I’ve got an existing environment that comprises of a spoke vnet with many, multiple subnets to separate different types of workloads and different roles within each workload. NSGs are applied to these subnets to allow traffic in/out. As you can imagine, this takes a lot of IP address space.
I’m looking at building out a new environment where we are more constrained in the number of IP addresses I will be able to assign (actual number TBC, but nowhere near the /18 we currently use).
I’ve read a couple of blog posts by Aidan Finn, specifically https://aidanfinn.com/?p=24065 and https://aidanfinn.com/?p=24851 which technically make sense to me even though it runs contrary to our existing practice and the recommendations and “best practices” you often see online.
Is anyone doing similar to what Aidan is proposing and basically using a single subnet for all their workloads?
I can see pros to doing it this way, but would be interested in hearing any cons as well.
Thanks!