Static IP, Reserved IP and Instance Level IP in Azure
Static IP, Reserved IP and Instance Level IP in Azure
Loosing public IP for the cloud service and then adjusting the DNS entries in the external server is a pain? Microsoft has recently introduced a few IP related features which makes life easier.
It is very important to understand which one fits the bill.
In this blog we are going to cover the Static IP, reservedIP and instance level IP in Azure, their usage scenarios and different PS cmdlets to create manage and release them.
Static IP https://msdn.microsoft.com/en-us/library/azure/dn630228.aspx
Reserved IP https://msdn.microsoft.com/en-us/library/azure/dn690120.aspx
Instance level IP https://msdn.microsoft.com/en-us/library/azure/dn690118.aspx
Static Internal IP Address
Static internal IP = A private IP address assigned to a VM from a pool of IP addresses available in the Virtual Network within the Subnet(s) that are carved out.
Scenario of the using static internal IP are
- DNS server
- Domain controller
A static DIP stays with the VM even through a stop/deprovision state. You can specify a static DIP by using PowerShell at the time you create the VM, or you can update an existing VM.
You can assign the internal IP address using preview portal or PowerShell
Let's create a Virtual Network named testVNet
From the above address space, we see there are three usable Private IPs viz. 10.0.0.4 | 10.0.0.5 | 10.0.0.6.
So we have address space for 8 machine.
Now I want my machine to have a static IP with the address 10.0.0.5 and we see that it is available
Now let us assign 10.0.0.5 to the VM "testVNet" via PowerShell. Let us check the availability of the IP by using the following PowerShell command.
The result of the above command says the IP is available.
Set the storage account to be in the same region where you are creating your VM
PS C:\> Set-AzureSubscription -SubscriptionName "dsdazure-lkumar" -CurrentStorageAccountName "paol"
Assigning a Static IP while provisioning a new VM
Here make sure that the VM
New-AzureVMConfig -Name lkumartestVM -ImageName $img –InstanceSize Small | Add-AzureProvisioningConfig -Windows -AdminUsername $usr -Password $pwd |Set-AzureSubnet –SubnetNames $sub | Set-AzureStaticVNetIP -IPAddress 10.0.0.5 | New-AzureVM –ServiceName $vmsvc1 -VNetName testVNet -Location "east asia"
OperationDescription OperationId OperationStatus
-------------------- ----------- ---------------
New-AzureVM 8fe32d65-802f-0a67-9749-fee23742b3fb Succeeded
New-AzureVM b06a7aba-2966-04af-8d49-6b11a254e7f0 Succeeded
The above PowerShell command succeeded in creating a new VM "testVNet" in the cloud service and assigned the IP 10.0.0.5 to the VM
Let us now confirm the same from the Azure Portal:
The screenshot below confirms that the VM is assigned 10.0.0.5 as intended.
Let us now restart the VM and see if the IP 10.0.0.5 is still bound to the same VM.
And here is the screenshot again which confirms that the IP 10.0.0.5 is still bound to the same VM.
Let us now stop the VM and see what happens when we try to assign the same IP to another VM
PS C:\> New-AzureVMConfig -Name lkumartestVM1 -ImageName $img –InstanceSize Small | Add-AzureProvisioningConfig -Windows -AdminUsername $usr -Password $pwd |Set-AzureSubnet –SubnetNames $sub | Set-AzureStaticVNetIP -IPAddress 10.0.0.5 | New-AzureVM –ServiceName $vmsvc1 -VNetName testVNet -Location "east asia"
OperationDescription OperationId OperationStatus
-------------------- ----------- ---------------
New-AzureVM 48ffa950-82c0-0cd6-8613-105f40b9b48d Succeeded
New-AzureVM : Networking.DeploymentVNetAddressAllocationFailure : Unable to allocate the required address spaces for the deployment in a new or predefined subnet that is contained within the specified virtual
network.
At line:1 char:234
+ ... ess 10.0.0.5 | New-AzureVM –ServiceName $vmsvc1 -VNetName testVNet -Location "ea ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [New-AzureVM], CloudException
+ FullyQualifiedErrorId : Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.PersistentVMs.NewAzureVMCommand
So even after Stopping the VM, the IP sticks to it and is not released to the IP pool.
