One of the great things that came with the plethora of new features and capabilities around Azure networking at Build 2015 and didn’t get a lot of attention is the fact that now you have much more flexibility in working with reserved IP addresses in your deployments. By default, VIP addresses of Azure cloud services are dynamic by nature, i.e. they may change when VMs get de-provisioned or the Azure fabric needs to move your VMs to another host, e.g. due to hardware failure.
What you can do now with the latest release of the Azure PowerShell Cmdlets is to convert existing dynamic VIP to reserved IP addresses. Doing so will take the current cloud service VIP from the data center’s general IP address pool and assign it specifically as a reserved IP to your Azure subscription. The IP will remain associated with the cloud service deployment, but can also be used for other deployments in your subscription, as we will see in this post.
Convert Dynamic IP to Reserved IP
Let’s have a look at a regular virtual machine that has been deployed into my Azure subscription: in the current Management Portal you can spot the Public VIP in the dashboard section like this:
You can see that VM vm01 in my cloud service viptest01.cloudapp.net has a dynamic VIP address of 188.8.131.52 in the West Europe datacenter. If I shut down this VM in the portal (which will de-allocate my resources) and re-start it, the VIP address will be different. Specifically in enterprise scenarios where customers access cloud resources through corporate firewalls, having durable IP addresses for VMs is a common requirement, so let’s see if we can fix this.
Before Build 2015 you had to request a new reserved IP address before you did a cloud service deployment. Now you can just grab any existing dynamic VIP and add it to the list of reserved IPs in your subscription. In order to do that you’ll need to execute the following PowerShell statement like this:
New-AzureReservedIP -ReservedIPName "vip01" -Location "West Europe" -ServiceName "viptest01"
By using the new -ServiceName attribute Azure knows magically that you do not only ask for a new reserved IP, but you also want to use the current VIP of the specified service.
If you check your list of reserved IP addresses using the Get-AzureReservedIP PowerShell Cmdlet, you should see a new entry for this VIP:
Again, the ServiceName attribute indicates the association with the viptest01 cloud service deployment. You can now safely shutdown and re-provision this VM, and it will reliably keep the same public IP address 184.108.40.206.
Remove Reserved IP from the Deployment
Now let’s see what happens when we de-associate this reserved IP from the running VM. We can do this by executing the following PS statement:
Remove-AzureReservedIPAssociation -ReservedIPName "vip01" -ServiceName "viptest01"
If you check the VM dashboard you can see that Azure assigned a different VIP (220.127.116.11) to the cloud service (which is again a regular, dynamic IP that might potentially change):
Checking the list of reserved IP addresses will now show the reserved IP address 18.104.22.168 as unassigned (i.e. with attribute InUse set to False and empty ServiceName and DeploymentName attributes):
Assign Reserved IP to Another Deployment
Now, let’s finally take our reserved IP and associate it with another deployment. I took a second VM vm02 in cloud service viptest02.cloudapp.net that was created by default with a dynamic VIP of 22.214.171.124:
You can associate the reserved IP vip01 with this deployment as follows:
Set-AzureReservedIPAssociation -ReservedIPName "vip01" -ServiceName "viptest02"
What the Azure fabric will do is switch the public VIP address of the viptest02 cloud service to our reserved IP address of 126.96.36.199 as you can see below.
Note that moving the reserved IP address to a different deployment does only work within the same datacenter, as IP ranges in Azure are location-specific.
This new capability is very helpful in scenarios where you need to “move” IP addresses between different deployments, i.e. exchange the implementation of a service or provide a failover type of behavior. Reusing existing IP addresses of deployments and not having to re-deploy is a major improvement and saves lots of time.
Reserved IP addresses can be used with both IaaS VMs as well as PaaS web/worker roles. Association of reserved IPs with PaaS cloud services can also be done via service configuration files (CSCFG).
Reserving IPs and converting IPs from dynamic to reserved does not only work for public VIPs, but also for instance-level public IP addresses (PIPs) in Azure.