question

Aliya-5396 avatar image
0 Votes"
Aliya-5396 asked SaiKishor-MSFT commented

Azure - Subnet dedicated to a service

Hi everyone, I have a question related to a "dedicated" subnet in Azure (not sure it's an appropriate term to it). Worth noting that I'm not talking about subnet delegation.

Here is link to official documentation, where I was able to find info about services, which can have dedicated subnets :
https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-for-azure-services

I'm new to Azure, so perhaps here is someone who knows this topic well and any info or direction to an interesting blogs/documentation about this particular topic will be appreciated. Unfortunately, couldn't find more detailed info myself.

Specifically, I'm interested in how to identify this type of dedicated subnets? (here I can give an example of what exactly i mean. In case of delegated subnet - there are specific property, which allows to identify delegated subnets.). What policy/rule (or perhaps smth else) doesn't allow to create another type of service within that subnet?

P.S. couldn't find more appropriate tags, so i added couple of services, which have a dedicated subnets.

Looking forward to your replies,

Aliya

azure-virtual-networkazure-firewallazure-bastion
· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@Aliya-5396 This may be internal information. However, I will reach out to our PG team for more information regd this. I will update you soon. Thank you!

0 Votes 0 ·

@SaiKishor-MSFT Thank you for the reply. Looking forward for the updates!

0 Votes 0 ·

@SaiKishor-MSFT Thank you for your reply. Before closing this question, wanted to clarify smth.

Your answer clears second part of my question perfectly: "What policy/rule (or perhaps smth else) doesn't allow to create another type of service within that subnet?" but covers first just partially: "Specifically, I'm interested in how to identify this type of dedicated subnets? (here I can give an example of what exactly i mean. In case of delegated subnet - there are specific property, which allows to identify delegated subnets.)". So, there is a property in place, that cannot be modified, Do you refer to delegation? I get, that in case of WebAppsSubnet, that property would be - delegation. But what in case of a dedicated subnet such as AzureFirewallSubnet? Is it really can be identified just by its naming? I'm curious, if there are any other property such as "delegation" but for a "dedication" (if that even a correct term)?





0 Votes 0 ·

@Aliya-5396 Firewall and GW services have implemented injection a bit differently (the fundamental concept is still the same) and so you wont see delegation. But their subnets are dedicated to a single service (like other injected services) and are named in a specific way. Hope this helps!

Please let me know if you have further questions and we will be glad to assist further. Thank you!

0 Votes 0 ·

1 Answer

SaiKishor-MSFT avatar image
1 Vote"
SaiKishor-MSFT answered

@Aliya-5396 When a subnet is used for an injected service it is delegated to that service and you can see that info in both portal and CLI as shown below:
145486-delegated.png

We have a block in Azure that prevents customers from creating anything else in that subnet. It’s a property of the subnet that cannot be modified. It is not a policy that is visible to the customer.

Hope this helps. Please let us know if you have any further questions and we will be glad to assist you further. Thank you!

Remember:

Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

Want a reminder to come back and check responses? Here is how to subscribe to a notification.




delegated.png (34.6 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.