM NICs connected to subnets (same or different) within a VNet can communicate with each other without any extra configuration.

    Taking a scenario, if there is more than one VNet in a resource group and if more than one resource group in a subscription, then I believe, by default, subnets of individual VNet will not be able to communicate each other.


    InTechSys



    • Edited by InTechSys Wednesday, April 3, 2019 7:26 PM edited
    • Marked as answer by InTechSys Wednesday, May 22, 2019 2:37 PM
    Wednesday, April 3, 2019 5:35 PM
  • What do you mean by Resource Provider? Do you mean Resource Group here?

    Here VNET is the isolation. You can communicate with each subnet within same VNET. 

    Regards, 

    Msrini

    Wednesday, April 3, 2019 7:21 PM
    Moderator
  • I am sorry. I edited my last reply. It is Resource Group.

    InTechSys

    Wednesday, April 3, 2019 7:27 PM
  • Irrespective of whatever resource Group you deploy your VM, as long as the VMs are in the same VNET, by default VMs will be able to communicate with each other. 

    Regards, 

    Msrini

    Thursday, April 4, 2019 8:20 AM
    Moderator
  • As you said, Gateway Subnet is where you deploy the VPN / Express Route gateway via with you communicate with other VNET or On-Premises.

    Does it mean, Gateway Subnet is basically required for deployment of VPN/ Express Route for communication with other VNET or On-Premises?


    InTechSys

    Wednesday, May 22, 2019 3:46 PM
  • As you said, Address space is the super set and subnet is the subset of IP address in Azure.

    I request to elaborate it.


    InTechSys

    Wednesday, May 22, 2019 3:48 PM
  • Does it mean, Gateway Subnet is basically required for deployment of VPN/ Express Route for communication with other VNET or On-Premises?

    Yes, Gateway subnet is mandatory for the Gateway deployment without which you will not be able to deploy gateway in your VNET,

    • Marked as answer by InTechSys Wednesday, May 22, 2019 4:13 PM
    Wednesday, May 22, 2019 3:59 PM
    Moderator
  • As you said, Address space is the super set and subnet is the subset of IP address in Azure.

    I request to elaborate it.

    You can consider Address space as a big circle and subnets as smaller circles within the big circles.

    • Marked as answer by InTechSys Wednesday, May 22, 2019 4:13 PM
    Wednesday, May 22, 2019 4:00 PM
    Moderator
  • I have similar query related to the threat. That is why I thought, it is not required to post new thread.

    I planned for creating four subnets in a VNet.

    That is why I assigned Address Space 11.0.0.0/27 for the VNet.
    And I assigned Address Space 11.0.0.0/29 for 1 subnet.

    11.0.0.0/27 says 11.0.0.0 - 11.0.0.31 (32 addresses) and
    11.0.0.0/29 says 11.0.0.0 - 11.0.0.7 (8 addresses).

    Now what Address Space should I use for rest three subnets so that IP distribution is like
    11.0.0.8 - 11.0.0.15
    11.0.0.16 - 11.0.0.23 and
    11.0.0.24 - 11.0.0.31

    for rest three subets.


    InTechSys

    Friday, May 24, 2019 8:41 PM
  • Hi, 

    In Azure, the first 4 address of a subnet cannot be assigned to a resource. And the last address which is a broadcast address cannot be used. 

    I would suggest you to go for a bigger address space so that you can add more resources in the future if needed. 

    Go with 11.0.0.0/24 as Address space and create 4 subnets from it. 

    11.0.0.0/26 - (64 address)

    11.0.0.64/26 - (64 address)

    11.0.0.128/26 - (64 address)

    11.0.0.192/26 -(64 address)

    Regards, 

    Msrini

    Saturday, May 25, 2019 6:15 AM
    Moderator
  • As you said, In Azure, the first 4 address of a subnet cannot be assigned to a resource. And the last address which is a broadcast address cannot be used.

    And I planned for four subnets in a VNet. If I plan for only two subnets in a VNet, will 11.0.0.0/27 work?

    If yes, what can be the Address Spaces for two subnets using 11.0.0.0/27?


    InTechSys

    Saturday, May 25, 2019 8:57 AM
  • VM is created using VNet 11.0.0.0/27 and Subnet 11.0.0.0/29 and I assigned static IP.

    I can connect it using RDP. Currently its status is Stopped (deallocated).

    Now I want to remove subnet (11.0.0.0/29) and create another subnet for exiting VM.

    What I need to do?

    I was trying to delete exiting subnet, it’s failed.

    I was trying to detach Network Interface, its failed.

    I was try to delete network interface, it’s failed.

    Regards

    InTechSys


    InTechSys

    Saturday, May 25, 2019 9:46 AM
  • You can go with 11.0.0.0/28 for one subnet and 11.0.0.16/28 for the other subnet.

    Regards, 

    Msrini

    Saturday, May 25, 2019 10:04 AM
    Moderator
  • Turn OOF all the VMs. 

    1. Add a dummy address space 12.0.0.0/27. 
    2. Create a new subnet with 12.0.0.0/27
    3. Then go to the NIC and then choose IP config
    4. Choose the newly created subnet
    5. Now edit the subnet address from 11.0.0.0/29 to 11.0.0.0/28
    6. Go to the NIC and choose IP config and choose the 11.0.0.0/28 subnet
    7. Delete the dummy address space and Turn ON your VMs.

    Regards, 

    Msrini

    Saturday, May 25, 2019 10:09 AM
    Moderator