Create multiple prefixes for a subnet in an Azure Virtual Network - Preview

Large deployments of multiple scale apps within a virtual network are at risk of subnet address space exhaustion. Subnets in your virtual networks can host many applications that need the ability to scale out. This feature AllowMultipleAddressPrefixesOnSubnet allows you to scale your virtual machines and Azure Virtual Machine Scale Sets in subnets with ease. The feature eliminates the need to remove all resources from a subnet as a prerequisite for modifying its address prefixes.

Currently, Virtual Machine Scale Sets allows you to specify only one subnet. There isn't capability to extend subnet space or cross subnet boundaries. Virtual Machine Scale Sets can now take advantage of multiple address spaces when scaling up. If the first subnet is full, extra virtual machines spill over to subsequent subnets.

The following limitations apply during the public preview:

  • The feature only supports virtual machines and virtual machine scale sets and doesn't support Bare Metal or VNet injection for Containers, especially PodSubnet IPAM mode in AKS clusters. Any delegated subnet can't use this feature.

  • This feature doesn't support multiple customer address (CA) configurations. When using multiple prefixes on a subnet, you're only able to use a single customer address (CA) configuration. A single IPv4 (Internet Protocol version 4) and single IPv6 (Internet Protocol Version 6) address per NIC (network interface card) is supported.

Important

Multiple prefix support for Azure Virtual Network subnets is currently in public preview. This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. For more information, see Supplemental Terms of Use for Azure Previews.

Prerequisites

Caution

Subnet properties "addressPrefixes" and "addressPrefix" are not to be used interchangeably. For best results, use only "addressPrefixes" for both a single address prefix and for multiple address prefixes. If you are already using "addressPrefix" in your workflows, continue to use this property.

  • Azure PowerShell installed locally or Azure Cloud Shell.

  • Sign in to Azure PowerShell and ensure you select the subscription with which you want to use this feature. For more information, see Sign in with Azure PowerShell.

  • Ensure your Az.Network module is 4.3.0 or later. To verify the installed module, use the command Get-InstalledModule -Name Az.Network. If the module requires an update, use the command Update-Module -Name Az.Network if necessary.

If you choose to install and use PowerShell locally, this article requires the Azure PowerShell module version 5.4.1 or later. Run Get-Module -ListAvailable Az to find the installed version. If you need to upgrade, see Install Azure PowerShell module. If you're running PowerShell locally, you also need to run Connect-AzAccount -Environment AzureChinaCloud to create a connection with Azure.

  • To access the multiple subnet prefix preview feature you'll need to register it in your Azure subscription. For more information about registering preview features in your subscription, see Set up preview features in Azure subscription.

    • Azure Feature Exposure Control (AFEC) is available through the Microsoft.Features namespace. For this feature, two AFEC flags will need to be registered in your subscription:

      • Microsoft.Features/providers/Microsoft.Network/features/AllowMultipleAddressPrefixesOnSubnet

      • Microsoft.Features/providers/Microsoft.Network/features/AllowDeletionOfIpPrefixFromSubnet

    • To register the feature, use the following commands:

    Register-AzProviderFeature -FeatureName AllowMultipleAddressPrefixesOnSubnet -ProviderNamespace Microsoft.Network

Register-AzProviderFeature -FeatureName AllowDeletionOfIpPrefixFromSubnet -ProviderNamespace Microsoft.Network

Create a subnet with multiple prefixes

In this section, you create a subnet with multiple prefixes.

  1. Use New-AzResourceGroup to create a resource group named test-rg in the chinanorth3 location.

    $rg = @{
    Name = 'test-rg'
    Location = 'chinanorth3'
}
New-AzResourceGroup @rg

  2. Use New-AzVirtualNetworkSubnetConfig to create a subnet with multiple prefixes.

    $subnet = @{
    Name = 'subnet-1'
    AddressPrefix = '10.0.0.0/24', '10.0.1.0/24'
}
$subnetConfig = New-AzVirtualNetworkSubnetConfig @subnet

  3. Use New-AzVirtualNetwork to create a virtual network with the subnet.

    $net = @{
    Name = 'vnet-1'
    ResourceGroupName = 'test-rg'
    Location = 'chinanorth3'
    AddressPrefix = '10.0.0.0/16'
    Subnet = $subnetConfig
}
New-AzVirtualNetwork @net

Update an existing subnet with multiple prefixes

In this section, you add a second prefix on an existing subnet to expand the address space.

  1. Use Get-AzVirtualNetwork to retrieve the target virtual network configuration in a variable.

    $vnet = Get-AzVirtualNetwork -ResourceGroupName 'test-rg' -Name 'vnet-1'

  2. Use Set-AzVirtualNetworkSubnetConfig to add a second address prefix to subnet configuration. Specify both the existing and new address prefixes in this step.

    Set-AzVirtualNetworkSubnetConfig -Name 'subnet-1' -VirtualNetwork $vnet -AddressPrefixes '10.0.0.0/24', '10.0.1.0/24'

  3. Use Set-AzVirtualNetwork to apply the updated virtual network configuration.

    $vnet | Set-AzVirtualNetwork @vnet

  4. Use Get-AzVirtualNetwork and Get-AzVirtualNetwork to retrieve updated virtual network and subnet configuration. Verify that the subnet now has two address prefixes.

    Get-AzVirtualNetwork -ResourceGroupName 'test-rg' -Name 'vnet-1' | `
    Get-AzVirtualNetworkSubnetConfig -Name 'subnet-1' | `
    ConvertTo-Json