MicrosoftDocs
diff --git a/‎articles/aks/configure-azure-cni-dynamic-ip-allocation.md
Lines changed: 57 additions & 95 deletions b/‎articles/aks/configure-azure-cni-dynamic-ip-allocation.md
Lines changed: 57 additions & 95 deletions
@@ -9,52 +9,40 @@ ms.custom: references_regions, devx-track-azurecli
 
 ## Configure Azure CNI networking for dynamic allocation of IPs and enhanced subnet support in Azure Kubernetes Service (AKS)
 
-A drawback with the traditional CNI is the exhaustion of pod IP addresses as the AKS cluster grows, resulting in the need to rebuild the entire cluster in a bigger subnet. The new dynamic IP allocation capability in Azure CNI solves this problem by allocating pod IPs from a subnet separate from the subnet hosting the AKS cluster. It offers the following benefits:
+A drawback with the traditional CNI is the exhaustion of pod IP addresses as the AKS cluster grows, which results in the need to rebuild your entire cluster in a bigger subnet. The new dynamic IP allocation capability in Azure CNI solves this problem by allocating pod IPs from a subnet separate from the subnet hosting the AKS cluster.
 
-* **Better IP utilization**: IPs are dynamically allocated to cluster Pods from the Pod subnet. This leads to better utilization of IPs in the cluster compared to the traditional CNI solution, which does static allocation of IPs for every node.  
+It offers the following benefits:
 
-* **Scalable and flexible**: Node and pod subnets can be scaled independently. A single pod subnet can be shared across multiple node pools of a cluster or across multiple AKS clusters deployed in the same VNet. You can also configure a separate pod subnet for a node pool.  
-
-* **High performance**: Since pod are assigned VNet IPs, they have direct connectivity to other cluster pod and resources in the VNet. The solution supports very large clusters without any degradation in performance.
-
-* **Separate VNet policies for pods**: Since pods have a separate subnet, you can configure separate VNet policies for them that are different from node policies. This enables many useful scenarios such as allowing internet connectivity only for pods and not for nodes, fixing the source IP for pod in a node pool using a VNet Network NAT, and using NSGs to filter traffic between node pools.  
-
-* **Kubernetes network policies**: Both the Azure Network Policies and Calico work with this new solution.
+    * **Better IP utilization**: IPs are dynamically allocated to cluster Pods from the Pod subnet. This leads to better utilization of IPs in the cluster compared to the traditional CNI solution, which does static allocation of IPs for every node.
+    * **Scalable and flexible**: Node and pod subnets can be scaled independently. A single pod subnet can be shared across multiple node pools of a cluster or across multiple AKS clusters deployed in the same VNet. You can also configure a separate pod subnet for a node pool.  
+    * **High performance**: Since pod are assigned VNet IPs, they have direct connectivity to other cluster pod and resources in the VNet. The solution supports very large clusters without any degradation in performance.
+    * **Separate VNet policies for pods**: Since pods have a separate subnet, you can configure separate VNet policies for them that are different from node policies. This enables many useful scenarios such as allowing internet connectivity only for pods and not for nodes, fixing the source IP for pod in a node pool using a VNet Network NAT, and using NSGs to filter traffic between node pools.  
+    * **Kubernetes network policies**: Both the Azure Network Policies and Calico work with this new solution.
 
 This article shows you how to use Azure CNI networking for dynamic allocation of IPs and enhanced subnet support in AKS.
 
 ## Prerequisites
 
-* The virtual network for the AKS cluster must allow outbound internet connectivity.
-* AKS clusters may not use `169.254.0.0/16`, `172.30.0.0/16`, `172.31.0.0/16`, or `192.0.2.0/24` for the Kubernetes service address range, pod address range, or cluster virtual network address range.
-* The cluster identity used by the AKS cluster must have at least [Network Contributor](../role-based-access-control/built-in-roles.md#network-contributor) permissions on the subnet within your virtual network. If you wish to define a [custom role](../role-based-access-control/custom-roles.md) instead of using the built-in Network Contributor role, the following permissions are required:
-  * `Microsoft.Network/virtualNetworks/subnets/join/action`
-  * `Microsoft.Network/virtualNetworks/subnets/read`
-* The subnet assigned to the AKS node pool cannot be a [delegated subnet](../virtual-network/subnet-delegation-overview.md).
-* AKS doesn't apply Network Security Groups (NSGs) to its subnet and will not modify any of the NSGs associated with that subnet. If you provide your own subnet and add NSGs associated with that subnet, you must ensure the security rules in the NSGs allow traffic within the node CIDR range. For more details, see [Network security groups][aks-network-nsg].
-
-### Additional prerequisites
-
 > [!NOTE]
-> When using dynamic allocation of IPs, exposing an application as a Private Link Service using a Kubernetes Load Balancer Service is not supported.
-
-The [prerequisites][prerequisites] already listed for Azure CNI still apply, but there are a few additional limitations:
+> When using dynamic allocation of IPs, exposing an application as a Private Link Service using a Kubernetes Load Balancer Service isn't supported.
 