Let me start the VM and see if it gets the same
And I confirmed that this is the same IP 10.0.0.5
If we delete the VM then we can reuse the internal IP
So the learning is that internal IP will stay with the VM till it is deleted . It will not change even if we keep it on stopped(deallocated)
If you feel this is difficult in PowerShell, we are coming up with doing it in UI in new preview portal
ReservedIP
This has been a big request from the cx who does not want their IP address change when they accidently deallocated the last VM .that means they need not to change their IP in the DSN records that they are managing on 3rd party servers/sites
Few facts about reserved IP
1.Reserved IP is one of the public IP associated with the subscription .this can exist even when it is not attached with the cloud service . So you can delete the cloud service and use the same IP with the new cloud service if you wish and the IP will remain the same
- You can get upto 5 reservedip with your subscription . More details can be found here.
- Right now you can only create reserved IP with the PowerShell but we are working to incorporate this feature in portal.
Lets test it out
I want to create a Virtual Machine in East Asia and I want to use a reservedIP address
Let me see if I already have any reservedIP
Let me see create another IP address in East Asia which I will use in this blog
Let me see if it is listed now
So at this point , I can tell my clients that I will be using the IP 23.101.2.156.
As I don't want to keep the other IP myip4 (23.101.0.140) , I am going to release so anybody else can use it
Before removing the reservedIP ,we will get a confirmation dialog box asking if we really want to release it
And now we can confirm , we no more have the ip that we released.
Now let's try to create the virtual machine and use the newly created reservedIP address
PS C:\> $image="3a50f22b388a4ff7ab41029918570fa6__Windows-Server-2012-Essentials-20131018-enus"
PS C:\> New-AzureVMConfig -Name "myBlogVM" -InstanceSize Small -ImageName $image | Add-AzureProvisioningConfig -Windows -AdminUsername cloudguy -Password Abc123@@@ | New-AzureVM -ServiceName "myBlogService" –ReservedIPName resTest -Location "East Asia"
OperationDescription OperationId OperationStatus
-------------------- ----------- ---------------
New-AzureVM 745f5509-6b1e-18a0-9901-a7050a69baf1 Succeeded
New-AzureVM 182a3421-e9d6-19f7-bac2-985b9803a2e4 Succeeded
Let us see from the portal if we got the desired reservedIP address
So above confirms that we got the desired VIP reserved
Now this VIP is assigned to the cloud service myBlogService
This can be confirmed in the powershell again
Please note this IP is bound to the subscription , so even if you delete the cloud service , the Reserved IP will still be there with the subscription and can be used. It will only go back to the pool of azure public IP address when it is removed from the subscription using Remove-AzureReservedIP .
Before moving on to other section of the blog , let us discussion about affinity group.
ReservedIP cannot be assigned to the cloud service which are using affinity group bound VNETs(Old VNETs). For the regional VNET, you can specify the affinity group and VNET at the time of the VM creation. The difference is the Regional VNETS are not bound to the affinity group and there we can use ReservedIP address for the cloud service .
Let us test the above observation
I created affinity group blogAffinity and regional VNET blogVNET in east asia
PS C:\> $image="3a50f22b388a4ff7ab41029918570fa6__Windows-Server-2012-Essentials-20131018-enus"
PS C:\> New-AzureVMConfig -Name "myBlogVM" -InstanceSize Small -ImageName $image | Add-AzureProvisioningConfig -Windows -AdminUsername cloudguy -Password Abc123@@@ | New-AzureVM -ServiceName "myBlogService" –ReservedIPName resTest -AffinityGroup "blogAffinity" -VNetName "blogVNET"
OperationDescription OperationId OperationStatus
-------------------- ----------- ---------------
New-AzureVM e911c256-217a-1e77-b89e-55bfdad763f4 Succeeded
New-AzureVM 410b5f2b-2697-1f12-883d-a067b61344f5 Succeeded
So we can see this VM is correctly placed with the affinity group ,VNET and reserved IP address
You can find more details on reservedIP on the blog from product group
https://azure.microsoft.com/blog/2014/05/14/reserved-ip-addresses/
https://msdn.microsoft.com/en-us/library/azure/dn690120.aspx
Now let's move to the last section of this blog, instance level IP
Instance level IP (PIP)
You can assign public IP addresses to your virtual machines so they become directly addressable, and eliminate the need to map an endpoint for direct access. Once you’re done, you’ll be able to do things like run FTP servers in Azure and monitor virtual machines directly using their IPs. The virtual machine will also use this public IP as its outgoing IP for all connections that is sourced from this VM. During preview you get two free public IP addresses per subscription.
