Hello @saurabh ,
Does the Azure Bastion service require a public IP to work?
Yes, Azure Bastion requires a public IP in order to function. You can follow this documentation to configure a Bastion Host via Portal.
Also if one has to use Bastion to connect to a Azure BM in a vnet, does at anytime the traffic will traverse the public internet ?
Yes. The traffic from portal to Azure Bastion edge will traverse over HTTPS (443, Internet). The diagram below from the Azure Bastion documentation will help you understand the traffic flow.
Hope this helps! Please let me know if you have any additional questions. Thank you!