connectivity and routing will be possible in the future. If my organization used the
10.0.0.0/8 IP range on premises, I would like to use the 172.16.0.0/12 range in
Microsoft Azure to avoid any risk of overlap. Once you decide on the IP address range
you wish to use for the Microsoft Azure network, you can divide it into subnets for use
by different types of services. For example, I like to create different subnets for my
Microsoft Azure infrastructure servers, such as domain controllers, and another for
my Microsoft Azure application services, such as SQL servers. The Microsoft Azure
gateway to provide VPN also requires its own IP subnet. A subnet can be as large as /8
and as small as /29 (using CIDR subnet definitions). Remember, this is showing the
number of bits in the IP address that defines the network. A /8 means a subnet mask
of 255.0.0.0, and I don’t think you would ever have a subnet anywhere close to this
size. Gateway functionality between subnets in a virtual network is provided
automatically by the virtual network, but you cannot ping the gateway for each subnet,
nor will tracert-type utilities work.
Within a virtual network subnet, the first and last IP addresses of a subnet are
reserved as part of the protocol for network addresses (host ID all 0s) and broadcast
addresses (host ID all 1s), respectively. Microsoft Azure also reserves the first three IP
addresses in each subnet (binary 01, 10, and 11 in the host ID portion of the IP
address). This can be seen in Figure 12.16, where I show an example virtual network I
have defined that has three subnets. Note that in the example, my virtual network has
a Subnet3 with a /29 address space. Although this should give eight usable IP
addresses, note that only three are available, because five IPs are lost, as previously
discussed.
Figure 12.16 Viewing available IP addresses within a virtual subnet
Once you define subnets and add virtual machines to a subnet, the virtual machine’s
IP address will be allocated from the IP address range from that subnet as an infinite
lease. Even though DHCP is used to assign the IP address to the virtual machine, the
actual IP address will never change while the virtual machine is provisioned; that is,
while you are paying for it. This does mean that you have to be careful never to