As customers adopt and scale their applications in Azure, they constantly need to grow or resize their networks in the cloud. Virtual networks in Azure have had a long-standing constraint where any address space change is only allowed if the virtual network does not have any peerings. Today, we are announcing that this limitation has been lifted, and customers can freely resize their virtual networks without incurring any downtime. With this feature, existing peerings on the virtual network do not need to be deleted prior to adding or deleting an address prefix on the virtual network.
Details on adding or removing address space on peered virtual networks
You can update (add or remove) address space on a virtual network that is peered with another virtual network in the same region or across regions. Address space update on virtual networks also works if the virtual network has peered with another virtual network across subscriptions. Note: Virtual networks that have peerings across AD tenants are currently not supported. This feature introduces two new properties on the virtualNetworkPeerings object of the virtual network: This feature introduces two new properties on the virtualNetworkPeerings object of the virtual network:
- remoteVirtualNetworkAddressSpace: Contains the most current address space of the peered virtual network. This address may or may not be the same as the peered address contained in the remoteAddressSpace property.
- peeringSyncLevel: Indicates if the address contained in the remoteVirtualNetworkAddressSpace property is the same as the address that is actually peered with the virtual network.
When address space on a virtual network (1) is updated, the corresponding peering links on the remote virtual networks towards this virtual network (1) need to be synced with the new address space. The status of the peering links between the two virtual networks indicates which side of the peering link needs to be synced with the new address space.
- LocalNotInSync: When you update the address space on the first virtual network (1), the peering status of the link from the second virtual network (2) to the first virtual network (1) is LocalNotInSync. At this stage, while the peering is active across the old address space of the virtual network, the new address space has not peered with the remote virtual network.
- RemoteNotInSync: When you update address space on the first virtual network (1), the peering status of the link from the first virtual network to the second virtual network (2) is RemoteNotInSync. A sync operation on the peering link from the virtual network (2) to the virtual network (1) will synchronize the address space across the peering.
Note: Address changes on virtual networks in ARM that have peerings to ASM virtual networks are enabled; however, the ASM virtual network will not be updated with the new address space of the ARM virtual network.
Update March 22, 2022: This feature currently does not support syncing of the new address space on a peered Virtual WAN Hub virtual network and is not recommended for use on virtual networks that are peered to a VWAN Hub virtual network.
The feature is in preview and supported across all production Azure regions.
Get started today
Updating the address space on a virtual network that is peered can be accomplished in two easy steps. It is supported through REST APIs as well as Portal and PowerShell clients.
- Add a new address on a virtual network that has active peering connections with other virtual networks.
- Perform a "sync" on the peering link from each of the peered remote virtual networks to this virtual network (1) on which the address change is made. This action is required for each remote peered virtual network to learn of the newly added address prefix.
To do this on the Azure portal, go to the peerings tab on the virtual network where the address update has been made. Select all the peerings that have peering status as "Remote sync required," and then click the Sync button. This will ensure that all the remote peered virtual networks learn the updated address space of this virtual network (1).
The sync can also be performed individually on the peering link from each remote peered virtual network by going to the peerings tab on the remote virtual networks.
To do this in PowerShell, use the commandlet: Sync-AzVirtualNetworkPeering on each peering link from the remote virtual network to the virtual network (1) on which the address change is made.
While the feature is in preview, customers need to register their subscriptions with the following feature flag: Microsoft.Network/AllowUpdateAddressSpaceInPeeredVnets to use this capability. This flag will be deprecated when the feature is generally available.
We will have several improvements to the user experience rolling out in the next few weeks. These will include a single-click (bulk) option on the Azure portal to "sync" multiple peers when an address space change is made as well as improved warning and error messages. Additionally, support for virtual networks that are peered across Azure Active Directory tenants will also be gradually rolled out.
We’re always listening and making constant improvements, so please keep the feedback coming.