This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 9%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERH%3C/text%3E%3C/svg%3E)
Hello,
I am relatively new to Azure. I come from a strong AWS background - designing and implementing the networking of the landing zones. I have a question regarding subnet design within an Azure Vnet.
Ideally, to follow network design best practices and segmentations, we should divide the CIDR range of the VNET into multiple subnets. In AWS, we generally do 3* 3 subnets design which means 3 network tiers like web tier, app tire, and DB tire. Then, each tire will have 3 subnets - one subnet in each AZ. But, unlike AWS, in Azure, subnets can span multiple AZ. In fact, from the Azure portal we do not get a choice to select a particular AZ while creating a subnet.
Considering the above points do you think that the 3* 3 subnet design pattern is still applicable in Azure? Or it should be like we should design only one larger subnet in each of the 3 network tire ( means 1 web subnet, 1 app subnet, 1 DB subnet) and leave some IP addresses in the Vnet to create,maybe later on, some specific subnets for some specific services (like subnets for Application Gateway - WAF, VPN Gateway, Azure Firewall, Azure SQL Managed Instance, Azure Functions, etc) as and when required?
Thanks & best regards,
Rajarshi
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 6%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELR%3C/text%3E%3C/svg%3E)
Hello @Rajarshi Haldar
Welcome to Microsoft Q&A Platform,
The 3-tier model is perfectly applicable on Azure, please check the articles below:
https://learn.microsoft.com/en-us/azure/architecture/guide/architecture-styles/n-tier
https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/n-tier/n-tier-sql-server
https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/migrate/azure-best-practices/migrate-best-practices-networking#best-practice-design-subnets
I hope this helps!
----------
Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.
Thank you for sharing the links! Yes, those articles are good. But, my question was more about whether to choose a single subnet or more than one subnet for each tire. In AWS for high availability (HA) we choose at least two subnets for each tire because over there each subnet lies within an AZ. But in Azure, as subnets can span AZs, I reckon, creating one subnet for each tire would suffice. And, for some specific Azure services, we would need to create dedicated subnets if or when we use them. for example, VPN Gateway or Azure Firewall will need a dedicated subnet.