Azure VNet CIDR Planner

About This Tool

The Azure VNet CIDR Planner helps you design Virtual Network address spaces and subnet allocations following Azure-specific networking rules. It accounts for Azure's reserved IP addresses per subnet, GatewaySubnet requirements, AzureBastionSubnet minimum sizing, and service delegation constraints. The tool visualizes address space utilization and identifies conflicts across VNets.

When to Use This Tool

• •Planning address spaces for a hub-and-spoke VNet architecture with non-overlapping CIDR blocks.
• •Sizing subnets for Azure services that have minimum prefix length requirements like GatewaySubnet (/27) and AzureBastionSubnet (/26).
• •Allocating subnets for AKS clusters that need large IP ranges for pod networking.
• •Designing a multi-region VNet strategy with globally unique address spaces for VNet peering.

Frequently Asked Questions

How many IP addresses does Azure reserve per subnet?

Azure reserves five IP addresses in every subnet: x.x.x.0 (network address), x.x.x.1 (default gateway), x.x.x.2 and x.x.x.3 (Azure DNS), and the last address (broadcast). A /28 subnet with 16 total addresses has only 11 usable IPs.

What is the minimum subnet size for common Azure services?

GatewaySubnet requires /27 minimum (32 addresses), AzureBastionSubnet requires /26 (64 addresses), Azure Firewall requires /26, and Application Gateway v2 requires /24 recommended. AKS subnets should be sized based on maximum pod count times node count.

Can I add more address spaces to an existing VNet?

Yes. Azure VNets support multiple address spaces, and you can add additional CIDR blocks to an existing VNet without downtime. The new address space cannot overlap with existing spaces or peered VNets. You can then create new subnets within the added address range.

Related Learning Guides

• Virtual Network Architecture28 min read
• Azure Networking Deep Dive30 min read