Network Addressing
Carving out a network.
The beauty of starting at the beginning in any new infrastructure is that the address space is pretty much free. All I needed to do was allocate address spaces to each virtual network (along with the subnets) and also address spaces for the VWAN and VPN pools.
I used the Visual Subnet Calculator to start carving out and allocating address spaces required for the various services and subnets needed.
I won’t be sharing what I carved out, as it could be deemed as prime beta for any would-be bad actor, but hopefully, you get the idea.
Operations
A /23 address space for our Virtual WAN and a /24 VPN Gateway P2S Client Address Pool.
An Operations virtual network with two address spaces, which were split into subnets for /26 network management, /26 virtual machines, /25 private endpoints, /26 containers, /26 web apps, and spare spaces allocated but not deployed.
An Agent virtual network (virtual machine scale sets) with one /24 subnet.
A proof-of-concept virtual network with generic /16 and /24 subnets, I could mess around with.
App Virtual Networks
I decided to split out the allocated address spaces that our technical stacks would be using so as not to waste big blocks of them on relatively small usage.
Each stack would have its virtual network with a subnet for /16 AKS, /26 virtual machines, /21 private endpoints, and /25 Postgres.
I also allocated some 172 address spaces for internal AKS networking.
Disaster Recovery
I allocated some address spaces for a cold spare DR VWAN (not deployed) and P2S VPN Gateway, Operations virtual network, and an Agent virtual Network.
And also address spaces for a DR plan when it came to deploying infrastructure for our application.
I documented what was allocated and what was spare for future use.