Azure ByoVNet

Bring your own VNet


Only available to Enterprise Customers


  • We strongly recommend installing in a clean, isolated subscription to avoid subscription-scope rate limits present in AKS
  • We recommend adding Service Endpoints for Microsoft.Sql and Microsoft.Storage to ensure private traffic to those services
  • We recommend creating a subnet with at least a /24 to support future expansion (a /22 should be sufficient for all future expansion). We recommend against creating a subnet any smaller than a /27.
  • The subnet requires unrestricted egress access to

Info to send back to Ascend for the installation (in addition to the information here)

  • Resource Group Name
  • VNet Name
  • Subnet Name
  • Pod IP range
  • Pod IP range must be equal to the total number of private subnet IPs * 256. An easy way to get this is if you've allocated a /24 for the private subnets, the pod IP range must be a /16 (24–8 = 16).
  • Service IP range
  • Service IP range must be a /24
  • Docker Bridge Address
  • This is a single IP

Pod, Service, Docker Bridge Ranges/IPs

  • Details for the required ranges for Azure are documented here. We can infer the IP for the DNS Service from the provided Service IP Range. You aren't required to provide the IP.
  • Pod Range, Service Range, and Docker Bridge Address may overlap with other peered network resources, but must not overlap with the IPs of any data sources that the customer wishes to connect Ascend to.
  • In the instance that you have multiple environments peered to the same private networks, all environments may use the same pod, service, and docker bridge ranges/addresses. We recommend doing this to reduce the complexity around IP range management.