Subnet delegation
-
I am not understanding what this definition of subnet delegation means....Subnet delegation enables you to designate a specific subnet for an Azure PaaS service of your choice that needs to be injected into your virtual network. Subnet delegation provides full control to the customer on managing the integration of Azure services into their virtual networks.
What is meant by injecting a service?
-
In this case, injected is a fancy way of saying add. The purpose of delegating a subnet to an application, or PaaS, is so the application can have control over the subnet, and it is not shared with other applications. An example would be Azure NetApp Files.
When you create a volume in Azure NetApp files, you must delegate a subnet. This allows Azure NetApp Files to establish some basic network configuration rules for that subnet, which help the Azure service operate in a stable manner. As a result, the Azure service may establish some pre or post deployment conditions, such as:
-
Deploy the service in a shared versus dedicated subnet.
-
Add to the service a set of Network Intent Policies post deployment that is required for the service to work properly.
There are additional advantages of delegating a subnet to an application, listed here:
-
-
I'm really showing my ignorance on this topic. What's the difference between creating a volume in your example of Azure NetApp files vs creating a subnet for networking and servers and assigning services to servers on the subnet?
-
Good questions!
Volumes in Azure NetApp Files are used for storage. You can create NFS volumes and SMB volumes. For example, you might use NetApp files to store VHDs for profiles in a WVD deployment. When you delegate a subnet to NetApp Files, you allow the NetApp files service to optimize the subnet for performance.
Different services require different setting to optimize performance.
Creating a subnet and connecting servers to it, and running workloads on those servers, means you will have to optimize the subnet manually, for whatever services you are running.
-
@Mike-Rodrick Another lab I hope i can find. It sort of makes sense, but not really....
Thank you for the feedback.
-
You're welcome! Keep asking till it does make sense!
-
@Mike-Rodrick Ok,
So how does subnet delegation fit into the networking landscape with vm's running different services and it sounds like living on different subnets. If it's too broad a question I understand.
-
Remember why we subnet in the first place. Ethernet is contention-based. This means a node must compete with all other nodes on the network for bandwidth. By creating subnets, we break larger networks with many nodes into smaller networks with fewer nodes.
If you are in a room with 100 people, with everyone trying to talk at the same time, conversation is difficult. Break that room of 100 into 10 rooms of 10 people. In the smaller room, much easier to speak up when you have something to say.
By delegating a subnet to a service, that service is the only thing on that subnet. In a room all by itself. When it needs to speak, it doesn't have to wait for anyone else. That service can also optimize the subnet for what it needs, you don't have to worry if that optimization will have a negative effect on other services.
-
Makes sense, but what is providing the service?. I think that's where i'm losing my understanding. Something has to run the service. is it a vm, is it considered serverless computing?
-
Azure is providing the service. Azure NetApp files is Platform as a Service (PaaS). Because it's PaaS, we don't know (or care) what the service is running on. That's what we are paying for. I don't want to worry about creating VMs to host the service, updating the service, etc. I just want to use the service.
When you create a new NetApp Files volume, you give it a name and a resource group to use. That's it. You don't create VMs, add storage, etc. You just sign up for the service, and they take care of the details. Now you can start using your storage.
Dedicated subnets aren't just for Azure NetApp Files,
"Subnet delegation enables you to designate a specific subnet for an Azure PaaS service of your choice that needs to be injected into your virtual network."
It could be any Azure PaaS service. Azure WebJobs, Azure Cosmos DS, Azure Storage, Azure Cognitive Services, Azure Boards, Azure Pipelines, etc. There are dozens, if not hundreds.
So any service that can benefit from having it's own dedicated subnet can benefit from a delegated subnet.
-
Thank you