Azure IP Addressing

This document provides a comprehensive overview of IP addressing within Azure, covering public and private IP addresses, their allocation, and best practices for efficient network management.

Public IP Addresses

Public IP addresses are routable on the internet and are used to communicate with resources on the internet. Azure offers two types of public IP addresses:

• Dynamic: Assigned when a resource is created and can change if the resource is stopped and started.
• Static: Assigned when a resource is created and remains the same until the resource is deleted. Static IPs are recommended for production workloads where a consistent IP is required.

Public IP addresses are essential for:

• Accessing Azure resources from the internet.
• Providing inbound connectivity to your applications.
• Enabling outbound connectivity from your Azure resources to the internet.

Private IP Addresses

Private IP addresses are used within your Azure Virtual Network (VNet) and are not routable on the internet. They are assigned from the address space you define for your VNet and subnets.

Azure provides two types of private IP address assignments:

• Dynamic: The default assignment. An IP address is leased to a resource for a specific period. When the resource is stopped (deallocated), the IP address is returned to the subnet's pool and may be reassigned later.
• Static: The IP address is reserved for the resource and does not change until the resource is deleted. This is crucial for services that require a predictable internal IP address.

Key concepts for private IP addressing:

• VNet Address Space: The range of IP addresses from which you can allocate addresses to subnets.
• Subnet Address Range: A portion of the VNet address space allocated to a subnet.
• IP Address Allocation: The method by which an IP address is assigned (dynamic or static).

IP Addressing Considerations

When planning your IP addressing strategy in Azure, consider the following:

Address Space Planning

Choose a VNet address space that is large enough to accommodate your current and future needs. Avoid overlapping address spaces with your on-premises networks if you plan to connect them using VPN or ExpressRoute. Using private IP address ranges like 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16 is recommended.

Subnetting Strategy

Divide your VNet address space into subnets to organize and segment your network. This allows for better security, management, and routing control. Each subnet must have a contiguous IP address range within the VNet's address space.

Public vs. Private IPs

Understand when to use public versus private IP addresses. Internal resources within your VNet should primarily use private IPs. Public IPs are only necessary for resources that need to be directly accessible from the internet or need to initiate outbound connections to the internet.

IP Address Allocation

For critical resources such as domain controllers, database servers, or application gateways, use static IP address assignment to ensure their IP addresses do not change. Dynamic IP assignment is suitable for less critical resources or those that do not require a fixed IP.

Azure IP Address Management (IPAM)

Azure provides tools and services to help manage your IP addresses effectively. Consider using Azure IPAM solutions or third-party tools for large and complex deployments.

For more detailed information on specific Azure networking services and their IP addressing capabilities, please refer to the Virtual Networks and Subnets documentation.