What is Azure Virtual Network IP Services?

IP services are a collection of IP address related services that enable communication in an Azure virtual network. Public and private IP addresses are used in Azure for communication between resources. The communication with resources can occur in a private Azure virtual network and the public Internet.

IP services consist of:

  • Public IP addresses

  • Public IP address prefixes

  • Custom IP address prefixes (BYOIP)

  • Private IP addresses

  • Routing preference

  • Routing preference unmetered

Public IP addresses

Public IPs are used by internet resources to communicate inbound to resources in Azure. Public IP addresses can be created with an IPv4 or IPv6 address. You may be given the option to create a dual-stack deployment with a IPv4 and IPv6 address. Public IP addresses are available in Standard and Basic SKUs. Public IP addresses can be static or dynamically assigned.

A public IP address is a resource with its own properties. Some of the resources that you can associate with a public IP address are:

  • Virtual machine network interfaces

  • Internet-facing load balancers

  • Virtual Network gateways (VPN/ER)

  • NAT gateways

  • Application gateways

  • Azure Firewall

  • Bastion Host

For more information about public IP addresses, see Public IP addresses and Create, change, or delete an Azure public IP address

Public IP address prefixes

Public IP prefixes are reserved ranges of IP addresses in Azure. Public IP address prefixes consist of IPv4 or IPv6 addresses. In regions with Availability Zones, Public IP address prefixes can be created as zone-redundant or associated with a specific availability zone. After the public IP prefix is created, you can create public IP addresses.

The following public IP prefix sizes are available:

  • /28 (IPv4) or /124 (IPv6) = 16 addresses

  • /29 (IPv4) or /125 (IPv6) = 8 addresses

  • /30 (IPv4) or /126 (IPv6) = 4 addresses

  • /31 (IPv4) or /127 (IPv6) = 2 addresses

Prefix size is specified as a Classless Inter-Domain Routing (CIDR) mask size.

There aren't limits as to how many prefixes created in a subscription. The number of ranges created can't exceed more static public IP addresses than allowed in your subscription. For more information, see Azure limits.

For more information about public IP address prefixes, see Public IP address prefix and Create, change, or delete a public IP address prefix

Private IP addresses

Private IPs allow communication between resources in Azure. Azure assigns private IP addresses to resources from the address range of the virtual network subnet where the resource is. Private IP addresses in Azure are static or dynamically assigned.

Some of the resources that you can associate a private IP address with are:

  • Network Interface (for Virtual machines, Virtual Machine Scale Sets, container pods ...)

    • Network Interfaces can contain one primary and multiple secondary IP configurations.

    • Each primary IP configuration must be a single IP address (a /32 IPv4 address or a /128 IPv6 address).

    • Secondary IP configurations can be a single IP address OR a block of IP addresses (in preview). Only IPv4 addresses of block size of /28 are available today for associating with a secondary IP configuration.

  • Internal load balancers

  • Application gateways

  • Private endpoints

For more information about private IP addresses, see Private IP addresses.

Routing preference

Azure routing preference enables you to choose how your traffic routes between Azure and the Internet. You can choose to route traffic either via the Microsoft network, or, via the ISP network (public internet). You can choose the routing option while creating a public IP address. By default, traffic is routed via the Microsoft global network for all Azure services.

Routing preference choices include:

  • Microsoft Network - Both ingress and egress traffic stays bulk of the travel on the Microsoft global network. This routing is also known as cold potato routing.

  • Public Internet (ISP network) - The new routing choice Internet routing minimizes travel on the Microsoft global network, and uses the transit ISP network to route your traffic. This routing is also known as hot potato routing.

For more information about routing preference, see What is routing preference?.

Routing preference unmetered

Routing Preference unmetered is available for Content Delivery Network (CDN) providers whose customers host their origin contents in Azure. The service allows CDN providers to establish direct peering connection with Microsoft global network edge routers at various locations.

Your network traffic egressing from origin in Azure destined to CDN provider benefits from the direct connectivity.

  • Data transfer bill for traffic egressing from your Azure resources that are routed through these direct links are free.

  • Direct connect between CDN provider and origin in Azure provides optimal performance as there are no hops in between. This connection benefits the CDN workload that frequently fetches data from the origin.

For more information about routing preference unmetered, see What is Routing Preference Unmetered?

Next steps

Get started creating IP services resources: