Calculating the gateway subnet address space for Azure virtual networks

  • Article

A virtual network (VNet) in Azure infrastructure services that is connected to other networks must have a gateway subnet, which contains the systems that exchange packets with other networks. Here is an example of a multi-tier application hosted in an Azure virtual network that contains a gateway subnet.

azurevnet

The best practices for defining this subnet are the following:

  • For the prefix length of the gateway subnet, although it can have a maximum prefix length of 29 (for example, 10.119.255.248/29), the current recommendation from Azure Patterns and Practices is that you use a prefix length of 27.
  • When defining the address space of the gateway subnet, use the very last part of the virtual network address space.

For the second recommendation, you can determine the address space by setting the bits used for the gateway subnet to 0 and the remaining variable bits in the VNet address space to 1. Here is an example with a VNet address space of 192.168.160.0/19 and a 28-bit gateway subnet:

  • The VNet address space of 192.168.160.0/19 with the last two octets expressed in binary is: 192.168.10100000.00000000
  • The gateway subnet prefix length is /28 (using the last 4 bits): 192.168.- - - - - - - -.- - - -0000
  • The VNet address space with reserved bits for the gateway subnet: 192.168.101VVVVV.VVVVGGGG
  • You now set the V bits to 1 and the G bits to 0: 192.168.10111111.11110000
  • To get the gateway subnet address space, convert to last two octets to decimal and include the gateway subnet prefix length: 192.168.191.240/28

To quickly calculate the gateway subnet address space without having to convert to binary and back to decimal, you can use the following console application in C# or Python, available from the TechNet Script Center:

This application collects five integers (the values of w.x.y.z/n for the virtual network address space and the gateway subnet prefix length) and calculates the gateway subnet address space. Here is an example:

subnetcalcexample

Please note that there is limited error checking of the input values, so improper values will most likely produce improper results.

Feel free to copy the code into a new C# or Python project in Visual Studio or convert it to your favorite language.

For example, here is the equivalent for Windows PowerShell:

# Specify the values of w.x.y.z/n for your VNet address space and g, the prefix length of your gateway subnet: $w= $x= $y= $z= $n= $g= # Calculate $wOctet = 16777216 $xOctet = 65536 $yOctet = 256 [long]$D = $w * $wOctet + $x * $xOctet + $y * $yOctet + $z; for ($i = $n + 1; $i -lt $g + 1; $i++) { $D = $D + [math]::pow(2, 32 - $i) } $w2 = [math]::floor($D / $wOctet) $x2 = [math]::floor( ($D - $w2 * $wOctet) / $xOctet ) $y2 = [math]::floor( ($D - $w2 * $wOctet - $x2 * $xOctet) / $yOctet ) $z2 = $D - $w2 * $wOctet - $x2 * $xOctet - $y2 * $yOctet # Display the result $dx= [string]$w2 + "." + [string]$x2 + "." + [string]$y2 + "." + [string]$z2 + "/" + [string]$g Write-Host "Your gateway address prefix is: " $dx

To join the CAAB, become a member of the CAAB space in the Microsoft Tech Community and send a quick email to CAAB@microsoft.com to introduce yourself. Please feel free to include any information about your experience in creating cloud-based solutions with Microsoft products or areas of interest. Join now and add your voice to the cloud adoption discussion that is happening across Microsoft and the industry.