+* Review the [prerequisites](/configure-azure-cni.md#prerequisites) for configuring basic Azure CNI networking in AKS, as the same prerequisites apply to this article.
+* Review the [deployment parameters](/configure-azure-cni.md#deployment-parameters) for configuring basic Azure CNI networking in AKS, as the same parameters apply.
 * Only linux node clusters and node pools are supported.
-* AKS Engine and DIY clusters are not supported.
+* AKS Engine and DIY clusters aren't supported.
 * Azure CLI version `2.37.0` or later.
 
-### Planning IP addressing
+## Plan IP addressing
 
-When using this feature, planning is much simpler. Since the nodes and pods scale independently, their address spaces can also be planned separately. Since pod subnets can be configured to the granularity of a node pool, customers can always add a new subnet when they add a node pool. The system pods in a cluster/node pool also receive IPs from the pod subnet, so this behavior needs to be accounted for.
+Planning your IP addressing is much simpler with this feature. Since the nodes and pods scale independently, their address spaces can also be planned separately. Since pod subnets can be configured to the granularity of a node pool, you can always add a new subnet when you add a node pool. The system pods in a cluster/node pool also receive IPs from the pod subnet, so this behavior needs to be accounted for.
 
 IPs are allocated to nodes in batches of 16. Pod subnet IP allocation should be planned with a minimum of 16 IPs per node in the cluster; nodes will request 16 IPs on startup and will request another batch of 16 any time there are <8 IPs unallocated in their allotment.
 
 The planning of IPs for Kubernetes services and Docker bridge remain unchanged.
 
-### Maximum pods per node in a cluster with dynamic allocation of IPs and enhanced subnet support
+## Maximum pods per node in a cluster with dynamic allocation of IPs and enhanced subnet support
 
-The pods per node values when using Azure CNI with dynamic allocation of IPs have changed slightly from the traditional CNI behavior:
+The pods per node values when using Azure CNI with dynamic allocation of IPs slightly differ from the traditional CNI behavior:
 
 |CNI|Default|Configurable at deployment|
 |--| :--: |--|
@@ -63,74 +51,74 @@ The pods per node values when using Azure CNI with dynamic allocation of IPs hav
 
 All other guidance related to configuring the maximum pods per node remains the same.
 
-### Additional deployment parameters
+## Deployment parameters
 
-The deployment parameters described above are all still valid, with one exception:
+The [deployment parameters](/configure-azure-cni.md#deployment-parameters) for configuring basic Azure CNI networking in AKS are all valid, with two exceptions:
 
 * The **subnet** parameter now refers to the subnet related to the cluster's nodes.
 * An additional parameter **pod subnet** is used to specify the subnet whose IP addresses will be dynamically allocated to pods.
 
-### Configure networking - CLI with dynamic allocation of IPs and enhanced subnet support
+## Configure networking with dynamic allocation of IPs and enhanced subnet support - Azure CLI
 
-Using dynamic allocation of IPs and enhanced subnet support in your cluster is similar to the default method for configuring a cluster Azure CNI. The following example walks through creating a new virtual network with a subnet for nodes and a subnet for pods, and creating a cluster that uses Azure CNI with dynamic allocation of IPs and enhanced subnet support. Be sure to replace variables such as `$subscription` with your own values:
+Using dynamic allocation of IPs and enhanced subnet support in your cluster is similar to the default method for configuring a cluster Azure CNI. The following example walks through creating a new virtual network with a subnet for nodes and a subnet for pods, and creating a cluster that uses Azure CNI with dynamic allocation of IPs and enhanced subnet support. Be sure to replace variables such as `$subscription` with your own values.
 
