Regarding designing subnets within Azure Vnet

Rajarshi Haldar 1 Reputation point


I am relatively new to Azure. I come from a strong AWS background - designing and implementing the networking of the landing zones. I have a question regarding subnet design within an Azure Vnet.

Ideally, to follow network design best practices and segmentations, we should divide the CIDR range of the VNET into multiple subnets. In AWS, we generally do 3* 3 subnets design which means 3 network tiers like web tier, app tire, and DB tire. Then, each tire will have 3 subnets - one subnet in each AZ. But, unlike AWS, in Azure, subnets can span multiple AZ. In fact, from the Azure portal we do not get a choice to select a particular AZ while creating a subnet.

Considering the above points do you think that the 3* 3 subnet design pattern is still applicable in Azure? Or it should be like we should design only one larger subnet in each of the 3 network tire ( means 1 web subnet, 1 app subnet, 1 DB subnet) and leave some IP addresses in the Vnet to create,maybe later on, some specific subnets for some specific services (like subnets for Application Gateway - WAF, VPN Gateway, Azure Firewall, Azure SQL Managed Instance, Azure Functions, etc) as and when required?

Thanks & best regards,

Azure FastTrack
Azure FastTrack
Azure: A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.FastTrack: This tag is no longer in use. Please use 'Azure Startups' instead.
75 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Luis Rodriguez 6,201 Reputation points Microsoft Employee

    Hello @Rajarshi Haldar

    Welcome to Microsoft Q&A Platform,

    The 3-tier model is perfectly applicable on Azure, please check the articles below:

    I hope this helps!


    Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.