Subnets and IP Addressing

Subnets divide an Azure Virtual Network (VNet) into smaller, more manageable segments. They are fundamental to organising resources, controlling traffic flow, and applying security policies. This lesson covers subnet design, IP addressing in Azure, reserved addresses, and best practices for planning your network layout.

---

What Is a Subnet?

A subnet is a range of IP addresses within a VNet. Every resource that connects to a VNet — virtual machines, load balancers, application gateways — is deployed into a specific subnet.

Subnets serve several purposes:

• Segmentation — group resources by function, tier, or security requirement.
• Traffic control — apply Network Security Groups (NSGs) at the subnet level.
• Delegation — some Azure services require their own dedicated subnet (e.g. Azure App Service, Azure SQL Managed Instance, Azure Bastion).
• Routing — route tables can be attached to individual subnets.

---

Subnet Address Ranges

Each subnet receives a portion of the VNet's address space as a CIDR block. For example, if your VNet uses 10.0.0.0/16, you might create: