This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 46%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
In AKS CNI networking, it looks like I need at least /23 to support the 6 nodes cluster. For service network I am planning to use another address space in the same vnet to avoid using /22 due to network limitations.
Does service network subnet has to be in the same vnet address space as pool subnet or I can assign separate /28 or /27 vnet for service subnet and create /27 or /28 subnet out of that address space or address prefix?
For pool I have created /23 vnet and assigned the entire /23 subnet to pool subnet.
For service I am planning to add additional address space in the same vnet and use that for service subnet. Or create separate vnet and create subnet under that vnet based on the recommendation.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 1%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
Hi prasantc, I want to help you with this question
As I understand you right, you want to create the service range of aks cluster independent from the pool vnet because of address space limitations.
Azure even recommends that as you can read here: https://learn.microsoft.com/en-us/azure/aks/configure-azure-cni#:~:text=Kubernetes%20service%20address%20range%3A%20This%20parameter%20is%20the%20set%20of%20virtual%20IPs%20that%20Kubernetes%20assigns%20to%20internal%20services%20in%20your%20cluster.%20This%20range%20can%27t%20be%20updated%20after%20you%20create%20your%20cluster.%20You%20can%20use%20any%20private%20address%20range%20that%20satisfies%20the%20following%20requirements%3A
But still consider overlapping ip ranges and the need of peering between this vnets
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 4%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
Hello, @prasantc !
If an answer has been helpful, please consider accepting the answer to help increase visibility of this question for other members of the Microsoft Q&A community. If not, please let us know what is still needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!
Hi prasantc,
Let me answer you questions:
1. In AKS CNI networking, it looks like I need at least /23 to support the 6 nodes cluster.
This depends on the maxPods number since the pods will get IPs from the subnet, To calculate the minimum subnet size including an additional node for upgrade operations: (number of nodes + 1) + ((number of nodes + 1) * maximum pods per node that you configure)
Reference: https://learn.microsoft.com/en-us/azure/aks/configure-azure-cni#plan-ip-addressing-for-your-cluster
2. Does service network subnet has to be in the same vnet address space as pool subnet or I can assign separate /28 or /27 vnet for service subnet and create /27 or /28 subnet out of that address space or address prefix?
The service subnet must be in the same virtual network as your AKS cluster.
Reference: https://learn.microsoft.com/en-us/azure/aks/internal-lb#specify-a-different-subnet
3. For service I am planning to add additional address space in the same vnet and use that for service subnet. Or create separate vnet and create subnet under that vnet based on the recommendation.
You can add additional address space in the same VNET and use a subnet in the same VNET; creating separated VNET is not supported.
Also, you can consider this feature, Azure CNI networking for dynamic allocation of IPs; IPs are dynamically allocated to cluster Pods from the Pod subnet. This leads to better utilization of IPs in the cluster compared to the traditional CNI solution, which does static allocation of IPs for every node.
Reference: https://learn.microsoft.com/en-us/azure/aks/configure-azure-cni-dynamic-ip-allocation
Or this feature, Azure CNI Overlay networking, With Azure CNI Overlay, the cluster nodes are deployed into an Azure Virtual Network (VNet) subnet. Pods are assigned IP addresses from a private CIDR logically different from the VNet hosting the nodes. Pod and node traffic within the cluster use an Overlay network. Network Address Translation (NAT) uses the node's IP address to reach resources outside the cluster.
Reference: https://learn.microsoft.com/en-us/azure/aks/azure-cni-overlay
Hope this helps, and please "Accept as Answer" if it helped, so that it can help others in the community looking for help on similar topics.