Sharon will detail the differences between Public and Private IP addresses in Azure and outline use cases for each. Static versus Dynamic IP addresses will be discussed.
- [Woman] As we start to build our Azure virtual networks, we need to understand how IP addressing works within these networks. And the good news is, it is very similar to our on-premise networking. First, we can use the same private IP address ranges as we do on-premise. And as a recap, these include, our 10.x.x.x range, the 172.16.x.x through to 172.31, and finally, 192.168.x.x Next, for those virtual machines that require access to the internet, you will need to assign a public IP.
A public IP in Azure, is very similar to a public IP on-premise. We use it to connect to the internet, and to other Azure public-facing services, such as SQL databases, and Azure storage. In order to assign a public IP to a virtual machine, we actually associate the IP address to the NIC, or Network Interface Card, of the Azure virtual machine. If there are multiple NICs, then the primary NIC is used. We also assign public IPs to VPN gateways. And as of this recording, in January 2017, only dynamic IPs can be assigned to VPN gateways.
We can also associate a public IP with application gateways, and internet-facing load balancers. We'll be discussing both gateways and load balancers later in the course. And we have to types of public IP addresses. First is the dynamic IP address. This is the default public IP address. This IP is not assigned when that virtual machine is created, but assigned during the startup of the virtual machine. This means that that IP address can be released when the virtual machine is restarted, stopped, or deallocated.
If you do not want your IP address to change, then you'll have to assign a static IP. This is the second type of public IP that we can assign to our virtual machines, that require internet access. In this scenario, the IP address is assigned when the virtual machine is provisioned. And that IP address is never released unless you delete that resource, or change from a static to a dynamic IP address. This static IP address is assigned from a dedicated Azure resource pool.
You don't have any control over this IP address that is assigned. While you may be thinking, "When would I need a static IP?" Well, if you have IP addresses that are linked to SSL certificates, you'll definitely want a static IP. You don't want that IP address changing. You'll also want to assign a static IP to any one of the services that cannot have that IP address change. That takes care of our internet access. Now what about our internal access? In this case, we're going to use private IPs. Private IPs are assigned to virtual machines within the virtual network, and allow connectivity between those virtual machines.
We can also use a private IP to connect to an on-premise network, using a VPN gateway, or ExpressRoute. And we'll talk about ExpressRoute a little bit later. In these examples, these are direct connects to the on-premise environment. This does not go through the internet. And a private IP will be assigned to your virtual machines that do not have direct access to the internet. Just like our public IPs, when we associate a private IP to a virtual machine, it is assigned to the NIC. And again, if there are multiple NICs, the primary NIC will be used.
We can also assign private IPs to our internal load balancers, and our application gateways. And just like our public IPs, our private IPs also have a dynamic and static option. The dynamic option is the default. And again, it is not assigned when that virtual machine is created, but during the startup of the virtual machine. Which means that IP address will be released when the virtual machine is stopped. This IP address, in all likelihood, will also change during reboot.
If you're in the situation where you cannot have that IP address changing, you're going to assign a static IP. And again, this IP will be assigned when the virtual machine is actually provisioned. The IP is never released. And one thing to keep in mind here, is that in the physical world, we typically would go into the virtual machine and assign a static IP to it. In the actual world, we do not do this. This will result in failures and drop connections to that server. We let Azure handle the static IP to that NIC itself.
And just as we do on-premise, there's going to be cases where we need to assign a static IP to certain servers. These would be domain controllers, DNS servers, or any other resources that need that static IP for connectivity. The one thing I haven't touched on yet is DHCP. Azure controls IP addressing for you. For those you who want to try to set up DHCP on an Azure virtual machine, you're going to be very surprised when you realize that the role isn't even available to you. And also, keep in mind, the IP address lease, is for the lifetime of the virtual machine, or if you stop and deallocate it.
You should now have a pretty good understanding of IP addressing in Azure virtual networks.
- Creating an Azure virtual network
- Creating a virtual network using PowerShell
- Deploying a VM into a virtual network
- Modifying IP addresses
- Working with Azure DNS
- Configuring NSGs
- Setting up load balancers
- Configuring Azure load balancers
- Creating an application gateway
- Setting up on-premises connectivity
- Adding gateway VPNs
- Validating VPN devices
- Configuring VNet
- Creating site connections