Public ip range /28

Question

Hello,

Is that possible to attach a public ip range /28 or more to a single VM and without private IP.
For example i have bellow configuration:
Main vm ip:20.20.20.5
Ip range routed to the vm:20.20.60.0/28

I don't need private ip(10.x.x.x) i need that public range and IP will be associate directly to the server withouy NAt.

Thank you

Answer 1

Hello @sofien atweni

Thank you for post.

For your case scenario, I would think that the next info will be useful for you please see it below:

***Prefix sizes
The following public IP prefix sizes are available:
/28 (IPv4) or /124 (IPv6) = 16 addresses
/29 (IPv4) or /125 (IPv6) = 8 addresses
/30 (IPv4) or /126 (IPv6) = 4 addresses
/31 (IPv4) or /127 (IPv6) = 2 addresses

Prefix size is specified as a Classless Inter-Domain Routing (CIDR) mask size.
There aren't limits as to how many prefixes created in a subscription. The number of ranges created can't exceed more static public IP addresses than allowed in your subscription. For more information, see Azure limits.

Scenarios

You can associate the following resources to a static public IP address from a prefix:
Resource Scenario Steps
Virtual machines Associating public IPs from a prefix to your virtual machines in Azure reduces management overhead when adding IP addresses to an allowlist in the firewall. You can add an entire prefix with a single firewall rule. As you scale with virtual machines in Azure, you can associate IPs from the same prefix saving cost, time, and management overhead. To associate IPs from a prefix to your virtual machine:

1. Create a prefix.
2. Create an IP from the prefix.
3. Associate the IP to your virtual machine's network interface.

You can also associate the IPs to a Virtual Machine Scale Set.

Standard load balancers Associating public IPs from a prefix to your frontend IP configuration or outbound rule of a load balancer ensures simplification of your Azure public IP address space. Simplify your scenario by grooming outbound connections from a range of contiguous IP addresses. To associate IPs from a prefix to your load balancer:

1. Create a prefix.
2. Create an IP from the prefix.
3. When creating the load balancer, select or update the IP created in step 2 above as the frontend IP of your load balancer.

Azure Firewall You can use a public IP from a prefix for outbound SNAT. All outbound virtual network traffic is translated to the Azure Firewall public IP. To associate an IP from a prefix to your firewall:

1. Create a prefix.
2. Create an IP from the prefix.
3. When you deploy the Azure firewall, be sure to select the IP you previously gave from the prefix.

VPN Gateway (AZ SKU), Application Gateway v2, NAT Gateway You can use a public IP from a prefix for your gateway To associate an IP from a prefix to your gateway:

1. Create a prefix.
2. Create an IP from the prefix.
3. When you deploy the VPN Gateway, Application Gateway, or NAT Gateway, be sure to select the IP you previously gave from the prefix.

Additionally, the Public IP address prefix resource can be utilized directly by certain resources:
Resource Scenario Steps

Virtual machine scale sets You can use a public IP address prefix to generate instance-level IPs in a virtual machine scale set, though individual public IP resources won't be created. Use a template with instructions to use this prefix for public IP configuration as part of the scale set creation. (Note that the zonal properties of the prefix will be passed to the instance IPs, though they will not show in the output; see Networking for Virtual Machine Scale sets for more information.)
Standard load balancers A public IP address prefix can be used to scale a load balancer by using all IPs in the range for outbound connections. To associate a prefix to your load balancer:

1. Create a prefix.
2. When creating the load balancer, select the IP prefix as associated with the frontend of your load balancer.
   NAT Gateway A public IP prefix can be used to scale a NAT gateway by using the public IPs in the prefix for outbound connections. To associate a prefix to your NAT Gateway:
3. Create a prefix.
4. When creating the NAT Gateway, select the IP prefix as the Outbound IP. (Note that a NAT Gateway can have no more than 16 IPs in total, so a public IP prefix of /28 length is the maximum size that can be used.)

Limitations

You can't specify the set of IP addresses for the prefix (though you can specify which IP you want from the prefix). Azure gives the IP addresses for the prefix, based on the size that you specify. Additionally, all public IP addresses created from the prefix must exist in the same Azure region and subscription as the prefix. Addresses must be assigned to resources in the same region and subscription.

You can create a prefix of up to 16 IP addresses. Review Network limits increase requests and Azure limits for more information.
The size of the range cannot be modified after the prefix has been created.
Only static public IP addresses created with the standard SKU can be assigned from the prefix's range. To learn more about public IP address SKUs, see public IP address.

Addresses from the range can only be assigned to Azure Resource Manager resources. Addresses can't be assigned to resources in the classic deployment model.

You can't delete a prefix if any addresses within it are assigned to public IP address resources associated to a resource. Dissociate all public IP address resources that are assigned IP addresses from the prefix first. For more information on disassociating public IP addresses, see Manage public IP addresses.

IPv6 is supported on basic public IPs with dynamic allocation only. Dynamic allocation means the IPv6 address will change if you delete and redeploy your resource in Azure.

Standard IPv6 public IPs support static (reserved) allocation.

Standard internal load balancers support dynamic allocation from within the subnet to which they're assigned.

Routing preference Internet IPs are not supported in a public IP address prefix.***

Looking forward to your feedback,

Cheers,

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Answer 2

Hello @sofien atweni ,

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you would like to attach a Public IP range of /28 to a single VM without private IP.

• Private IP is a must. We cannot have a VM without private IP.
• VMs in Azure cannot exist without being bound to a Vnet. Every VM in Azure will have a private IP , as it is a part of the VNet, and this IP is essential for the communication of host to guest OS, guest OS to gateway/other VMs in the Vnet, and DNS services.

Wrt /28 prefix,

• It is possible to create a Public IP prefix of /28
• https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/public-ip-address-prefix
• You can attach the IPs from this prefix to the VM, but you should have multiple NICs or multiple IP configurations per NIC or a combination of both
• https://learn.microsoft.com/en-us/azure/virtual-machines/windows/multiple-nics
• https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/virtual-network-multiple-ip-addresses-portal
• A single IP configuration can only have one Public IP address associated to it. By leveraging the above, and creating multiple IP configurations, we can attach multiple Public IP configurations to a single VM
• Note : The guest OS will only honor the Primary Public IP by default. You have to make OS-level configurations to support routing via non-primary IP Addresses.
• With every additional IP Configuration, you will get an additional private IP.

I hope this helps. Please let me know if you have any follow-up queries on this.

Cheers,
Kapil.

----------------------------------------------------------------------------------------------------------------

Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.