Azure Stack Hub 1910 new private IP address range requirement

Anyone who follows Azure Stack Hub may well remember that back in update 1905, there were a couple of new infrastructure roles created (Infrastructure ring and Support Ring), in preparation for running containerized version of the infrastructure roles that run the AzsHub core. Here’s a screen grab of the release note for that release that I provide for convenience as the original article has been archived:

With update 1910, there is a new requirement before deploying the next update that an additional private /20 address is required for the containerized workloads. The release notes for the update gives some good detail on this requirement and why it is needed:

Once the 1910 update has been applied, you will soon see the following alert in the Admin portal:

The instructions link takes you to the release note link I posted above.

So, what do you have to plan for to implement this change? In reality, not much. The only requirements are to use a range in the IANA private IP Address ranges and that what you choose is not already in use within your network.

Private ranges you can use:

  • 10.0.0.0/8

  • 172.16.0.0/12

  • 192.168.0.0/16

With regards to checking whether the address range is already in use, you’ll have to check with your network team or consult your IPAM system.

With regards to actually adding the addresses, it is very straightforward.

Per the instructions in the release notes, you need to open a PEP session and run a simple PowerShell command.

For my environment, I chose 172.16.0.0/20 as the address range.


$creds = Get-Credential -Message "Enter cloud admin credentials" -UserName "mystamp\cloudadmin"
$pepIP = "mypepip"

$session = New-PSSession -ComputerName $pepIP -ConfigurationName PrivilegedEndpoint -Credential $creds

Invoke-Command -Session $Session -ScriptBlock {
    Set-AzsPrivateNetwork -UserSubnet 172.16.0.0/20

Here’s what you will see if the command has run successfully:

If you are lucky enough to have multiple stamps in your network, you can reuse the same address range for all installations. as it is only used internally by Azure Stack Hub.