Static IP, Reserved IP and Instance Level IP in Azure

Static IP, Reserved IP and Instance Level IP in Azure

Loosing public IP for the cloud service and then adjusting the DNS entries in the external server is a pain? Microsoft has recently introduced a few IP related features which makes life easier.

It is very important to understand which one fits the bill.

In this blog we are going to cover the Static IP, reservedIP and instance level IP in Azure, their usage scenarios and different PS cmdlets to create manage and release them.

Static IP https://msdn.microsoft.com/en-us/library/azure/dn630228.aspx

Reserved IP https://msdn.microsoft.com/en-us/library/azure/dn690120.aspx

Instance level IP https://msdn.microsoft.com/en-us/library/azure/dn690118.aspx

Static Internal IP Address

Static internal IP = A private IP address assigned to a VM from a pool of IP addresses available in the Virtual Network within the Subnet(s) that are carved out.

Scenario of the using static internal IP are

1. DNS server
2. Domain controller

A static DIP stays with the VM even through a stop/deprovision state. You can specify a static DIP by using PowerShell at the time you create the VM, or you can update an existing VM.

You can assign the internal IP address using preview portal or PowerShell

Let's create a Virtual Network named testVNet

From the above address space, we see there are three usable Private IPs viz. 10.0.0.4 | 10.0.0.5 | 10.0.0.6.

So we have address space for 8 machine.

Now I want my machine to have a static IP with the address 10.0.0.5 and we see that it is available

Now let us assign 10.0.0.5 to the VM "testVNet" via PowerShell. Let us check the availability of the IP by using the following PowerShell command.

The result of the above command says the IP is available.

Set the storage account to be in the same region where you are creating your VM

PS C:\> Set-AzureSubscription -SubscriptionName "dsdazure-lkumar" -CurrentStorageAccountName "paol"

Assigning a Static IP while provisioning a new VM

Here make sure that the VM

New-AzureVMConfig -Name lkumartestVM -ImageName $img –InstanceSize Small | Add-AzureProvisioningConfig -Windows -AdminUsername $usr -Password $pwd  |Set-AzureSubnet  –SubnetNames $sub  | Set-AzureStaticVNetIP -IPAddress 10.0.0.5 | New-AzureVM –ServiceName $vmsvc1 -VNetName testVNet -Location "east asia"

OperationDescription            OperationId             OperationStatus                                                      

--------------------            -----------                ---------------                                                      

New-AzureVM                    8fe32d65-802f-0a67-9749-fee23742b3fb            Succeeded                                                            

New-AzureVM                    b06a7aba-2966-04af-8d49-6b11a254e7f0            Succeeded                                                            

The above PowerShell command succeeded in creating a new VM "testVNet" in the cloud service  and assigned the IP 10.0.0.5 to the VM 

Let us now confirm the same from the Azure Portal:

The screenshot below confirms that the VM is assigned 10.0.0.5 as intended.

Let us now restart the VM and see if the IP 10.0.0.5 is still bound to the same VM.

And here is the screenshot again which confirms that the IP 10.0.0.5 is still bound to the same VM.

Let us now stop the VM and see what happens when we try to assign the same IP to another VM

PS C:\> New-AzureVMConfig -Name lkumartestVM1 -ImageName $img –InstanceSize Small  | Add-AzureProvisioningConfig -Windows -AdminUsername $usr -Password $pwd  |Set-AzureSubnet  –SubnetNames $sub  | Set-AzureStaticVNetIP -IPAddress 10.0.0.5 | New-AzureVM –ServiceName $vmsvc1 -VNetName testVNet -Location "east asia"

OperationDescription           OperationId                                OperationStatus                                                      

--------------------           -----------                                ---------------                                                      

New-AzureVM                    48ffa950-82c0-0cd6-8613-105f40b9b48d       Succeeded                 

New-AzureVM : Networking.DeploymentVNetAddressAllocationFailure : Unable to allocate the required address spaces for the deployment in a new or predefined subnet that is contained within the specified virtual

network.

