次の方法で共有


Static IP, Reserved IP and Instance Level IP in Azure

Static IP, Reserved IP and Instance Level IP in Azure

Loosing public IP for the cloud service and then adjusting the DNS entries in the external server is a pain? Microsoft has recently introduced a few IP related features which makes life easier.

It is very important to understand which one fits the bill.

In this blog we are going to cover the Static IP, reservedIP and instance level IP in Azure, their usage scenarios and different PS cmdlets to create manage and release them.

Static IP https://msdn.microsoft.com/en-us/library/azure/dn630228.aspx

Reserved IP https://msdn.microsoft.com/en-us/library/azure/dn690120.aspx

Instance level IP https://msdn.microsoft.com/en-us/library/azure/dn690118.aspx

Static Internal IP Address

Static internal IP = A private IP address assigned to a VM from a pool of IP addresses available in the Virtual Network within the Subnet(s) that are carved out.

Scenario of the using static internal IP are

  1. DNS server
  2. Domain controller

A static DIP stays with the VM even through a stop/deprovision state. You can specify a static DIP by using PowerShell at the time you create the VM, or you can update an existing VM.

You can assign the internal IP address using preview portal or PowerShell

Let's create a Virtual Network named testVNet

clip_image001

From the above address space, we see there are three usable Private IPs viz. 10.0.0.4 | 10.0.0.5 | 10.0.0.6.

So we have address space for 8 machine.

Now I want my machine to have a static IP with the address 10.0.0.5 and we see that it is available

Now let us assign 10.0.0.5 to the VM "testVNet" via PowerShell. Let us check the availability of the IP by using the following PowerShell command.

clip_image002

The result of the above command says the IP is available.

Set the storage account to be in the same region where you are creating your VM

PS C:\> Set-AzureSubscription -SubscriptionName "dsdazure-lkumar" -CurrentStorageAccountName "paol"

Assigning a Static IP while provisioning a new VM

Here make sure that the VM

New-AzureVMConfig -Name lkumartestVM -ImageName $img –InstanceSize Small | Add-AzureProvisioningConfig -Windows -AdminUsername $usr -Password $pwd  |Set-AzureSubnet  –SubnetNames $sub  | Set-AzureStaticVNetIP -IPAddress 10.0.0.5 | New-AzureVM –ServiceName $vmsvc1 -VNetName testVNet -Location "east asia"

OperationDescription            OperationId             OperationStatus                                                      

--------------------            -----------                ---------------                                                      

New-AzureVM                    8fe32d65-802f-0a67-9749-fee23742b3fb            Succeeded                                                            

New-AzureVM                    b06a7aba-2966-04af-8d49-6b11a254e7f0            Succeeded                                                            

The above PowerShell command succeeded in creating a new VM "testVNet" in the cloud service  and assigned the IP 10.0.0.5 to the VM 

Let us now confirm the same from the Azure Portal:

The screenshot below confirms that the VM is assigned 10.0.0.5 as intended.

clip_image003

Let us now restart the VM and see if the IP 10.0.0.5 is still bound to the same VM.

And here is the screenshot again which confirms that the IP 10.0.0.5 is still bound to the same VM.

clip_image003[1]

Let us now stop the VM and see what happens when we try to assign the same IP to another VM

PS C:\> New-AzureVMConfig -Name lkumartestVM1 -ImageName $img –InstanceSize Small  | Add-AzureProvisioningConfig -Windows -AdminUsername $usr -Password $pwd  |Set-AzureSubnet  –SubnetNames $sub  | Set-AzureStaticVNetIP -IPAddress 10.0.0.5 | New-AzureVM –ServiceName $vmsvc1 -VNetName testVNet -Location "east asia"

OperationDescription           OperationId                                OperationStatus                                                      

--------------------           -----------                                ---------------                                                      

New-AzureVM                    48ffa950-82c0-0cd6-8613-105f40b9b48d       Succeeded                 

New-AzureVM : Networking.DeploymentVNetAddressAllocationFailure : Unable to allocate the required address spaces for the deployment in a new or predefined subnet that is contained within the specified virtual

network.

At line:1 char:234

+ ... ess 10.0.0.5 | New-AzureVM –ServiceName $vmsvc1 -VNetName testVNet -Location "ea ...