-First, create the virtual network with two subnets:
+Create the virtual network with two subnets.
 
-```azurecli-interactive
-resourceGroup="myResourceGroup"
-vnet="myVirtualNetwork"
-location="westcentralus"
+    ```azurecli-interactive
+    resourceGroup="myResourceGroup"
+    vnet="myVirtualNetwork"
+    location="westcentralus"
 
-# Create the resource group
-az group create --name $resourceGroup --location $location
+    # Create the resource group
+    az group create --name $resourceGroup --location $location
 
-# Create our two subnet network 
-az network vnet create -g $resourceGroup --location $location --name $vnet --address-prefixes 10.0.0.0/8 -o none 
-az network vnet subnet create -g $resourceGroup --vnet-name $vnet --name nodesubnet --address-prefixes 10.240.0.0/16 -o none 
-az network vnet subnet create -g $resourceGroup --vnet-name $vnet --name podsubnet --address-prefixes 10.241.0.0/16 -o none 
-```
+    # Create our two subnet network 
+    az network vnet create -g $resourceGroup --location $location --name $vnet --address-prefixes 10.0.0.0/8 -o none 
+    az network vnet subnet create -g $resourceGroup --vnet-name $vnet --name nodesubnet --address-prefixes 10.240.0.0/16 -o none 
+    az network vnet subnet create -g $resourceGroup --vnet-name $vnet --name podsubnet --address-prefixes 10.241.0.0/16 -o none 
+    ```
 
-Then, create the cluster, referencing the node subnet using `--vnet-subnet-id` and the pod subnet using `--pod-subnet-id`:
+Create the cluster, referencing the node subnet using `--vnet-subnet-id` and the pod subnet using `--pod-subnet-id`.
 
-```azurecli-interactive
-clusterName="myAKSCluster"
-subscription="aaaaaaa-aaaaa-aaaaaa-aaaa"
+    ```azurecli-interactive
+    clusterName="myAKSCluster"
+    subscription="aaaaaaa-aaaaa-aaaaaa-aaaa"
 
-az aks create -n $clusterName -g $resourceGroup -l $location \
-  --max-pods 250 \
-  --node-count 2 \
-  --network-plugin azure \
-  --vnet-subnet-id /subscriptions/$subscription/resourceGroups/$resourceGroup/providers/Microsoft.Network/virtualNetworks/$vnet/subnets/nodesubnet \
-  --pod-subnet-id /subscriptions/$subscription/resourceGroups/$resourceGroup/providers/Microsoft.Network/virtualNetworks/$vnet/subnets/podsubnet  
-```
+    az aks create -n $clusterName -g $resourceGroup -l $location \
+      --max-pods 250 \
+      --node-count 2 \
+      --network-plugin azure \
+      --vnet-subnet-id /subscriptions/$subscription/resourceGroups/$resourceGroup/providers/Microsoft.Network/virtualNetworks/$vnet/subnets/nodesubnet \
+      --pod-subnet-id /subscriptions/$subscription/resourceGroups/$resourceGroup/providers/Microsoft.Network/virtualNetworks/$vnet/subnets/podsubnet  
+    ```
 
-#### Adding node pool
+### Adding node pool
 
 When adding node pool, reference the node subnet using `--vnet-subnet-id` and the pod subnet using `--pod-subnet-id`. The following example creates two new subnets that are then referenced in the creation of a new node pool:
 
