Queries related to utilization, distribution and pricing of IP addresses on Azure

0
votes

I have queries related to utilization, distribution and pricing of IP addresses on Azure.

Taking an example, 10.0.0.0/27. It says, 10.0.0.0 - 10.0.0.31 (32 addresses).

After expanding I found as..

CIDR Range: 10.0.0.0/27 Netmask: 255.255.255.224 Wildcard Bits: 0.0.0.31 First IP: 10.0.0.0 Last IP: 10.0.0.31 Total Host: 32

I assigned 10.0.0.0/27 for both VNet and Subnet on Azure Portal. After creating the virtual network, I see available address 27.

1) No virtual machine created yet, then why the available addresses are 27?

2) What is the IP range for 27 available addresses?

While creating Gateway Subnet, I see errors like...

The specified address space overlaps with subnet 'Subnet1' which has a range of '10.0.0.0/27'.

Your subnet is not contained within the address space for this virtual network: 10.0.0.0/27.

3) How to calculate and decide the available gateway subnet address space for a virtual network?

4) For using gateway subnet, is it mandatory or recommended to add another subnet before or after creating gateway subnet?

5) Why address space is required for creating a gateway subnet? Is gateway subnet not a fixed or static IP address for creating connection?

6) In case of virtual network, 10.0.0.0/27, is pricing done on the basis of utilized IP addresses only?

7) In case of virtual network, 10.0.0.0/27, if there are some un-utilized IP addresses, are they blocked to me or my subscription or un-utilized IP addresses can be used by someone else on his azure portal?

I sincerely request to clarify all seven queries.

2
azureip-addressvnet

2 Answers

0
votes

Q1-Q3:

Read Azure VNet FAQ, Azure reserves 5 IP addresses within each subnet. These are x.x.x.0-x.x.x.3 and the last address of the subnet. So you have 27 available addresses for the address range 10.0.0.0/27. It's address range 10.0.0.4 - 10.0.0.30

Q4: It's not mandatory for creating Gateway subnet order, you only need to calculate the CIDR Range for each subnet including in your current virtual network address range.

Q5: If you need to configure a virtual network gateway. The gateway subnet contains the IP addresses that the virtual network gateway services use. All gateway subnets must be named GatewaySubnet to work properly. Read here. If you don't need a VPN gateway, you don't need to create Gateway subnet in this VNet.

Q6-Q7: Have a look at Azure VNet pricing and VPN gateway pricing.

Azure Virtual Network is free of charge. Every subscription is allowed to create up to 50 virtual networks across all regions.

Public IP addresses, and reserved IP addresses used on services inside a virtual network, are charged.

Network appliances such as VPN Gateway and Application Gateway that are run inside a virtual network are also charged.

For the un-utilized IP addresses, It looks like unassigned private IP address in your on-premise network. They can continue to be assigned to the resources when you deployed some resources in the VNet or subnet.

For more details, you can read this blog: Understanding CIDR Notation when designing Azure Virtual Networks and Subnets

0
votes

  1. Azure reserves 5 IP addresses within each subnet. These are x.x.x.0-x.x.x.3 and the last address of the subnet.

       x.x.x.0 and the last address of the subnet is reserved for protocol conformance.
   x.x.x.1-x.x.x.3 is reserved in each subnet for Azure services.

  2. Address space is the super set of subnets. So, your Address space needs to be bigger and should be able to accommodate the IPs which you are defining for the Subnets.

  3. Basic Subnetting would help.

  4. It is not recommended to deploy your workloads on Gateway subnet. So you need other subnets to deploy your workloads.

  5. Gateways does have a Private IP address which it gets from the Gateway subnet. As I mentioned in Point 2, Address space is the super set of subnets.

  6. Only Public IPs are charged. Private IP which you define in Azure VNET is not charged.

  7. Since it is Private IP address, you can create another 10.0.0.0/27 VNET in the same region. VNET provides a isolation and the address which you define is isolated to that VNET.