An instance level public IP (PIP) is an IP address that you can assign directly to your VM, rather than to the cloud service that your VM resides within. This doesn’t take the place of the VIP that is assigned to your cloud service. Rather, it’s additional IP address that you can use to connect to your VM. You can assign one PIP for each VM.
As per MSDN,
If you want to be able to connect to your VM or role instance by an IP address assigned directly to it, rather than using the cloud service VIP:<portnumber>, request a PIP for your VM or your role instance.
- Passive FTP - By having a PIP on your VM, you can receive traffic on just about any port, you will not have to open up an endpoint to receive traffic. This enables scenarios like passive FTP where the ports are chose dynamically.
- Outbound IP - Outbound traffic originating from the VM goes out with PIP as the source and this uniquely identifies the VM to external entities.
Let's create another VM in the same cloud service where I want to specify a PIP
PS C:\> New-AzureVMConfig -Name "myBlogVM01" -InstanceSize Small -ImageName $image | Add-AzureProvisioningConfig -Windows -AdminUsername cloudguy -Password Abc123@@@ |Set-AzurePublicIP -PublicIPName "ftpip" |New-AzureVM -ServiceName myBlogService
OperationDescription OperationId OperationStatus
-------------------- ----------- ---------------
New-AzureVM 762adde3-5ce8-19d0-8eec-80fc37aaff81 Succeeded
Below we can see the publiIPAddress assigned to second VM
Please note this IP is different from the reservedIP assigned to the cloud service. Also we cannot reserve the PIP.
Let me restart the VM and see what happen to the PIP
So no change after the VM was restarted
Let me stop and start again
So once the Vm is deallocated , you will lose the PIP
PIP cannot only be assigned to the new VM but this can be assigned to an existing VM and it can also be removed from the exiting VM
Assign PIP to existing VM
Get-AzureVM -ServiceName FTPInAzure -Name FTPInstance | Set-AzurePublicIP -PublicIPName ftpip | Update-AzureVM
Remove the PIP from a VM
Get-AzureVM -ServiceName FTPInAzure -Name FTPInstance | Remove-AzurePublicIP | Update-AzureVM
Please refer https://msdn.microsoft.com/en-us/library/azure/dn690118.aspx for more details on instance level IP(PIP)
With this we come to end of discussion on static DIP, ReservedIP and PIP. Hopefully this article will add to your existing understanding of these feature ,usage scenario and limitation.
Comments
Anonymous
October 07, 2014
I have an Ubuntu VM in its own cloud service on Azure. When I follow the instructions above to create an Azure Reserved IP, it appears to work fine. However, when I then follow the directions to apply the IP to my Ubuntu VM, I get this error: Update-AzureVM : BadRequest : PublicIP per Virtual Machine usage not allowed for this deployment. Any ideas?Anonymous
October 07, 2014
Thank you for the elaborate article. I successfully used the ReservedIP scenario. Just one remark: in my case, when creating the new VM, the IP remained unused and the VIP of the VM was still dynamic (changing after each deallocation). Only after I removed all of the already existing VMs, and re-running the script, the result was as expected.Anonymous
October 09, 2014
Hi Eliot, Most likely you are adding the public IP for an existing VM which is part of an affinity based Virtual Network . I was able to repro it . Please try to perform it in a VM which is part of regional virtual Network and this will work. thanks LaliteshAnonymous
May 14, 2015
The comment has been removedAnonymous
June 11, 2015
Hi, How i can check the reserved ip of my subscription? any ideas?Anonymous
June 24, 2015
@Mani you can refer msdn.microsoft.com/.../dn722412.aspx msdn.microsoft.com/.../dn722418.aspxAnonymous
September 09, 2015
Is this information still valid? The three links at the top are broken now.Anonymous
October 01, 2015
In case of Office 365 tenancy, can you use any of these three IP address? Or these three IP address apply to Infrastructure as a Service (IaaS) VM in Azure?