Azure VNET Subnet delegation - McMap

About

Azure VNET Subnet delegation

Asked 19/1, 2021 at 13:54 Answered 19/1, 2021 at 15:37

Solved azure vnet

H

1

9

Can someone help explain Subnet delegation in Azure?

I've read the following article which don't really explain anything: https://learn.microsoft.com/en-us/azure/virtual-network/subnet-delegation-overview

What is the purpose? When would I need it?

Hijacker answered 19/1, 2021 at 13:54 Comment(0)

M

15

Subnet Delegation is commonly used to allow a PaaS service to be injected into an existing virtual network. An example of this would be the Azure Databricks service.

If you deploy DataBricks without VNet injection (the default option), a new dedicated VNet will be created for the DataBricks instance. The worker nodes of the cluster, which are Azure VMs, will be connected the new VNet.

If you don't want to create a new dedicated VNet, but instead use an existing VNet, you can deploy DataBricks with VNet injection. You basically grant the DataBricks service to control certain aspects of a subnet, within an existing VNet. This process is referred to as Subnet Delegation. It allows a PaaS service to make certain configuration changes, like adding Network Security Group rules (if a subnet is attached to an NSG), or configure custom routes.

You can only delegate a subnet to a single resource type. That's why you often create dedicated subnets for Azure PaaS services.

The screenshot above shows that two subnets are delegated to the Microsoft.DataBricks/workspaces.

Moralist answered 19/1, 2021 at 15:37 Comment(3)

that makes sense. What if i wan't both Databricks and a Web App in the same subnet? is that possible? or can a subnet only be delegated to a single Azure service? I'm worried then that we should group our application into seperate VNET's instead of seperate subnets if each Application is going to need multiple subnets for different delegations of various services. Web apps in one subnet, storage in another, messaging in a third, etc. – Hijacker 19/1, 2021 at 16:17

You can only delegate a subnet to a single resource type. Otherwise, two services would theoretically apply conflicting configurations to a subnet. It's common to use dedicated subnets for PaaS services. Some Azure services, check during deployment if subnets are not already used by other services. If this is detected, deployments fail. – Moralist 19/1, 2021 at 16:26

Be aware that subnet delegation is not always applicable if you want to connect an Azure PaaS service to a VNet. Some services support Private Link, which creates a private endpoint in your VNet. Traffic can flow over the VNet instead of the public Internet. App Services and storage support private link. – Moralist 20/1, 2021 at 6:39

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.