Understanding AKS Networking: Underlay Network

If you’ve ever tried to curl a Kubernetes Service IP from a VM and it just… hangs — this guide is for you. We’ll break down: AKS network design CIDR layout (VNet, Subnet, Service CIDR, Pod CIDR) Why ClusterIP fails from a VM Why NodePort works Step-by-step packet flow Full Azure CLI setup All tested on Azure Kubernetes Service (AKS) in Microsoft Azure. 🧱 1️⃣ Network Design Overview We’ll use this lab topology: VNet: 10.0.0.0/16 AKS Subnet: 10.0.1.0/24 VM Subnet: 10.0.2.0/24 Service CIDR: 10.240.0.0/16 Underlay mode (Azure CNI) 🗺️ Architecture Diagram (PlantUML) 🧠 Understanding the CIDRs CIDR Purpose 10.0.0.0/16 Azure VNet 10.0.1.0/24 AKS Nodes 10.0.2.0/24 Test VM 10.240.0.0/16 Kubernetes Services (Virtual) 192.168.0.0/16 Overlay Pods (if enabled) Critical concept: Service CIDR is NOT part of Azure VNet routing. ⚙️ 2️⃣ Full Azure CLI Setup Variables LOCATION = eastus2 RG = aks-networking-lab VNET_NAME = aks-vnet UNDERLAY_SUBNET = aks-underlay-subnet VM_SUBNET = vm-subnet AKS_NAME = aks-