Notes from MS Learn AZ-700 Module 1: Introduction to Azure Virtual Networks – Unit 3: Configure Public IP Services
To allow public networks such as the internet to communicate with Azure resources you must use a public IP in use along with the private Azure IP.
A public IP in Azure is dedicated to a specific resource. Resources without public IP’s can communicate outbound through NAT with a non-dedicated IP
- Azure Resource Manager is where a Public IP has it’s own properties. Example resources that can be assigned a Public IP:
- VM Interfaces
- VM Scale Sets
- Public Load Balancers
- VPN Gateways
- NAT Gateways
- App Gateways
- Azure FW
- Bastion Hosts
- Route Servers
- Public IP’s can be either IPv4 or IPv6 of different types:
- Dynamic Public IP
- Assigned automatically for example when VM created or started
- Released automatically for example when VM stopped or deleted
- Default allocation method within region
- Static Public IP
- Assigned and doesn’t change
- Set allocation method to static
- Released only when resource deleted or Allocation method changed to dynamic
- Dynamic Public IP
SKU Table: Taken from MS Learn
Public IP address | Standard | Basic |
Allocation method | Static | For IPv4: Dynamic or Static; For IPv6: Dynamic. |
Idle Timeout | Have an adjustable inbound originated flow idle timeout of 4-30 minutes, with a default of 4 minutes, and fixed outbound originated flow idle timeout of 4 minutes. | Have an adjustable inbound originated flow idle timeout of 4-30 minutes, with a default of 4 minutes, and fixed outbound originated flow idle timeout of 4 minutes. |
Security | Secure by default model and be closed to inbound traffic when used as a frontend. Allow traffic with network security group (NSG) is required (for example, on the NIC of a virtual machine with a Standard SKU Public IP attached). | Open by default. Network security groups are recommended but optional for restricting inbound or outbound traffic |
Availability zones | Supported. Standard IPs can be nonzonal, zonal, or zone-redundant. Zone redundant IPs can only be created in regions where there are three availability zones. | Not supported. |
Routing preference | Supported to enable more granular control of how traffic is routed between Azure and the Internet. | Not supported. |
Global tier | Supported via cross-region load balancers. | Not supported. |
Create a Public IP Address Prefix:
- Public IP Prefixes are assigned from a pool in an Azure Region
- Specify name and prefix size
- IPv4 or IPv6
- In Availability Zones: create as zone-redundant or associate with specific availability zone
- After prefix is created you can create public IP addresses
Custom IP Address Prefix (BYOIP)
- Used the same was as Azure owned public IP address prefixes
- Can be associated with Azure resources, interact with internal/private Ips and VNets, as well as reach external destinations outbound from Azure WAN