Who is using the Subnet inside a VNet in Azure - azure

I want to see my network topology including the subnets and each resource that uses each subnet such as App Service or Functions etc but I cannot find the options in the portal.
How can I see which resources are using a subnet?

The network topology for a particular vnet can be found in the Overview. This topology preview will include:
Vnet
Subnet
NIC
NSGs
Public IPs
VMs
See the screenshot below for more clarity:
Hope it will help :)

Related

Connecting AKS and Web App with VNet integration

I'm trying to connect my Web App to the AKS LoadBalancer through the VNet integration instead of a public load balancer.
The problem here is to integrate VNet into the web app, the VNet needs to have a subnet delegated to Microsoft.Web/serverFarms. On the other hand, AKS cannot be assigned with a subnet that has a delegation.
I have found this that seemingly has done the exact same thing but it seems to be old as I cannot reproduce the same result. Either I get
VNET aks-subnet is missing a delegation to Microsoft.Web/serverFarms. Please add the delegation and try again. or aks-subnet cannot be used as it's a delegated subnet
I have tried to add two subnets one with delegation to managedClusters and use that for my AKS but the same ... cannot be used as it's a delegated subnet happens.
sidenote: I'm using the bicep script to deploy.
VNET Integration requires a dedicated subnet for the App Service that is going to be integrated. This means the subnet cannot be used for any other purpose, i.E. hosting AKS or VMs.
The App Service can then reach services in other subnets on the same VNET or in peered VNETs.
Subnet Size Requirements are a minimum of /27 and Microsoft recommends /26 for production grade environments.
It is sometimes a little tricky to troubleshoot issues with VNET integration, some good hints are documented here.

Azure AKS vnet to another vnet communication

We have managed AKS Cluster and it has a few applications PODS. In the same subscription, we have a few servers in the different Resource Group and different VNET. We have a requirement to happen a communication between these two VNET's. I have configured vnet peering between two VNET's but we can see that the communication is not happening.
When I add a rule like "Allow port 443 from all networks" on to the NSG of Virtual machines then everything works fine.
Troubleshooting steps are done.
VNET Peering
Got an API Server IP Address from the "kubeconfig" file and added in the NSG of VM's in a diff RG.
But did not resolve an issue. Could you please help me to fix the issue.
AKS Resources are behind the Internal Load Balancer, so peering did not help. I had to use the Public IP Address provisioned during the AKS Creation process in the NSG. After adding PIP(Available in MC_rg-*** resource group) everything started working.
I would suggest to try connecting the VNET's through VPN gateways .
From an Azure virtual network, connecting to another virtual network is essentially the same as connecting to an on premises network via site-to-site (S2S) VPN.
You will need to go through the below listed steps :
Create VNetA and VNetB and the Corresponding Local Networks.
Create the Dynamic Routing VPN Gateways for each virtual network.
Connect the VPN Gateways.
Please find the referred document for implementing the same solution I have mentioned above .
For more information on difference of vnet peering and vnet gateway you can refer this document.

Unable to delete subnet and virtual network in azure

I am just practicing the azure. And I created a virtual network and subnets.
Now I am not able to delete the subnet. I have disconnected all connected devices from the virtual network.
Here is the error getting while deleting subnet
Please help me to clean up the subnet and virtual network.
Thanks
Additional details
All resources in my account
And here is the subnets tab and error getting while deletion:
Subnet configuration:
As the error shows the subnet PrivateSubnet should be in use. And you can see it's delegated to the service Microsoft.Web/serverfarms. So you need to remove the delegated service first. Do it follow the steps here. When the delegated service list is empty, then you can delete the subnet as you want.
Update:
According to my experience, your subnet is in use network/PrivateSubnet/AppLink, it means there is a Web App integrate with your subnet at least. And I didn't see the Web App in your resource group. So I guess there someone else uses your subnet and his Web App still exists. You need to check it yourself.

Azure Virtual Network Gateway - Access resources in other resource groups

Let's take the following scenario:
I have a resource group in the East Region with 1 VM
I have a resource group in the West Region with 1 VM
Both of these VMs are only accessible via Private IP addresses. RDP via Public IP address is not an option. One would assume that in order for me to RDP to these machines, I would have to VPN into Azure's gateway first. However, I don't want to create a virtual gateway in every single resource group.
Is it possible for me to vpn into one resource (in one resource group), and access all of the machines in all other resource groups?
Yes, It's possible to do this with VNet peering(connecting VNets within the same Azure region). You could follow this to implement a hub-spoke network topology in Azure. In this case, the hub VNet is a peering VNet with allow gateway transit enabled and the spoke VNet is a peering VNet with use remote gateways enabled.
please note that you cannot use remote gateways or allow gateway transit with global peering(connecting VNets across Azure regions). Refer to requirements and constraints about global peering.
To use remote gateways or allow gateway transit, peered virtual
networks in must be in the same region.
so you have to move the peering VNets in the same region if the two VNets in each resource group are not in the same region.
Another option will create a separate VPN gateway in another resource group but this is not your expectation. Note that
A Point-to-Site client can only connect to resources in the VNet in
which the virtual network gateway resides.
Refer to VPN gateway FAQ.
You can use vnet peering with Use remote gateways checkbox enabled. You need to peer the vnets together and check use remote gateways on the second vnet (one without gateway).
Reading:
https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke
https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-peering-overview

Not able to associate more than 1 subnet to Kubernetes cluster via AKS

When I create kubernetes cluster from kubernetes service of azure in the networking tab , I have the option to create my own virtual network.
Let's say I created a virtual network with 3 subnets , still in the networking tab options , I can only associate 1 of these subnet to my cluster.
Is it a restriction in AKS?
If so, why it allows to create more than 1 subnet in virtual network?
Not sure but you only can specific one subnet when you create an AKS cluster on the Azure portal. It seems a restriction in AKS. Read the prerequisites. At least, you need one subnet, one AKS cluster. Also, AKS supports a single pool for now.
Don't create more than one AKS cluster in the same subnet.
With advanced networking in AKS, you can deploy a AKS cluster in a existing virtual network and define these subnet names and IP address ranges. IP addresses for the pods and the cluster's nodes are assigned from the specified subnet within the virtual network. So you need to plan IP addressing for your cluster. You should consider doing upgrade and scaling operations when you determine the number of IP addresses.
The reason it allows to create more than 1 subnet in virtual network is that essentially you could create many subnets with valid CIDR block in a VNet. You can create VMs in other subnets or create a dedicated Gatewaysubnet used for VPN gateway in the existing VNet. With advanced networking, this existing virtual network often provides connectivity to an on-premises network using Azure ExpressRoute or Site-to-Site VPN.
Also, it's welcome to give feedback on Azure AKS to improve this feature. Hope this helps.

Resources