Simplify Azure SQL Virtual Machines HA and DR configuration by adopting multi subnet approach
Published Nov 10 2021 07:00 AM 13.1K Views

SQL Server on Azure Virtual Machines is the best option to migrate your SQL Server workloads maintaining complete SQL Server compatibility and operating system level access. It is ideal destination for lift and shift or rehost migration approach. At the outset, High Availability (HA) & Disaster Recovery (DR) technologies for Azure SQL VMs are no different than on-premises world with following options:

  1. Always on Availability Groups (AG)
  2. Always On Failover Cluster Instances (FCI)
  3. Log Shipping
  4. Backup & Restore
  5. Azure Site Recovery (Azure only)

Choosing an HA & DR technology for the database depends on the application’s business requirements for Recovery Time Objective (RTO) and Recovery Point Objective (RPO).

While it’s the same SQL Server running on Azure virtual machines, there are some Azure infrastructure specific nuances when configuring HA & DR. Currently, for AG listener and FCI there is a dependency on Azure Load Balancer to get floating IP functionality within a single subnet, due to lack of Address Resolution Protocol (ARP) in public cloud. We do understand that Azure Load Balancer does introduce additional management and operational overhead for connecting to AG listener and FCI. Azure Load Balancer also induces failover latency of 10 seconds for the load balancing probe (2 unhealthy threshold at 5 second interval being the minimum) to detect the new SQL Server primary. To address this challenge, we did release an alternative way of using Distributed Network Name (DNN) for AG listener and FCI that avoids the need of having Azure Load Balancer. But DNN does come with following limitations:

  • Works only on SQL Server versions starting with either SQL Server 2019 CU8 and later, SQL Server 2017 CU25 and later, or SQL Server 2016 SP3 and later on Windows Server 2016 and later.
  • DNN AG listener MUST be configured with a unique port. The port cannot be shared with any other connection on any replica.
  • DNN AG listener cannot use SQL Server default port of 1433
  • There are additional considerations when using DNN with AG.
  • In case of FCI, even after creating DNN the original virtual network name (VNN) and virtual IP cannot be deleted as they are necessary components of the FCI infrastructure. In addition, there is another step needed to prevent the VNN virtual IP address from being assigned to another resource in Azure as a duplicate.
  • There are additional considerations when using DNN with FCI.

Now, you can simplify Azure SQL VM HA & DR configuration by deploying VMs in multiple subnets and thus eliminate the need for an Azure Load Balancer. Multi subnet configuration helps to match on-premises experience for connecting to your AG listener or FCI. Multi subnet configuration works natively on all supported versions of SQL Server & Windows Server simplifying deployment, maintenance and improving failover time and is Generally Available (GA).

Here's a reference architecture for typical AG with two replicas SQL-VM-1 and SQL-VM-2 in two separate subnets SQL-Subnet-1 and SQL-Subnet-2 respectively thus achieving multi subnet configuration.


Figure 1: Typical multi subnet AG configuration with two replicas.


In multi subnet configuration each AG replica or FCI node will be in separate subnet. These subnets can be

  • Within a virtual network in one region (Typical HA scenario)
  • In different virtual network across Azure regions (Typical DR scenario)

Prerequisite for multi subnet approach is Secondary IP and having MultiSubnetFailover=True in connection string. By using Secondary IP, Windows Server Failover Cluster and SQL Server leverages OR Dependency for cluster IP and AG Listener IP/ FCI virtual IP as shown below thus completing eliminating the need for Azure Load Balancer.



Figure 2: Windows Server 2016 Failover Cluster leveraging OR Dependency between secondary IPs.



Figure 3: AG listener cluster resource leveraging OR Dependency between secondary IPs.



Figure 4: AG listener in SSMS is mapped to the two secondary IPs.



Figure 5: SQL Server FCI Virtual Network Name (VNN) leveraging OR Dependency between secondary IPs.


Here’s a table showing various approaches for Azure SQL VM HA & DR configuration and multi subnet is highly recommended as it offers simplicity without any limitations and failover latency.



To summarize, multi subnet configuration greatly simplifies HA and DR for Azure SQL VMs, and we hope you take advantage of it. Review following articles for detailed step by step guidance of setting up AG and FCI.

Tutorial: Prerequisites for AG in multiple subnets - SQL Server on Azure VM | Microsoft Docs

Tutorial: Configure availability group in multiple subnets - SQL Server on Azure VM | Microsoft Docs

Prepare virtual machines for an FCI - SQL Server on Azure VM | Microsoft Docs

Create an FCI with Azure shared disks - SQL Server on Azure VM | Microsoft Docs



Frequently asked questions reg secondary IP and multi subnet configuration

  1. How many secondary IPs are needed for an AG listener?
    To create an AG listener, you need a dedicated secondary IP per each replica VM.
  2. Is there a limit for number of secondary IPs?
    Yes, there is a limit on the number of private IPs - 256 private IPs per NIC, 256 private IPs per VM.
  3. Is assigning and un assigning secondary IP to a VM NIC an online operation with no impact to VM?
    Yes, secondary IP Assignment has no impact on the VM.
  4. Is there any perf impact to VM’s network traffic when multiple secondary private IPs are assigned?
    No. The total VM bandwidth is shared among all the IP addresses.
  5. Any implication of VM size (VM series) and resize (VM scale up and scale down) on secondary IP?
  6. How does public IP for secondary IP work?
    You can assign a public IP for any private IP on the NIC, however, traffic usually goes outbound from the primary Public IP: Multiple IP addresses for Azure virtual machines - Portal | Microsoft Docs
  7. Can public IP for secondary IP be used for AG listener or FCI to enable connectivity to SQL Server originating from internet?
    Yes, this is just like any other public IP
  8. Any orthogonality issue with other networking features like Accelerated Networking, VNET peering in same/different region, Express Route, Inter VM traffic in multi subnet etc.?
  9. Is there any cost associated with secondary IP?
    Not with private IP but with Public IP Pricing - Virtual Machine IP Address Options | Microsoft Azure
  10. Are the secondary IPs used for cluster and AG listener/FCI reserved?
    Yes, when a secondary IP configuration is saved then the IP is reserved and won’t be assigned to any other VM/device.
1 Comment
Version history
Last update:
‎Oct 28 2021 07:06 PM
Updated by: