+44 (0)20 3051 3595 | info@coeo.com | Client portal login

Azure Networking: There ain’t no Party like an S-net Party!

Marc Dunbar

I’m fortunate to be presenting “Azure Networking for DBAs, all you need to know in 20 minutes” alongside Christian Bowman. It sounded like a good idea at the time until it hit me, 20 minutes to talk about networking is not long at all! For context, I run an Azure Networking training session at Coeo which lasts for 2 days. Even the official Microsoft AZ-700 course for Azure Networking is 3 days! That would require compression of 97%, even a text file with largely blank space would struggle to compress that much.

Like how mp3 compresses music by removing sounds and frequencies the human ear is unlikely to detect anyway, the same concept was applied to the networking content. At the end of the day, this is a fundamentals session, not a deep dive into the OSI model. With this in mind, let’s keep it simple and fun...just like networking should be.

The theme at SQLBits 2023 is Dungeons and Dragons and to say we’ve gone all in is an understatement. Let me introduce you to our cast:

We follow our adventurers as they attend a Dungeons & Dragons party. What happens when things get out of hand? You’ll have to come and see it in person.

At this point you’re probably thinking networking must be really cool (just me?) or what does this have to do with networking in Azure?

The Eagle-eyed amongst you would have noticed that Norman the Doorman is actually a Network Security Group (NSG). Think of those nightclubs you see in films and TV; they often have someone standing at the entrance, who looks like they have been to the gym at least a few times in their life. They have a list of who is allowed in, if you’re not on the list, you’re not getting in. An example would be the 1994 film, The Mask. We had the same scenario at Coco-Bongo when the Mask tried to enter the club. However, he was able to bribe the doorman with cash. Luckily in our scenario with the NSG, they don’t take bribes so it truly is; if you aren’t on the list, you aren’t getting in.

Let’s bring the topic back to the title of this blog. We talked about the party, but not the subnets. When you define Virtual Networks and Subnets in Azure, you have to use something called Classless Inter-Domain Routing, or CIDR for short. As someone from the West Country, I really appreciate this acronym as it shares its name with our local tipple.

Explaining CIDR is quite a complicated topic and the internet is full of over-complicated explanations. Given this is a fundamental topic, we need to the explanation simple and build an analogy to what people can relate to. I intend to do this with chocolate as everyone likes a little bit of chocolate now and then.

Before I do so, I wanted to see if ChatGPT had a revolutionary answer for us. For those who are not aware, ChatGPT is an AI language model which can be used to answer life’s questions. So, I thought I would ask “How do you explain Classless Inter-Domain Routing to a 5-year-old?” I was pleasantly surprised by the response.

“Imagine you have a lot of toy cars and you want to organize them into different groups. You can use boxes of different sizes to fit different numbers of cars. Some boxes are big and can fit lots of cars, while others are smaller and can only fit a few.

CIDR is like using different-sized boxes to organize your toy cars. Instead of toy cars, we're talking about computer addresses, which are like phone numbers for computers. Just like you have different-sized boxes for different numbers of toy cars, we have different-sized groups of addresses for different numbers of computers.”

That’s not bad, however, it doesn’t help us create networks in Azure. Keep that analogy in your head whilst we talk about CIDR notation. This is how we determine the size of the subnet, or in the analogy the size of the toy boxes.

Let’s assume we have a network with the address space This means that the IP addresses allowed within this network are:

10. Anything between 0 – 255. Anything between 0 – 255. Anything between 0 – 255

If the address space was, this would translate to:

10.0. Anything between 0 – 255. Anything between 0 – 255

And would be

10.0.0. Anything between 0 – 255

This is easier explained in the visualisation below


The key points to remember here are that /8 locks the first number, /16 locks the first 2 numbers, and /24 locks the first 3 numbers. These numbers between the dots are actually called Octets but I’ll get into that in my next blog where we go deeper into this topic.

At this point, you could stop and create a 10.0.00/8 virtual network and carve it up into /24 subnets and that would work. In reality, we need to make subnets smaller than /24. This is where chocolate comes in.

If we focus solely on the last octet, a /24 subnet will allow the last subnet to have a range of 0-255 and gives us 256 usable address.

If we want to half the number of addresses, we would change the CIDR notation to be /25. This would give us 128 usable addresses

Think of a chocolate bar – a whole chocolate bar could be written as 1/1.

If you break it in half it is written as ½.

Every time you are half the size of the chocolate bar, the denominator increases.

Every time you are half the size of the subnet, the CIDR notation increases.

Below is a cheat sheet for subnetting:



4th Octet Range






0–127, 128-255



0–63, 64–127, 128–191, 192-255



0-31, 32-63, 64-95, 96-127, 128-159, 160-191, 192-223, 224-255


You can go beyond /27 but this is the minimum recommended size in Azure.

In the table above. Notice how the 4th Octet has set ranges depending on the size of the subnet. A /24 has 256 usable addresses therefore must use the full range from 0-255.

A /25 has half the usable addresses at 128. However, because /25 is half the size of /24, you must be able to fit into/25 ranges within a /24. This means that the last octet can only be between 0-127 or 128-255 with a /25. You can complicate it further and have a /25 followed by 2x /26 subnets.

So how would you write a /25 subnet that starts at 0 and 128? Let’s assume the first 3 octets are 10.0.0 for simplicity:

/25 starting at 0


/25 starting at 128

When you write CIDR notation, you’re essentially writing the first available address in the network. The /xx defines how many addresses are allowed in the subnet.

I know this sounds complicated and it is. That’s why I recommend you use a subnet calculator if you’re unsure. There are several available, however, this is a good one to get you started as it clearly shows the CIDR notation under the subnet section: https://www.calculator.net/ip-subnet-calculator.html

Don’t worry about the other numbers in the subnet, that is a topic for another time. However, they are the subnet mask which is the long-hand version of CIDR notation.

Hopefully, you’ll join us at SQLBits 2023 where we will go into this topic in more detail with demos (what could possibly go wrong) and perhaps a little surprise…

Subscribe to Email Updates

Back to top