You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/virtual-network/virtual-network-vnet-plan-design-arm.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -3,10 +3,10 @@ title: Plan Azure virtual networks
3
3
description: Learn how to plan for virtual networks based on your isolation, connectivity, and location requirements.
4
4
services: virtual-network
5
5
author: asudbring
6
-
manager: mtillman
6
+
manager: kumudD
7
7
ms.service: azure-virtual-network
8
8
ms.topic: how-to
9
-
ms.date: 04/08/2020
9
+
ms.date: 04/17/2025
10
10
ms.author: allensu
11
11
---
12
12
@@ -50,7 +50,7 @@ A virtual network is a virtual, isolated portion of the Azure public network. Ea
50
50
You can segment a virtual network into one or more subnets up to the [limits](../azure-resource-manager/management/azure-subscription-service-limits.md?toc=%2fazure%2fvirtual-network%2ftoc.json#azure-networking-limits). When you decide whether to create one subnet or multiple virtual networks in a subscription, consider the following points:
51
51
52
52
- Have a unique address range for each subnet, specified in CIDR format, within the address space of the virtual network. The address range can't overlap with other subnets in the virtual network.
53
-
-Be aware that if you plan to deploy some Azure service resources into a virtual network, they might require, or create, their own subnet. There must be enough unallocated space for them to do so. To determine whether an Azure service creates its own subnet, see information for each [Azure service that you can deploy into a virtual network](virtual-network-for-azure-services.md#services-that-can-be-deployed-into-a-virtual-network). For example, if you connect a virtual network to an on-premises network by using an Azure VPN gateway, the virtual network must have a dedicated subnet for the gateway. Learn more about [gateway subnets](../vpn-gateway/vpn-gateway-about-vpn-gateway-settings.md?toc=%2fazure%2fvirtual-network%2ftoc.json#gwsub).
53
+
-If you plan to deploy some Azure service resources into a virtual network, they might require, or create, their own subnet. There must be enough unallocated space for them to do so. To determine whether an Azure service creates its own subnet, see information for each [Azure service that you can deploy into a virtual network](virtual-network-for-azure-services.md#services-that-can-be-deployed-into-a-virtual-network). For example, if you connect a virtual network to an on-premises network by using an Azure VPN gateway, the virtual network must have a dedicated subnet for the gateway. Learn more about [gateway subnets](../vpn-gateway/vpn-gateway-about-vpn-gateway-settings.md?toc=%2fazure%2fvirtual-network%2ftoc.json#gwsub).
54
54
- Override default routing for network traffic between all subnets in a virtual network. You want to prevent Azure routing between subnets or to route traffic between subnets through a network virtual appliance, for example. If you require that traffic between resources in the same virtual network flows through a network virtual appliance (NVA), deploy the resources to different subnets. Learn more in [Security](#security).
55
55
- Limit access to Azure resources, such as an Azure Storage account or Azure SQL Database, to specific subnets with a virtual network service endpoint. You can also deny access to the resources from the internet. You can create multiple subnets and enable a service endpoint for some subnets, but not others. Learn more about [service endpoints](virtual-network-service-endpoints-overview.md) and the Azure resources for which you can enable them.
56
56
- Associate zero or one network security group to each subnet in a virtual network. You can associate the same, or a different, network security group to each subnet. Each network security group contains rules, which allow or deny traffic to and from sources and destinations. Learn more about [network security groups](#traffic-filtering).
@@ -121,7 +121,7 @@ Policies are applied to the following hierarchy: management group, subscription,
121
121
122
122
## Related content
123
123
124
-
Learn about all tasks, settings, and options for a:
124
+
Learn about all tasks, settings, and options for virtual network resources & features in the following articles:
125
125
126
126
-[Virtual network](manage-virtual-network.yml)
127
127
-[Subnet and service endpoint](virtual-network-manage-subnet.md)
0 commit comments