How to Set Up Virtual Networks (VNET) on Microsoft Azure

Introduction to Virtual Networks on Azure

Networking in cloud providers has always been a challenging topic because, depending on your use case, you will need to know the exact or approximate amount of IP addresses required.

Autoscaling when using VMs is one of the numerous benefits of working with a cloud provider, but for this, it will be necessary to work with an available range of IPs in the subnet. When creating your computer network in the cloud, you need to define the maximum "range" of IPs you would like to have in your network environment. Eventually, you might need numerous IPs, for instance, more than 1,000 IP addresses in a production environment, or you might simply need a small number of IPs, such as 10 or 20 IPs, particularly in development environments.

The amount of IP addresses we will work with is defined by the Network Mask Size (the integer value that follows the slash) in the CIDR (Classless Inter-Domain Routing) of the VNET (Virtual Network). The VNET in Azure is equivalent to the VPC in AWS and GCP. With VNET, we can create a private, secure, and managed network.

Concept of CIDR and IP Ranges

An IPv4 (version 4) address consists of 32 bits or 4 octets, and we can represent an IP address as follows (above, the IP address being represented in binary form, and below, the position of each bit):

If we configure the CIDR of a VNET, for example, as 10.0.0.0/16, we are stating that the first 16 bits of the IP address will be reserved to define the network, and the remaining bits will be available for the hosts (VMs), meaning that each host will be a new Virtual Machine instance that can use an IP in that network.

So, the decimal of 10.0.0.0/16 is equivalent to binary:

Where, the yellow selection will remain fixed for the network configuration.

Defining the IP Range and Calculating Available IPs in the VNET

The interesting part starts now!

"/16" in the CIDR of the VNET equals the number of IP addresses available for that VNET. Since we are talking about "bit reservation" of an IP address, to discover how many IP addresses we are dealing with, we have to calculate the exponent 2^16, where 16 refers to "X.X.X.X/16".

So 2^16 equals 65,536, meaning 65,536 IPs are available.

The higher the number after the slash "/", the fewer IP addresses you will have available for the VNET. The lower the number after the slash "/", the more IP addresses you will have available.

By the way, this number after the slash is called the "Network Prefix" or "Network Mask Size" (we are just being more didactic to better understand the calculation).

To find the available IP range, we need to subtract the total number of bits an IP address has (32 bits) from the number after the slash "/".

Some practical examples:

VNET CIDR = 10.0.0.0/15

• Total of 32 bits – 15 bits = 17 bits remaining after subtraction
• 2^17 = 131,072 or 131,072 available IP addresses

VNET CIDR = 10.0.0.0/20

• Total of 32 bits – 20 bits = 12 bits remaining after subtraction
• 2^12 = 4,096 or 4,096 available IP addresses

VNET CIDR = 10.0.0.0/28

• Total of 32 bits – 28 bits = 4 bits remaining after subtraction
• 2^4 = 16 available IP addresses

The next step is to determine how many subnets will consume the total available IPs in the VNET. Additionally, we need to understand the range of IPs we will use between the subnets so that one subnet does not overlap another.

Subnet Configuration in VNET and Practical Subnetting Examples

Let's consider that, for the VNET with CIDR = 10.0.0.0/16, we would like to use 4 subnets. Since 10.0.0.0/16 equals 65,536 IPs, we can use the following calculation:

• 10.0.0.0/16 = 65,536 IPs
• 65,536 IPs / (divided by) the number of subnets (4) = 16,384 IPs for each subnet

Thus, each subnet should have the following CIDR:

Subnet 1 = 10.0.0.0/18

Subnet 2 = 10.0.64.0/18

Subnet 3 = 10.0.128.0/18

Subnet 4 = 10.0.192.0/18

Why "/18"?

- Because when calculating the logarithm of 16,384, we get 14 as a result!

Since we are always talking about binary numbers (base 2) to find the number of available IPs in a VNET CIDR using the exponential 2 ^ (the number after the VNET CIDR slash), to perform the reverse calculation, we use logarithms in base 2.

As each of the 4 subnets will have 16,384 IPs and the logarithm of this number equals 14, we need to perform the same subtraction calculation that we did for the VNET CIDR, also for the subnets, i.e.:

• Total of 32 bits – the logarithm result of 16,384 IPs (14 bits) = 18, so we get "/18."

So each subnet within VNET 10.0.0.0/16 should be:

Subnet 1 = 10.0.0.0/18

Subnet 2 = 10.0.0.0/18

Subnet 3 = 10.0.0.0/18

Subnet 4 = 10.0.0.0/18

==> However, we still have one more small adjustment to be made! <==

Adjusting the IP Ranges between Subnets

What would that be?

- The IP ranges between each subnet! – If we don't configure each range of 16,384 IPs between the subnets, one subnet will overlap another, causing errors even during the creation of the subnet from the second one onwards.

How to adjust this?

- Well, we need to do one last calculation to adjust the IP range between subnets based on the IP range of the first subnet.

The calculation is as follows: 255 corresponds to the maximum count of hosts in a network.

Since each subnet will have a fixed and equal amount of 16,384 IPs and the CIDR of the first subnet is 10.0.0.0/18, dividing 16,384 by 255 = 64.250980392156863.

Calculation:

==> Subnet 1 - 10.0.0.0/18, 16384 / 255 = 64.250980392156863.

We need to convert the result of the division to an Integer:

Let's round this to an integer: 64, meaning the last IP combination of subnet 1 will be 10.0.63.255 (including the Broadcast):

So, the next value will be the start of subnet 2, i.e. 10.0.64.0, resulting in the following range:

• Subnet 1 = 10.0.0.0/18
• Subnet 2 = 10.0.64.0/18

...

How do we find the next ranges for subnets 3 and 4, respectively?

- Since the first range is 64, we simply sum it to the first result from the first subnet:

Subnet 1 range: 10.0.0.0/18

16384 / 255 = int(64) = Subnet 2 range: 10.0.64.0/18

16384 / 255 = int(64) + int(64) = int(128) = Subnet 3 range: 10.0.128.0/18

16384 / 255 = int(64) + int(128) = int(192) = Subnet 4 range: 10.0.192.0/18

Final Considerations and Optimisation Tips

So, we conclude that for the VNET 10.0.0.0/16 (65,536 available IPs), we have 4 subnets with the following ranges:

• Subnet 1 - 10.0.0.0/18 (16,384 available IPs)
• Subnet 2 - 10.0.64.0/18 (16,384 available IPs)
• Subnet 3 - 10.0.128.0/18 (16,384 available IPs)
• Subnet 4 - 10.0.192.0/18 (16,384 available IPs)

In this article, I explained how to calculate the VNET CIDR and the available IP range for each subnet. I would like to highlight that there are specific situations where you will face challenges such as "IP number limitations", so you will need to adopt strategies like refactoring your IP range into a larger one (if the available IPs are exhausted) or perhaps using a "Peering" solution where multiple VNETs communicate among themselves to try to resolve the problem of lack of IPs without impacting systems already in operation.

Thank you very much for reading this far!

Marco