At line:1 char:234

+ ... ess 10.0.0.5 | New-AzureVM –ServiceName $vmsvc1 -VNetName testVNet -Location "ea ...

+                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : CloseError: (:) [New-AzureVM], CloudException

    + FullyQualifiedErrorId : Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.PersistentVMs.NewAzureVMCommand

So even after Stopping the VM, the IP sticks to it and is not released to the IP pool.

Let me start the VM and see if it gets the same

And I confirmed that this is the same IP 10.0.0.5

If we delete the VM then we can reuse the internal IP

So the learning is that internal IP will stay with the VM till it is deleted . It will not change even if we keep it on stopped(deallocated)

If you feel this is difficult in PowerShell, we are coming up with doing it in UI in new preview portal

ReservedIP

This has been a big request from the cx who does not want their IP address change when they accidently deallocated the last VM .that means they need not to change their IP in the  DSN records that they are managing on 3rd party servers/sites

Few facts about reserved IP

1.Reserved IP is one of the public IP associated with the subscription .this can exist even when it is not attached with the cloud service . So you can delete the cloud service and use the same IP with the new cloud service if you wish and the IP will remain the same

1. You can get upto 5 reservedip with your subscription . More details can be found here.
2. Right now you can only create reserved IP with the PowerShell but we are working to incorporate this feature in portal.

Lets test it out

I want to create a Virtual Machine in East Asia and I want to use a reservedIP address

Let me see if I already have any reservedIP

Let me see create another IP address in East Asia which I will use in this blog

Let me see if it is listed now

So at this point , I can tell my clients that I will be using the IP 23.101.2.156.

As I don't want to keep the other IP myip4 (23.101.0.140) , I am going to release so anybody else can use it

Before removing the reservedIP ,we will get a confirmation dialog box asking if we really want to release it

And now we can confirm , we no more have the ip that we released.

Now let's try to create the virtual machine and use the newly created reservedIP address

PS C:\> $image="3a50f22b388a4ff7ab41029918570fa6__Windows-Server-2012-Essentials-20131018-enus"

PS C:\> New-AzureVMConfig -Name "myBlogVM" -InstanceSize Small -ImageName $image | Add-AzureProvisioningConfig -Windows -AdminUsername cloudguy -Password Abc123@@@ | New-AzureVM -ServiceName "myBlogService" –ReservedIPName resTest -Location "East Asia"

OperationDescription                                  OperationId                                           OperationStatus                                    

--------------------                                  -----------                                           ---------------                                    

New-AzureVM                                           745f5509-6b1e-18a0-9901-a7050a69baf1                  Succeeded                                          

New-AzureVM                                           182a3421-e9d6-19f7-bac2-985b9803a2e4                  Succeeded                                          

Let us see from the portal if we got the desired reservedIP address

So above confirms that we got the desired VIP reserved

Now this VIP is assigned to the cloud service myBlogService

This can be confirmed in the powershell again

Please note this IP is bound to the subscription , so even if you delete the cloud service , the Reserved IP will still be there with the subscription and can be used. It will only go back to the pool of azure public IP address when it is removed from the subscription using Remove-AzureReservedIP .

Before moving on to other section of the blog , let us discussion about affinity group.

ReservedIP cannot be assigned to the cloud service which are using affinity group bound VNETs(Old VNETs). For the regional VNET, you can specify the affinity group and VNET at the time of the VM creation. The difference is the Regional VNETS are not bound to the affinity group and there we can use  ReservedIP address for the cloud service .

