Exam AZ-700 topic 1 question 35 discussion

Maximize the number of available IP addresses on VNet1 10.0.0.0/16 Minimize the number of available IP addresses on GatewaySubnet 10.0.0.0/27

10.0.0.0/16 - largest that doesn't overlap with on-prem address 10.0.0.0/27 - the minimum for gateway subnet

Maximize the number of available IP addresses on VNet1, so I don't see a problem with 10.0.0.0/24

Although the question doesn't mention which gateway SKU is to be chosen, it DOES say that route-based policy is a requirement, and since the gateway Basic SKU does not support BGP, we can surmise that a non-Basic SKU must be chosen. Ref. this matrix for BGP support by gateway SKU: https://learn.microsoft.com/en-us/azure/vpn-gateway/about-gateway-skus#benchmark If we accept this premise, then the documentation further states the *only* gateway SKU which supports a /29 is the Basic SKU, which we have determined cannot be chosen. All other gateway SKUs have a minimum requirement of /27. Reference this section: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings#gwsub Since 10.1/16 and 10.0/16 do not overlap, but 10.0/8 do, the correct selection for the maximum VNet is 10.0/16, and the given answer to the question is in error.

it is obvious that the answer is 10.0.0.0/16. so that it will start from 10.0.0.0 to 10.0.255.255. This is the maximum amount. Why /29 is not the answer is explained very well by the others.

"While it's possible to create a gateway subnet as small as /29 (applicable to the Basic SKU only), all other SKUs require a gateway subnet of size /27 or larger (/27, /26, /25 etc.). You might want to create a gateway subnet larger than /27 so that the subnet has enough IP addresses to accommodate possible future configurations." https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings As we are only creating a s2s wouldn't we would be minimizing the addresses used by using a /29 ? The only thing is the sku isn't specified.

VNet1: 10.0.0.0/24 GatewaySubnet: 10.0.0.0/29, when you are making use of the Basic SKU. With the Basic SKU, you can setup a S2S VPN connection. When you're planning your gateway subnet size, refer to the documentation for the configuration that you're planning to create. For example, the ExpressRoute/VPN Gateway coexist configuration requires a larger gateway subnet than most other configurations. While it's possible to create a gateway subnet as small as /29 (applicable to the Basic SKU only), all other SKUs require a gateway subnet of size /27 or larger (/27, /26, /25 etc.). You might want to create a gateway subnet larger than /27 so that the subnet has enough IP addresses to accommodate possible future configurations. https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-gateway-settings Generation1 Basic, Max 10 S2S tunnels https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways

Why not 10.0.0.0/29 for Gatewaysubnet?

Correct answer should be /16 since it doesn't overlap with the on-premise address space 10.1.0.0/16