Author : MD TAREQ HASSAN | Updated : 2021/02/24
Impact
- IP address space of Subnets must be updated
- Some subnet IP address space can not be changed, those resources must be recreated
- Storage account networking: add new subnet if “Selected networks” is checked in “Firewalls and virtual networks”
Things to be recreated:
- SQL Server Managed Instance
- After the managed instance is created, moving the instance or VNet to another resource group or subscription is not supported.
- https://docs.microsoft.com/en-us/azure/azure-sql/managed-instance/vnet-existing-add-subnet
- Bastion
- AKS Cluster
Multiple Address Spaces
VNet can have multiple address spaces
- Azure Portal > VNet
- Settings: Address Space > Add additional address range
- Save
Moving resources
- Create new subnets within new address space
- Gradually move resources into new subnets (of new address space)
- Some resources might have to be deleted (and recreated)
Changing Subnet IP Address Space
If a subnet does not have any resource attached to it, then you can change subnet IP address range
- Go to vNet > Settings: Subnets
- Click each of subnets and change IP address space
- Save
If a subnet has resource attached to it
- You might have to delete the resource (most of the time) and recreate
- Some resources might be save by work around i.e VM (see below)
Changing Subnet Without Recreating VM
Assume Current Setup (for demonstration purpose)
- VNet address space: ‘
10.20.0.0/16’ - VM is subnet named “VMSubnet”
- VMSubnet IP address space: ‘
10.20.1.0/24’ - VNet needs to be connected to on-prmise network (via site-to-site VPN) and ‘VNet address space’ conflicts with on-prmise LAN
Solution (workaround)
- Add new address space to VNet: ‘
10.8.0.0/16’ - Create temporary subnet “VMSubnet2”: ‘
10.8.100.0/24’ (mentioned that VMSubnet: ‘10.20.1.0/24’) - target Resource Group > target NIC (NIC that is attched to VM)
- Settings: IP configurations > Select Subnet ‘VMSubnet2’ from dropdown
- Save (VM will be restarted)
- VNet > Settings: Subnets > VMSubnet > Change address space > Save
- Again go to NIC > Settings: IP configurations > Select Subnet ‘VMSubnet’ back > Save
- Now delete temporary subnet “VMSubnet2”
If you have multiple VMs, then you have to repeat the process :( (consider using PowerShell script! ?)
Re-creating Bastion
- Delete the Bastion
- Go to vNet > Settings: Subnets > Click “AzureBastionSubnet” change IP address space
- Save
- Go to: https://portal.azure.com/#create/Microsoft.BastionHost-ARM
- Create Bastion
- use existing Public IP
- “AzureBastionSubnet” will be selected automatically)
- Bastion is basically a managed jumpbox vm managed by Microsoft, it will take time to deploy
Re-creating SQL Server Managed Instance
- If you delete Managed Instance, then IP address space of “Managed Instance Subnet” can be updated to new Address Space but best practice is to keep Managed Instance and create new. When new managed instance with new subnet works properly, then delete old one.
- See:
- After making sure that the new Managed Instance is working properly:
- Delete SQL Database in the managed instance
- Delete Managed Instance
- Delete VirtualClusterXxxYyyZzz which was used by Managed Instance (will take 30+ minutes)
- Deassociate Managed Instance subnet from route table
- Delete Managed Instance subnet from vnet
Storage account networking
- Storage account for which (i.e. BlockBlobStorage with NFS) access is retricted by allowing only selected network, new subnets must be added
- Go to storage account
- Settings: Networking
- Add new subnets
- Delete old subnets if needed
Deleteing old address space
- Make sure all subnet IP address space is updated to new address space
- Make sure resources which must be recreated are recreated and working properly
- vNet > Settings: Address space > Delete