In this post I’m going to show you how to assign a public static IP address in Azure. There are a few different IP address concepts in Azure to discuss before I get to assigning public static IPs.
VIP
When you create a Cloud Service you get a virtual IP address (VIP), this is your public IP address for the Cloud Service, your Cloud Service DNS name resolves to this IP address. By default it is randomly assigned from a pool of addresses but you can reserve one. There is a limit of 5 reserved public IP addresses per subscription. This is also the source IP address for traffic originating from VMs in the service. You can only assign a reserved VIP when you create the Cloud Service. When traffic hits your VIP it goes through the Azure Load Balancer and then it is forwarded to the endpoints you setup in your Cloud Service.
DIP
The VMs you create also get an internal IP address (DIP) for each NIC attached to the VM. The DIP is used to communicate with VMs in the same Cloud Service or VNET. The NIC will keep the same DIP until it is stopped or deallocated. The DIP is assigned via DHCP but you can reserve one by adding your VM to a subnet and reserving a static IP.
PIP/ILPIP
Instance level public IP (ILPIP) is assigned directly to a VM and bypasses the Azure Load Balancer. Outgoing traffic from the VM will show the ILPIP as the source instead of the VIP. You don’t have to map endpoints to forward ports like you do with endpoints in the VIP since all ports are open to the internet but you have to setup the firewall on your VM to protect it. ILPIP is useful for passive FTP or anything that requires a large number of open ports. You cannot reserve a ILPIP. You can assign a ILPIP to existing VMs. You can access your VM directly over the internet using the ILPIP but since it changes when you stop the VM it is not very useful unless you also assign a DNS name to the VM.
Reserved VIP
When you reserve an IP in Azure it is not assigned to a Cloud Service by default, it goes into a pool of reserved IP addresses in your subscription. You then assign them to Cloud Services and roles or release them back into your pool. You pay for reserved IP addresses in your subscription even when it is not assigned to a Cloud Service so it is better to delete them if you know you will not need it again soon.
Assigning A Reserved VIP
To reserve a new IP address run:
New-AzureReservedIP –ReservedIPName "MyReservedIP" –Location "AzureRegionName"
To see the list of reserved IP addresses for you subscription:
Get-AzureReservedIP
To remove the the reserved IP address from your subscription:
Remove-AzureReservedIP -ReservedIPName "MyReservedIP"
You can assign the reserved IP address to a virtual machine when creating it but not to an existing one so it is important to plan the IP address assignment before the time. You have specify at least one endpoint when you use a reserved IP.
$VM = New-AzureVMConfig -Name $VmName -InstanceSize $InstanceSize -ImageName $SourceName
$VM | Add-AzureEndpoint -Name "Remote Desktop" -Protocol "tcp" -PublicPort 3389 -LocalPort 3389
$VM | Add-AzureEndpoint -Name "PowerShell" -Protocol "tcp" -PublicPort 5986 -LocalPort 5986
New-AzureVM -ServiceName "NewServiceName" -ReservedIPName "MyReservedIP" -Location "AzureRegionName" -VM $VM
Although you add the reserved IP to a VM when creating it, it will actually be the VIP for your cloud service.
Assigning A LPIP
You can assign LPIPs to existing VMs or new ones but keep in mind you cannot reserve the IP. You can see full example here, but the syntax is the same, you pipe Set-AzurePublicIP to Get-AzureVM or New-AzureVM.
Get-AzureVM -ServiceName "ServiceName" -Name VMName | Set-AzurePublicIP -PublicIPName "LPIPName" | Update-AzureVM
You can also pass in the DomainNameLabel parameter if you have a DNS entry you want to use with this IP.
Update: This post covers the classic deployment model, the ARM version is here.