Let us test the above observation

I created affinity group blogAffinity and regional VNET blogVNET in east asia

PS C:\> $image="3a50f22b388a4ff7ab41029918570fa6__Windows-Server-2012-Essentials-20131018-enus"

PS C:\> New-AzureVMConfig -Name "myBlogVM" -InstanceSize Small -ImageName $image | Add-AzureProvisioningConfig -Windows -AdminUsername cloudguy -Password Abc123@@@ | New-AzureVM -ServiceName "myBlogService" –ReservedIPName resTest -AffinityGroup "blogAffinity" -VNetName "blogVNET"

OperationDescription                                                OperationId                                                         OperationStatus                                                   

--------------------                                                -----------                                                         ---------------                                                   

New-AzureVM                                                         e911c256-217a-1e77-b89e-55bfdad763f4                                Succeeded                                                         

New-AzureVM                                                         410b5f2b-2697-1f12-883d-a067b61344f5                                Succeeded                                                         

So we can see this VM is correctly placed with the affinity group ,VNET and reserved IP address

You can find more details on reservedIP on the blog from product group

https://azure.microsoft.com/blog/2014/05/14/reserved-ip-addresses/

https://msdn.microsoft.com/en-us/library/azure/dn690120.aspx

Now let's move to the last section of this blog, instance level IP

Instance level IP (PIP)

You can assign public IP addresses to your virtual machines so they become directly addressable, and eliminate the need to map an endpoint for direct access. Once you’re done, you’ll be able to do things like run FTP servers in Azure and monitor virtual machines directly using their IPs. The virtual machine will also use this public IP as its outgoing IP for all connections that is sourced from this VM. During preview you get two free public IP addresses per subscription.

An instance level public IP (PIP) is an IP address that you can assign directly to your VM, rather than to the cloud service that your VM resides within. This doesn’t take the place of the VIP that is assigned to your cloud service. Rather, it’s additional IP address that you can use to connect to your VM. You can assign one PIP for each VM.

As per MSDN,

If you want to be able to connect to your VM or role instance by an IP address assigned directly to it, rather than using the cloud service VIP:<portnumber>, request a PIP for your VM or your role instance.

• Passive FTP - By having a PIP on your VM, you can receive traffic on just about any port, you will not have to open up an endpoint to receive traffic. This enables scenarios like passive FTP where the ports are chose dynamically.
• Outbound IP - Outbound traffic originating from the VM goes out with PIP as the source and this uniquely identifies the VM to external entities.

Let's create another VM in the same cloud service where I want to specify a PIP

PS C:\> New-AzureVMConfig -Name "myBlogVM01" -InstanceSize Small -ImageName $image | Add-AzureProvisioningConfig -Windows -AdminUsername cloudguy -Password Abc123@@@ |Set-AzurePublicIP -PublicIPName "ftpip" |New-AzureVM -ServiceName myBlogService 

OperationDescription                                                OperationId                                                         OperationStatus                                                   

--------------------                                                -----------                                                         ---------------                                                   

New-AzureVM                                                         762adde3-5ce8-19d0-8eec-80fc37aaff81                                Succeeded                                                         

Below we can see the publiIPAddress assigned to second VM

Please note this IP is different from the reservedIP assigned to the cloud service. Also we cannot reserve the PIP.

Let  me restart the VM and see what happen to the PIP

So no change after the VM was restarted

Let me stop and start again

So once the Vm is deallocated , you will lose the PIP

PIP cannot only be assigned to the new VM but this can be assigned to an existing VM and it can also be removed from the exiting VM

Assign PIP to existing VM

Get-AzureVM -ServiceName FTPInAzure -Name FTPInstance | Set-AzurePublicIP -PublicIPName ftpip | Update-AzureVM

Remove the PIP from a VM

Get-AzureVM -ServiceName FTPInAzure -Name FTPInstance | Remove-AzurePublicIP | Update-AzureVM

Please refer https://msdn.microsoft.com/en-us/library/azure/dn690118.aspx for more details on instance level IP(PIP)

With this we come to end of discussion on static DIP, ReservedIP and PIP. Hopefully this article will add to your existing understanding of these feature  ,usage scenario and limitation.