+                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : CloseError: (:) [New-AzureVM], CloudException

    + FullyQualifiedErrorId : Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.PersistentVMs.NewAzureVMCommand

So even after Stopping the VM, the IP sticks to it and is not released to the IP pool.

clip_image004

Let me start the VM and see if it gets the same

And I confirmed that this is the same IP 10.0.0.5

If we delete the VM then we can reuse the internal IP

So the learning is that internal IP will stay with the VM till it is deleted . It will not change even if we keep it on stopped(deallocated)

If you feel this is difficult in PowerShell, we are coming up with doing it in UI in new preview portal

clip_image005

ReservedIP

This has been a big request from the cx who does not want their IP address change when they accidently deallocated the last VM .that means they need not to change their IP in the  DSN records that they are managing on 3rd party servers/sites

Few facts about reserved IP

1.Reserved IP is one of the public IP associated with the subscription .this can exist even when it is not attached with the cloud service . So you can delete the cloud service and use the same IP with the new cloud service if you wish and the IP will remain the same

  1. You can get upto 5 reservedip with your subscription . More details can be found here.
  2. Right now you can only create reserved IP with the PowerShell but we are working to incorporate this feature in portal.

Lets test it out

I want to create a Virtual Machine in East Asia and I want to use a reservedIP address

Let me see if I already have any reservedIP

clip_image006

Let me see create another IP address in East Asia which I will use in this blog

clip_image007

Let me see if it is listed now

clip_image008

So at this point , I can tell my clients that I will be using the IP 23.101.2.156.

As I don't want to keep the other IP myip4 (23.101.0.140) , I am going to release so anybody else can use it

clip_image009

Before removing the reservedIP ,we will get a confirmation dialog box asking if we really want to release it

clip_image010

And now we can confirm , we no more have the ip that we released.

clip_image011

Now let's try to create the virtual machine and use the newly created reservedIP address

PS C:\> $image="3a50f22b388a4ff7ab41029918570fa6__Windows-Server-2012-Essentials-20131018-enus"

PS C:\> New-AzureVMConfig -Name "myBlogVM" -InstanceSize Small -ImageName $image | Add-AzureProvisioningConfig -Windows -AdminUsername cloudguy -Password Abc123@@@ | New-AzureVM -ServiceName "myBlogService" –ReservedIPName resTest -Location "East Asia"

OperationDescription                                  OperationId                                           OperationStatus                                    

--------------------                                  -----------                                           ---------------                                    

New-AzureVM                                           745f5509-6b1e-18a0-9901-a7050a69baf1                  Succeeded                                          

New-AzureVM                                           182a3421-e9d6-19f7-bac2-985b9803a2e4                  Succeeded                                          

Let us see from the portal if we got the desired reservedIP address

clip_image012

So above confirms that we got the desired VIP reserved

Now this VIP is assigned to the cloud service myBlogService

This can be confirmed in the powershell again

clip_image013

Please note this IP is bound to the subscription , so even if you delete the cloud service , the Reserved IP will still be there with the subscription and can be used. It will only go back to the pool of azure public IP address when it is removed from the subscription using Remove-AzureReservedIP .

Before moving on to other section of the blog , let us discussion about affinity group.

ReservedIP cannot be assigned to the cloud service which are using affinity group bound VNETs(Old VNETs). For the regional VNET, you can specify the affinity group and VNET at the time of the VM creation. The difference is the Regional VNETS are not bound to the affinity group and there we can use  ReservedIP address for the cloud service .

Let us test the above observation

I created affinity group blogAffinity and regional VNET blogVNET in east asia

PS C:\> $image="3a50f22b388a4ff7ab41029918570fa6__Windows-Server-2012-Essentials-20131018-enus"

PS C:\> New-AzureVMConfig -Name "myBlogVM" -InstanceSize Small -ImageName $image | Add-AzureProvisioningConfig -Windows -AdminUsername cloudguy -Password Abc123@@@ | New-AzureVM -ServiceName "myBlogService" –ReservedIPName resTest -AffinityGroup "blogAffinity" -VNetName "blogVNET"

OperationDescription                                                OperationId                                                         OperationStatus                                                   

--------------------                                                -----------                                                         ---------------                                                   

New-AzureVM                                                         e911c256-217a-1e77-b89e-55bfdad763f4                                Succeeded                                                         

New-AzureVM                                                         410b5f2b-2697-1f12-883d-a067b61344f5                                Succeeded                                                         

clip_image014

clip_image015

clip_image016

So we can see this VM is correctly placed with the affinity group ,VNET and reserved IP address

You can find more details on reservedIP on the blog from product group

https://azure.microsoft.com/blog/2014/05/14/reserved-ip-addresses/

https://msdn.microsoft.com/en-us/library/azure/dn690120.aspx

Now let's move to the last section of this blog, instance level IP

Instance level IP (PIP)

You can assign public IP addresses to your virtual machines so they become directly addressable, and eliminate the need to map an endpoint for direct access. Once you’re done, you’ll be able to do things like run FTP servers in Azure and monitor virtual machines directly using their IPs. The virtual machine will also use this public IP as its outgoing IP for all connections that is sourced from this VM. During preview you get two free public IP addresses per subscription.

