Search code examples
azureazure-virtual-network

2 VNETs vs. 1 VNET with 2 subnets?

In Azure I can create

  • one VNET and 2 subnets in it or
  • I can create two VNETs, each with one subnet in it.

What are the practical consequences/differences? E.g in terms of routing, isolation...?

Solution

  • Well, it all depends on what you want to deploy, what your goal is. So I can only give some limited advice as I do not know your use case.

    • Traffic between subnets within a VNET is allowed by default, whereas VNET to VNET traffic is not. This all can be changed through peering, Network Security Groups (NSG) and such but it might give you an idea when to use what.
    • a VNET cannot span multiple regions, so if you have resources that are placed in different regions you cannot put them in the same VNET

    A reasonable approach is to create seperate VNETs for different workloads like dev/test/prod and have subnets in them for the different resources.

    Then there is the Hub and Spoke architecture in which different VNETs containing workloads (spokes) can be accessed through a dedicated VNET (the hub) that controls the traffic flowing in and out. The hub is peered with the spokes.

    The docs also list some considerations and azure virtual networking patterns.