Microsoft AZ-700: Configure Public IP Services

Reading Time: 2 minutes

Notes from MS Learn AZ-700 Module 1: Introduction to Azure Virtual Networks – Unit 3: Configure Public IP Services

To allow public networks such as the internet to communicate with Azure resources you must use a public IP in use along with the private Azure IP.

A public IP in Azure is dedicated to a specific resource. Resources without public IP’s can communicate outbound through NAT with a non-dedicated IP

  • Azure Resource Manager is where a Public IP has it’s own properties. Example resources that can be assigned a Public IP:
    • VM Interfaces
    • VM Scale Sets
    • Public Load Balancers
    • VPN Gateways
    • NAT Gateways
    • App Gateways
    • Azure FW
    • Bastion Hosts
    • Route Servers
  • Public IP’s can be either IPv4 or IPv6 of different types:
    • Dynamic Public IP
      • Assigned automatically for example when VM created or started
      • Released automatically for example when VM stopped or deleted
      • Default allocation method within region
    • Static Public IP
      • Assigned and doesn’t change
      • Set allocation method to static
      • Released only when resource deleted or Allocation method changed to dynamic

SKU Table: Taken from MS Learn

Public IP addressStandardBasic
Allocation methodStaticFor IPv4: Dynamic or Static; For IPv6: Dynamic.
Idle TimeoutHave an adjustable inbound originated flow idle timeout of 4-30 minutes, with a default of 4 minutes, and fixed outbound originated flow idle timeout of 4 minutes.Have an adjustable inbound originated flow idle timeout of 4-30 minutes, with a default of 4 minutes, and fixed outbound originated flow idle timeout of 4 minutes.
SecuritySecure by default model and be closed to inbound traffic when used as a frontend. Allow traffic with network security group (NSG) is required (for example, on the NIC of a virtual machine with a Standard SKU Public IP attached).Open by default. Network security groups are recommended but optional for restricting inbound or outbound traffic
Availability zonesSupported. Standard IPs can be nonzonal, zonal, or zone-redundant. Zone redundant IPs can only be created in regions where there are three availability zones.Not supported.
Routing preferenceSupported to enable more granular control of how traffic is routed between Azure and the Internet.Not supported.
Global tierSupported via cross-region load balancers.Not supported.

Create a Public IP Address Prefix:

  • Public IP Prefixes are assigned from a pool in an Azure Region
  • Specify name and prefix size
  • IPv4 or IPv6
  • In Availability Zones: create as zone-redundant or associate with specific availability zone
  • After prefix is created you can create public IP addresses

Custom IP Address Prefix (BYOIP)

  • Used the same was as Azure owned public IP address prefixes
  • Can be associated with Azure resources, interact with internal/private Ips and VNets, as well as reach external destinations outbound from Azure WAN
Share this article:

Permanent link to this article: https://www.packetpilot.com/microsoft-az-700-configure-public-ip-services/

Leave a Reply

Your email address will not be published.