An instance level public IP (PIP) is an IP address that you can assign directly to your VM, rather than to the cloud service that your VM resides within. This doesn’t take the place of the VIP that is assigned to your cloud service. Rather, it’s additional IP address that you can use to connect to your VM. You can assign one PIP for each VM.

As per MSDN,

If you want to be able to connect to your VM or role instance by an IP address assigned directly to it, rather than using the cloud service VIP:<portnumber>, request a PIP for your VM or your role instance.

  • Passive FTP - By having a PIP on your VM, you can receive traffic on just about any port, you will not have to open up an endpoint to receive traffic. This enables scenarios like passive FTP where the ports are chose dynamically.
  • Outbound IP - Outbound traffic originating from the VM goes out with PIP as the source and this uniquely identifies the VM to external entities.

Let's create another VM in the same cloud service where I want to specify a PIP

PS C:\> New-AzureVMConfig -Name "myBlogVM01" -InstanceSize Small -ImageName $image | Add-AzureProvisioningConfig -Windows -AdminUsername cloudguy -Password Abc123@@@ |Set-AzurePublicIP -PublicIPName "ftpip" |New-AzureVM -ServiceName myBlogService 

OperationDescription                                                OperationId                                                         OperationStatus                                                   

--------------------                                                -----------                                                         ---------------                                                   

New-AzureVM                                                         762adde3-5ce8-19d0-8eec-80fc37aaff81                                Succeeded                                                         

Below we can see the publiIPAddress assigned to second VM

clip_image017

Please note this IP is different from the reservedIP assigned to the cloud service. Also we cannot reserve the PIP.

Let  me restart the VM and see what happen to the PIP

clip_image018

So no change after the VM was restarted

Let me stop and start again

clip_image019

clip_image020

So once the Vm is deallocated , you will lose the PIP

PIP cannot only be assigned to the new VM but this can be assigned to an existing VM and it can also be removed from the exiting VM

Assign PIP to existing VM

Get-AzureVM -ServiceName FTPInAzure -Name FTPInstance | Set-AzurePublicIP -PublicIPName ftpip | Update-AzureVM

Remove the PIP from a VM

Get-AzureVM -ServiceName FTPInAzure -Name FTPInstance | Remove-AzurePublicIP | Update-AzureVM

Please refer https://msdn.microsoft.com/en-us/library/azure/dn690118.aspx for more details on instance level IP(PIP)

With this we come to end of discussion on static DIP, ReservedIP and PIP. Hopefully this article will add to your existing understanding of these feature  ,usage scenario and limitation.

Comments

  • Anonymous
    October 07, 2014
    I have an Ubuntu VM in its own cloud service on Azure.  When I follow the instructions above to create an Azure Reserved IP, it appears to work fine.  However, when I then follow the directions to apply the IP to my Ubuntu VM, I get this error: Update-AzureVM : BadRequest : PublicIP per Virtual Machine usage not allowed for this deployment. Any ideas?

  • Anonymous
    October 07, 2014
    Thank you for the elaborate article. I successfully used the ReservedIP scenario. Just one remark: in my case, when creating the new VM, the IP remained unused and the VIP of the VM was still dynamic (changing after each deallocation). Only after I removed all of the already existing VMs, and re-running the script, the result was as expected.

  • Anonymous
    October 09, 2014
    Hi Eliot,        Most likely you are adding the public IP for an existing VM which is part of an affinity based Virtual Network . I was able to repro it . Please try to perform it in a VM which is part of regional virtual Network and this will work. thanks Lalitesh

  • Anonymous
    May 14, 2015
    The comment has been removed

  • Anonymous
    June 11, 2015
    Hi, How i can check the reserved ip of my subscription? any ideas?

  • Anonymous
    June 24, 2015
    @Mani you can refer msdn.microsoft.com/.../dn722412.aspx msdn.microsoft.com/.../dn722418.aspx

  • Anonymous
    September 09, 2015
    Is this information still valid? The three links at the top are broken now.

  • Anonymous
    October 01, 2015
    In case of Office 365 tenancy, can you use any of these three IP address? Or these three IP address apply to Infrastructure as a Service (IaaS) VM  in Azure?