Create multiple prefixes for a subnet in an Azure Virtual Network

Application deployments that need dynamic scaling within a virtual network are at risk of subnet address space exhaustion. Subnets in your virtual networks can host many applications that need the ability to scale out. The Multiple Address Prefixes on Subnet capability allows you to scale your virtual machines and Azure Virtual Machine Scale Sets in subnets with ease. The feature eliminates the need to remove all resources from a subnet as a prerequisite for modifying its address prefixes.

Currently, there isn't a capability to extend subnet space or cross subnet boundaries, which limits the Virtual Machine Scale Set to the available address space in a subnet. But with this feature, Virtual Machine Scale Sets can now take advantage of additional subnet address spaces when scaling up. If the first subnet is full, additional virtual machines or Virtual Machine Scale Sets can spill over to the new address space prefix within the same subnet.

The following limitations still apply as of now:

  • The feature only supports virtual machines and virtual machine scale sets and doesn't support Bare Metal or VNet injection for Containers, especially PodSubnet IPAM mode in AKS clusters. Any delegated subnet can't use this feature (except for GatewaySubnets delegated to VPN Gateway and ExpressRoute Gateway services).

  • This feature doesn't support multiple customer address (CA) configurations. When using multiple prefixes on a subnet, you're only able to use a single customer address (CA) configuration. A single IPv4 (Internet Protocol version 4) and single IPv6 (Internet Protocol Version 6) address per NIC (network interface card) is supported.

  • This feature is only available currently via command line (PowerShell, CLI) or Azure Resource Manager Templates. Azure portal support is limited. Once additional address prefixes are added, under the Subnets blade, you'll be able to see the correct count of Available IPs from all the prefixes, but only the first prefix is listed.

    • You can get the details of subnet configuration and all subnet prefixes by navigating to Virtual Network Overview page and selecting JSON View.

Prerequisites

Caution

Subnet properties addressPrefixes and addressPrefix aren't to be used interchangeably. For best results, use only addressPrefixes for both a single address prefix and for multiple address prefixes. If you're already using addressPrefixes in your workflows, continue to use this property.

  • Azure PowerShell installed locally or Azure Cloud Shell.

  • Sign in to Azure PowerShell and ensure you select the subscription with which you want to use this feature. For more information, see Sign in with Azure PowerShell.

  • Ensure your Az.Network module is 4.3.0 or later. To verify the installed module, use the command Get-InstalledModule -Name Az.Network. If the module requires an update, use the command Update-Module -Name Az.Network if necessary.

If you choose to install and use PowerShell locally, this article requires the Azure PowerShell module version 5.4.1 or later. Run Get-Module -ListAvailable Az to find the installed version. If you need to upgrade, see Install Azure PowerShell module. If you're running PowerShell locally, you also need to run Connect-AzAccount -Environment AzureChinaCloud to create a connection with Azure.

Create a subnet with multiple prefixes

In this section, you create a subnet with multiple prefixes.

  1. Use New-AzResourceGroup to create a resource group named test-rg in the chinanorth3 location.

    $rg = @{
    Name = 'test-rg'
    Location = 'chinanorth3'
}
New-AzResourceGroup @rg

  2. Use New-AzVirtualNetworkSubnetConfig to create a subnet with multiple prefixes.

    $subnet = @{
    Name = 'subnet-1'
    AddressPrefix = '10.0.0.0/24', '10.0.1.0/24'
}
$subnetConfig = New-AzVirtualNetworkSubnetConfig @subnet

  3. Use New-AzVirtualNetwork to create a virtual network with the subnet.

    $net = @{
    Name = 'vnet-1'
    ResourceGroupName = 'test-rg'
    Location = 'chinanorth3'
    AddressPrefix = '10.0.0.0/16'
    Subnet = $subnetConfig
}
New-AzVirtualNetwork @net

Update an existing subnet with multiple prefixes

In this section, you add a second prefix on an existing subnet to expand the address space.

  1. Use Get-AzVirtualNetwork to retrieve the target virtual network configuration in a variable.

    $vnet = Get-AzVirtualNetwork -ResourceGroupName 'test-rg' -Name 'vnet-1'

  2. Use Set-AzVirtualNetworkSubnetConfig to add a second address prefix to subnet configuration. Specify both the existing and new address prefixes in this step

    Important

    You must not skip listing the existing subnet prefixes in this step. Only the address prefixes specified here will be applied in next step, all others will be removed if not in use, or result in an error if those are referenced by existing network interfaces.

    Set-AzVirtualNetworkSubnetConfig -Name 'subnet-1' -VirtualNetwork $vnet -AddressPrefix '10.0.0.0/24', '10.0.1.0/24'

  3. Use Set-AzVirtualNetwork to apply the updated virtual network configuration.

    $vnet | Set-AzVirtualNetwork

  4. Use Get-AzVirtualNetwork and Get-AzVirtualNetwork to retrieve updated virtual network and subnet configuration. Verify that the subnet now has two address prefixes.

    Get-AzVirtualNetwork -ResourceGroupName 'test-rg' -Name 'vnet-1' | `
    Get-AzVirtualNetworkSubnetConfig -Name 'subnet-1' | `
    ConvertTo-Json

Remove a prefix from the subnet

You can also remove the address prefixes from the subnet that aren't being actively used, that is, no existing network interfaces are referencing these address prefixes. In this section, you'll remove an unused address prefix.

  1. Use Get-AzVirtualNetwork to retrieve the target virtual network configuration in a variable.

    $vnet = Get-AzVirtualNetwork -ResourceGroupName 'test-rg' -Name 'vnet-1'

  2. Use Get-AzVirtualNetworkSubnetConfig to list all the address prefixes on the target subnet.

    Get-AzVirtualNetworkSubnetConfig -Name 'subnet-1' -VirtualNetwork $vnet

  3. Use Set-AzVirtualNetworkSubnetConfig to update the list of address prefixes and remove the ones that aren't used.

    Important

    Only the address prefixes specified here will be applied in next step, all others will be removed if not in use, or result in an error if those are referenced by existing network interfaces.

    Set-AzVirtualNetworkSubnetConfig -Name 'subnet-1' -VirtualNetwork $vnet -AddressPrefix '10.0.1.0/24'

  4. Use Set-AzVirtualNetwork to apply the updated virtual network configuration.

    $vnet | Set-AzVirtualNetwork

  5. Use Get-AzVirtualNetwork and Get-AzVirtualNetwork to retrieve updated virtual network and subnet configuration. Verify that the subnet now has two address prefixes.

    Get-AzVirtualNetwork -ResourceGroupName 'test-rg' -Name 'vnet-1' | `
    Get-AzVirtualNetworkSubnetConfig -Name 'subnet-1' | `
    ConvertTo-Json