Adding a new Address Space to a Azure vNet and peering not updated

So last week i had to add a new address space to a vNet as i needed a seperate subnet for Private Endpoints. I added a address space, configured the subnet and setup the private endpoints.

When i started testing i could not reach the private endpoints. I could see the traffic flow in the NSG logs and from other vNets trough the Azure Firewall. And i could not figure it out. I asked a few MVP friends and the answer was that this is a limitation in Azure.

You can’t add a new address space to an existing vNet in Azure that is peered to a vWAN Hub. It will not sync the new Address Space to the vWan Hub.

This is what you will see in the virtual network

And what you will see under the Peering tab

If you try to mark the peering and click on the sync button it will fail with a access denied error. As the peering peers to a Microsoft Subscription with a a HUB solution there.

Azure Virtual WAN FAQ | Microsoft Docs

Can you resize or change the address prefixes of a spoke Virtual Network connected to the Virtual WAN Hub?

No. This is currently not possible. To change the address prefixes of a spoke Virtual Network, please remove the connection between the spoke Virtual Network and the Virtual WAN hub, modify the address spaces of the spoke Virtual Network, and then re-create the connection between the spoke Virtual Network and the Virtual WAN Hub.

So the only solution is to remove the peering and redo it. There is a guide from Microsoft here on how to fix it.

https://docs.microsoft.com/en-us/azure/architecture/networking/prefixes/add-ip-space-peered-vnet

I hope this solves your issue faster then it did for me.

Leave a Reply

Your email address will not be published. Required fields are marked *