-```azurecli-interactive
-az network vnet subnet create -g $resourceGroup --vnet-name $vnet --name node2subnet --address-prefixes 10.242.0.0/16 -o none 
-az network vnet subnet create -g $resourceGroup --vnet-name $vnet --name pod2subnet --address-prefixes 10.243.0.0/16 -o none 
+    ```azurecli-interactive
+    az network vnet subnet create -g $resourceGroup --vnet-name $vnet --name node2subnet --address-prefixes 10.242.0.0/16 -o none 
+    az network vnet subnet create -g $resourceGroup --vnet-name $vnet --name pod2subnet --address-prefixes 10.243.0.0/16 -o none 
 
-az aks nodepool add --cluster-name $clusterName -g $resourceGroup  -n newnodepool \
-  --max-pods 250 \
-  --node-count 2 \
-  --vnet-subnet-id /subscriptions/$subscription/resourceGroups/$resourceGroup/providers/Microsoft.Network/virtualNetworks/$vnet/subnets/node2subnet \
-  --pod-subnet-id /subscriptions/$subscription/resourceGroups/$resourceGroup/providers/Microsoft.Network/virtualNetworks/$vnet/subnets/pod2subnet \
-  --no-wait 
-```
+    az aks nodepool add --cluster-name $clusterName -g $resourceGroup  -n newnodepool \
+      --max-pods 250 \
+      --node-count 2 \
+      --vnet-subnet-id /subscriptions/$subscription/resourceGroups/$resourceGroup/providers/Microsoft.Network/virtualNetworks/$vnet/subnets/node2subnet \
+      --pod-subnet-id /subscriptions/$subscription/resourceGroups/$resourceGroup/providers/Microsoft.Network/virtualNetworks/$vnet/subnets/pod2subnet \
+      --no-wait
+    ```
 
-### Dynamic allocation of IP addresses and enhanced subnet support FAQs
+## Dynamic allocation of IP addresses and enhanced subnet support FAQs
 
-* *Can I assign multiple pod subnets to a cluster/node pool?*
+* **Can I assign multiple pod subnets to a cluster/node pool?**
 
   Only one subnet can be assigned to a cluster or node pool. However, multiple clusters or node pools can share a single subnet.
 
-* *Can I assign Pod subnets from a different VNet altogether?*
+* **Can I assign Pod subnets from a different VNet altogether?**
 
   No, the pod subnet should be from the same VNet as the cluster.  
 
-* *Can some node pools in a cluster use the traditional CNI while others use the new CNI?*
+* **Can some node pools in a cluster use the traditional CNI while others use the new CNI?**
 
   The entire cluster should use only one type of CNI.
 
@@ -147,35 +135,9 @@ Learn more about networking in AKS in the following articles:
 * [Create an ingress controller with a dynamic public IP and configure Let's Encrypt to automatically generate TLS certificates][aks-ingress-tls]
 * [Create an ingress controller with a static public IP and configure Let's Encrypt to automatically generate TLS certificates][aks-ingress-static-tls]
 
-<!-- IMAGES -->
-[advanced-networking-diagram-01]: ./media/networking-overview/advanced-networking-diagram-01.png
-[portal-01-networking-advanced]: ./media/networking-overview/portal-01-networking-advanced.png
-
-<!-- LINKS - External -->
-[services]: https://kubernetes.io/docs/concepts/services-networking/service/
-[portal]: https://portal.azure.com
-[cni-networking]: https://github.com/Azure/azure-container-networking/blob/master/docs/cni.md
-[kubenet]: concepts-network.md#kubenet-basic-networking
-[github]: https://raw.githubusercontent.com/microsoft/Docker-Provider/ci_prod/kubernetes/container-azm-ms-agentconfig.yaml
-
 <!-- LINKS - Internal -->
-[az-aks-create]: /cli/azure/aks#az_aks_create
-[aks-ssh]: ssh.md
-[ManagedClusterAgentPoolProfile]: /azure/templates/microsoft.containerservice/managedclusters#managedclusteragentpoolprofile-object
-[aks-network-concepts]: concepts-network.md
-[aks-network-nsg]: concepts-network.md#network-security-groups
 [aks-ingress-basic]: ingress-basic.md
 [aks-ingress-tls]: ingress-tls.md
 [aks-ingress-static-tls]: ingress-static-ip.md
 [aks-http-app-routing]: http-application-routing.md
 [aks-ingress-internal]: ingress-internal-ip.md
-[az-extension-add]: /cli/azure/extension#az_extension_add
-[az-extension-update]: /cli/azure/extension#az_extension_update
-[az-feature-register]: /cli/azure/feature#az_feature_register
-[az-feature-list]: /cli/azure/feature#az_feature_list
-[az-provider-register]: /cli/azure/provider#az_provider_register
-[network-policy]: use-network-policies.md
-[nodepool-upgrade]: use-multiple-node-pools.md#upgrade-a-node-pool
-[network-comparisons]: concepts-network.md#compare-network-models
-[system-node-pools]: use-system-pools.md
-[prerequisites]: configure-azure-cni.md#prerequisites