Q. I have two virtual networks with the same address space and want to connect them both to my on-premises. What can I do?
A. It is important to use unique IP address spaces for each virtual network used in Azure so that routing can occur between virtual networks and between on-premises and the virtual networks. If virtual networks have the same IP address space and both are connected to on-premises it would not be possible to route from on-premises to resources on the virtual networks. If there was no overlap in the actual virtual subnets used in each network it may be possible to use a limited address space on-premises and route to a subset of the address space of each virtual network however this may not work depending on the negotiation between gateways and even if it works initially you may experience problems. The best option is to remove the address space overlap. Since you cannot move VMs between virtual networks you can instead utilize the fact you can move VMs between virtual subnets in the same virtual network. A high level approach to change the address space used would be as follows:
- Identify a new address space that does not overlap for the virtual network
- Add this new address space to the existing address space of the virtual network
- Create virtual subnets in the new address space
- Shutdown the VMs
- Move the VMs (NICs) to subnets in the new address space portion (using PowerShell or the new Azure portal)
- Remove the now empty virtual subnets from the original address space
- Delete the old address space range
You have now migrated your VMs to a new address space that does not overlap! Note, that to avoid this problem make sure you have a central process to allocate address spaces to be used in cloud services to avoid this type of problem ever happening!
Each week, John Savill answers all of your toughest tech questions about the worlds of Windows Server, Azure, and beyond. Read his past IT advice here, and email your questions to email@example.com.