Azure Virtual Network (VNet) or its subnets are out of IP addresses

techhadoop , , , ,

This is a classic “architectural corner” that many engineers find themselves in. When an Azure Virtual Network (VNet) or its subnets are out of IP addresses, you cannot simply “resize” a subnet that has active resources in it.

Here is the hierarchy of solutions, from the easiest to the most complex.

πŸ› οΈ Option 1: The “Non-Disruptive” Fix (Add Address Space)

In 2026, Azure allows you to expand a VNet without taking it down. You can add a Secondary Address Space to the VNet.

  1. Add a New Range: Go to the VNet > Address space and add a completely new CIDR block (e.g., if you used 10.0.0.0/24, add 10.1.0.0/24).
  2. Create a New Subnet: Create a new subnet (e.g., Subnet-2) within that new range.
  3. Deploy New Workloads: Direct all new applications or VMs to the new subnet.
  4. Sync Peerings: If this VNet is peered with others, you must click the Sync button on the peering configuration so the other VNets “see” the new IP range.

πŸ”„ Option 2: The “Migration” Fix (VNet Integration)

If your existing applications need more room to grow (scaling up) but their current subnet is full:

  1. Create a Parallel Subnet: Add a new, larger subnet to the VNet (assuming you have space in the address range).
  2. Migrate Resources: For VMs, you can actually change the subnet of a Network Interface (NIC) while the VM is stopped.
  3. App Services: If you are using VNet Integration for App Services, simply disconnect the integration and reconnect it to a new, larger subnet.

🌐 Option 3: The “Expansion” Fix (VNet Peering)

If you cannot add more address space to your current VNet (perhaps because it would overlap with your on-prem network), you can “spill over” into a second VNet.

  1. Create VNet-B: Set up a brand new VNet with its own IP range.
  2. Peer them: Use VNet Peering to connect VNet-A and VNet-B.
  3. Routing: Use Internal Load Balancers or Private Endpoints to bridge the gap between applications in both networks.

⚠️ Important “Gotchas” to Remember

  • The “Azure 5”: Remember that Azure reserves 5 IP addresses in every subnet (the first four and the last one). If you create a /29 subnet, you think you have 8 IPs, but you actually only have 3 usable ones.
  • Subnet Resizing: You cannot resize a subnet if it has any resources in it (even one dormant NIC). You must delete the resources or move them first.
  • NAT Gateway: In 2026, if you are running out of Public IPs for outbound traffic, attach an Azure NAT Gateway to your subnet. This allows up to 64,000 concurrent flows using a single public IP, preventing “SNAT Port Exhaustion.”

πŸ’‘ The “Pro” Recommendation:

If this is a production environment, use Option 1. Add a secondary address space (like 172.16.0.0/16 or 100.64.0.0/10 if you’re out of 10.x.x.x space) and start a new subnet. It’s the only way to get more IPs without a “stop-everything” maintenance window.

Leave a comment