Azure Public IP Address Overview and Best Practices

Azure Public IP Addresses are a crucial component of Azure networking, allowing external access to your resources. They can be dynamically or statically assigned.

Azure Public IP Addresses can be used for a variety of purposes, including load balancing, VPNs, and direct internet access. This flexibility makes them a popular choice for Azure users.

Azure Public IP Addresses are not the same as private IP addresses, which are used for communication within a virtual network. Public IP addresses are used for communication with the outside world.

Azure Public IP Address is a service that allows you to assign a public IP address to your resources, enabling them to communicate with the internet.

You can associate a public IP address with various resources, such as virtual machines, public load balancers, and virtual network gateways.

The allocation methods for public IP addresses vary depending on the resource type. For example, virtual machines can use both dynamic and static IPv4 addresses.

Here's a breakdown of the allocation methods for different resource types:

You can also use the Azure CLI to get facts about public IP addresses, such as the IP address or the resource group it belongs to.

You can view, modify settings for, or delete a public IP address. To view settings, you can use the Azure portal, Azure PowerShell, or Azure CLI, depending on your preference.

To modify settings, you can change the assignment method from static to dynamic, but be aware that this will result in the IP address changing when the virtual machine is started after being in the stopped (deallocated) state. To prevent the address from changing, assign a static IP address.

You can delete a public IP address, but you must first remove the IP address from any applicable IP configurations. Here's a summary of the steps to delete a public IP address for different resources:

Changing the public IP address associated with your virtual machine is a straightforward process. You can do this in the Azure portal by selecting "Networking" in the "Settings" section of your virtual machine, then selecting the network interface and IP configuration.

To change the public IP address, you'll need to select the "Public IP address" option and choose a new public IP address from the list. You can also upgrade a basic public IP address to a standard one if needed.

If you want to change the assignment method from static to dynamic, you'll need to remove the public IP address from any applicable IP configurations. This will cause the IP address to be reassigned when the virtual machine is started after being in the stopped (deallocated) state.

You can also use the Azure portal to modify settings for a public IP address, such as the idle timeout or DNS name label. To do this, select the "Configuration" option and make the desired changes.

Here are the steps to view, modify settings for, or delete a public IP address:

Adding a configuration to your virtual machine is a straightforward process. To start, you'll need to access the Virtual machines section in the Azure portal.

In the search box at the top of the portal, enter Virtual machine and select Virtual machines from the search results. From there, select your virtual machine, which is named myVM in this example.

To add a public IP configuration, select Networking in Settings in myVM. Then, select the Network interface of the VM, which will be prefixed with the name of the VM and end with a random number, such as myvm793.

In the Settings of the network interface, select IP configurations and then click + Add. You'll need to enter a name for the IP configuration, such as ipconfig2.

To associate a public IP address, select Associate in the Public IP address field and then choose a public IP address, such as myStandardPublicIP-3, from the dropdown list.

Here are the steps to add a public IP configuration in a concise list:

To view, modify, or delete a public IP address, you can use the Azure portal, Azure PowerShell, or Azure CLI. You can view the settings for a public IP, including the SKU, address, and any associations, by reviewing the settings in the Overview section of a Public IP.

To modify settings, you can change the idle timeout, DNS name label, or assignment method. You can also upgrade a basic IP to standard. To do this, select Configuration to: Modify idle timeout, DNS name label, or change assignment of an IP from static to dynamic.

To delete a public IP, you must first dissociate it from any associated resources, such as a virtual machine or load balancer frontend. You can do this by selecting Dissociate to dissociate the IP address from the NIC configuration, then select Delete.

Here are the steps to delete a public IP address using Azure portal, Azure PowerShell, or Azure CLI:

You can use a load balancer to assign a public IP to all machines in your backend pool, which simplifies your setup and limits the number of public IPs required.

This approach is similar to assigning a public IP to a VM, but it's easier to manage and more cost-effective. However, you still need to create an inbound NAT rule and block it with an NSG to avoid confusion and unnecessary costs.

Azure Virtual Network NAT Gateway is a new service that's currently in preview, but it's likely to become the best way to ensure all your traffic from a vNet uses the same static outbound IP. Once it's generally available, it should be the simplest and cheapest way to obtain a static outbound IP.

Azure Virtual Network and Load Balancer can be a bit tricky to set up, but understanding the basics can make a big difference.

You can assign a public IP to a load balancer, and any machine added to its backend pool will use that public IP for outbound traffic.

This approach is similar to assigning a public IP directly to a VM, but it allows you to limit the number of public IPs required by putting multiple machines behind a load balancer.

However, you still need to pay for the public IP and make sure to block inbound traffic properly with an NSG if you're not using the load balancer.

With a standard load balancer, you don't need to have all machines in the backend in the same availability set, unlike with basic load balancers.

You can create an inbound NAT rule on a high port and then block it with an NSG to avoid wasting a public IP.

NAT Gateway is another option that's currently in preview, but it's likely to be the simplest and cheapest way to obtain a static outbound IP once it goes GA.

Virtual Machine Scale Sets are a great way to manage multiple virtual machines at once, but they work a bit differently when it comes to public IPs.

You can't associate separate public IP objects with individual virtual machine instances in a Virtual Machine Scale Set with public IPs.

A public IP prefix object can be used to generate the instance IPs for the scale set.

To list the Public IPs on a Virtual Machine Scale Set, you can use PowerShell or CLI.

You can use the command Get-AzPublicIpAddress -VirtualMachineScaleSetName or az Virtual Machine Scale Set list-instance-public-ips to list the public IPs.

For more information, see the Networking for Azure Virtual Machine Scale Sets documentation.

Azure's Virtual Network and Load Balancer have a feature called Availability Zone that's crucial to understand.

In regions with availability zones, Standard non-zonal IPs are now zone-redundant by default, starting on a region-by-region basis.

Central Canada, Central Poland, Central Israel, Central France, Central Qatar, East Asia, East US 2, East Norway, Italy North, Sweden Central, South Africa North, South Brazil, West Central Germany, West US 2, and Central Spain are the regions where this change is happening.

You can create Standard SKU Public IPs as non-zonal, zonal, or zone-redundant in regions with availability zones.

However, Basic SKU Public IPs don't have zones and are created as non-zonal.

A public IP's availability zone can't be changed after it's created.

Here's a breakdown of the different types of public IPs and their behaviors:

Domain Name Label is a feature that allows you to specify a DNS label for a public IP resource, which works for both IPv4 and IPv6 addresses.

This selection creates a mapping for a fully qualified domain name (FQDN) to the public IP in the Azure-managed DNS.

For instance, if you create a public IP with the domain name label "contoso" and location "West US Azure", the FQDN "contoso.westus.cloudapp.azure.com" resolves to the public IP address of the resource.

Each domain name label created must be unique within its Azure location.

If you want to use a custom domain for services that use a public IP, you can use Azure DNS or an external DNS provider for your DNS Record.

Here are the Domain Name Label options:

To create a virtual machine in Azure, you'll need to sign in to the Azure portal. In the search box at the top of the portal, enter Virtual machine. Select Virtual machines from the search results. Then, select + Add then + Virtual machine.

You'll need to select the public IP address you created in the prerequisites as the public IP for the virtual machine. To do this, select the Networking tab, or select Next: Disks then Next: Networking. In the Networking tab, select myStandardPublicIP-1 as the Public IP.

Here's a summary of the key settings for creating a virtual machine:

Once you've completed the settings, select the Review + create tab, or select the blue Review + create button. Then, select Create to create the virtual machine.