- Permanently delete a Key Vault in Azure using PowerShell - Fri, Feb 4 2022
- Restore Azure Files with PowerShell - Fri, Jan 28 2022
- Bulk restore deleted Azure AD users - Wed, Dec 29 2021
Public IPs can be essential for services such as application gateways, firewalls, and virtual network gateways in Azure, especially when it comes to making these services accessible from the internet. Assigning a public IP address to a service in Azure is simple.
The trick is to decide whether you need to use a static or a dynamic public IP address. We need to be aware that not all Azure services support static public IPs. Here are some important points about the use of public IP addresses for some popular services in Azure:
- You can assign either dynamic or static public IP addresses to load balancer frontends.
- Virtual machines (VMs) can have either static or dynamic public IP addresses.
- We can only assign dynamic public IP addresses to VPN gateways.
- Application gateway frontends can only have dynamic public IP addresses.
Also, one of the things to keep in mind is that when we assign a static public IP to a service, we cannot specify the IP address on the public IP address resource. This is because Azure assigns the public IP addresses from available IP address pools based on the Azure locations the resources are created in.
Public IP address prefixes are reserved ranges of IP addresses Azure allocates depending on Azure regions and how many public IP addresses you want to use. Each Azure region has several IP ranges available. You can check available ranges in Azure regions via the regularly updated link.
With public IP address prefixes, you can reserve a certain number of consecutive public IP addresses in advance and use them whenever needed.
For instance, you may want to reserve four consecutive IP addresses for your VM farm without having to create your VMs first. In this way, you can easily configure your firewall exceptions or DNS hostname mappings in advance using the reserved range of public IP addresses. This is because you already know which public IP address Azure will assign to the next VM upon creation.
We can create a public IP address prefix in Azure by specifying an IP address prefix such as /30, which allocates four IP addresses from one of the IP ranges available in that region. Even though the IP addresses to allocate are contiguous, we don't know from which range Azure will assign the IP addresses.
Below are some limitations when using public IP prefixes in Azure.
- You can't change the range once you've created the prefix.
- There's only support for static public IP addresses with the Standard SKU.
- You can't delete a prefix if any service in Azure is using any address from its pool.
- There's no support for the classic deployment model or Azure Service Management (ASM).
- There's no support for IPv6 addresses.
- You must assign the IPs in the public IP prefixes to services in the same Azure region as the public IP prefixes.
Creating a new public IP prefix ^
We can look at the cmdlets available in PowerShell to manage public IP prefixes.
In my scenario, I will create a new public IP prefix with four contiguous IP addresses. To be able to have four IP addresses, I need to specify the prefix length of /30.
$prefix1 = New-AzPublicIpPrefix -Name "PrefixforVMs" ` -ResourceGroupName "PIP-Prefixes-RG" ` -PrefixLength 30 ` -Location "North Europe"
As you can see, Azure has automatically reserved the IPs from a range of 184.108.40.206/30. When we create another public IP prefix in the same region (North Europe), Azure might create it from a different IP range in the same region based on availability. Let's see.
$prefix2 = New-AzPublicIpPrefix -Name "PrefixforVMs-2" ` -ResourceGroupName "PIP-Prefixes-RG" ` -PrefixLength 30 ` -Location "North Europe"
This time the IPs came from a different range as expected.
Creating public IPs from a public IP prefix ^
Now we can go back to the first prefix we've created and create a new public IP address from that, which is 220.127.116.11/30.
$ip1 = New-AzPublicIpAddress -PublicIpPrefix $prefix1 ` -Name IP1 ` -ResourceGroupName "PIP-Prefixes-RG" ` -Location 'North Europe' ` -Sku Standard ` -AllocationMethod Static `
We've now created the first public IP from our public IP prefix 18.104.22.168, the first IP of the reserved range 22.214.171.124/30. If we create a second public IP from the same prefix, the IP should be 126.96.36.199. Let's see if that's true.
$ip2 = New-AzPublicIpAddress -PublicIpPrefix $prefix1 ` -Name IP2 ` -ResourceGroupName "PIP-Prefixes-RG" ` -Location 'North Europe' ` -Sku Standard ` -AllocationMethod Static ` -DomainNameLabel "a-new-vm-02"
Yes, it's definitely true! We can now check to see how many IPs within the prefix Azure has already allocated to public IP resources using the following command:
Get-AzPublicIpPrefix -Name "PrefixforVMs" ` -ResourceGroupName "PIP-Prefixes-RG"
Because there are two IP addresses already in use, we cannot delete the prefix until we remove the IPs from it.
We can't remove a public IP prefix when any IP in it is in use
After removing the public IP address resources from the prefix, I can delete the prefix successfully.
Subscribe to 4sysops newsletter!
Remove-AzPublicIpAddress -Name IP1 -ResourceGroupName "PIP-Prefixes-RG" Remove-AzPublicIpAddress -Name IP2 -ResourceGroupName "PIP-Prefixes-RG" Remove-AzPublicIpPrefix -Name PrefixforVMs -ResourceGroupName PIP-Prefixes-RG
Public IP address prefixes are useful when you need to reserve a certain number of public IP addresses within a certain IP range. You can use this feature for all Azure services that support static public IP addresses. This is a paid service in Azure.