Public IP Addresses in Azure

Public IP addresses are essential for enabling communication with resources in Azure from the internet and for allowing internet-facing services to connect to your Azure resources. Azure provides two types of public IP addresses: Standard and Basic.

Types of Public IP Addresses

Standard SKU Public IP Addresses

Standard SKU public IP addresses are recommended for most production workloads. They offer a richer set of features and enhanced capabilities compared to Basic SKU addresses.

• Global Availability: Can be deployed across all Azure regions.
• Availability Zones: Support for Availability Zones for high availability.
• Security: Always associated with NSGs by default.
• Routing: Can be routed to Virtual Machine network interfaces, load balancers, and VPN gateways.
• Tiering: Available in both static and dynamic allocation.

Basic SKU Public IP Addresses

Basic SKU public IP addresses are suitable for testing, development, or non-critical workloads where advanced features are not required.

• Regional Availability: Tied to a specific Azure region.
• No Availability Zone Support.
• Security: NSGs are not enforced by default.
• Tiering: Primarily used for dynamic allocation.

Key Concepts

IP Address Allocation

Public IP addresses can be allocated either dynamically or statically.

• Dynamic: The IP address is assigned when the resource starts and is released when the resource is stopped (deallocated). The IP address can change.
• Static: The IP address is assigned to the resource and remains the same until the resource is deleted or the IP address is unassigned.

IP Address Units

Each public IP address resource consumes an IP address unit from Azure's IP address pool.

Association with Resources

Public IP addresses can be associated with various Azure resources, including:

• Virtual Machines (via Network Interfaces)
• Azure Load Balancers (frontend IP configuration)
• Azure VPN Gateways
• Azure Application Gateways
• Azure Firewall

Creating a Public IP Address

You can create a public IP address using the Azure portal, Azure CLI, Azure PowerShell, or ARM templates.

Example using Azure CLI:

az network public-ip create \
    --resource-group MyResourceGroup \
    --name MyStandardPublicIP \
    --sku Standard \
    --allocation-method Static \
    --version IPv4 \
    --location eastus
            

Managing Public IP Addresses

Viewing Public IP Addresses

You can view your existing public IP addresses in the Azure portal under the "Public IP addresses" service.

Modifying Public IP Addresses

You can change the SKU, allocation method, and other properties of a public IP address, though some changes require disassociating the IP from its resource first.

Deleting Public IP Addresses

Public IP addresses can be deleted if they are no longer needed. Ensure they are not associated with any active resources before deletion to avoid service disruptions.

Best Practices

• Use Standard SKU for all production deployments.
• Prefer static allocation for resources that require a consistent IP address.
• Always associate NSGs with public IP addresses to control inbound and outbound traffic.
• Monitor public IP address usage and costs.
• Consider using Azure Private Link for secure private access to Azure services.

Understanding and effectively managing public IP addresses is crucial for designing secure and accessible network architectures in Azure.