Learn the differences between a public IP and private IP and how each is used in Azure. Static and dynamic IPs are compared and the workloads when to use each as outlined.
- [Instructor] As we start designing our Azure infrastructure, we need to understand how IP addressing works within our Azure networks. And the good news is, it's very similar to what we already do on-premise. We can use the same private IP address ranges as we do on-premise, so 10.x.x.x. We can use 172.16.x.x through to 172.31.x.x. And finally, we can use our IP address range of 192.168.x.x.
For those virtual machines that require access to the internet, you can assign a public IP. A public IP in Azure is very similar to the public IP that we use on-premise. We use it to connect to the internet and to other Azure public-facing services such as web apps, or SQL databases, or Azure storage. We associate IP addresses to the NIC, or the network interface card of the Azure virtual machine. If there are multiple NICs attached to that virtual machine, then the primary NIC is used.
As of this recording in May of 2017, only dynamic IPs can be assigned to VPN gateways. We can also associate a public IP with application gateways and internet-facing load balancers. We'll be discussing gateways and load balancers a little later in the course. There are two types of public IP addresses in Azure. Our first is a dynamic public IP. This is the default, and it is not assigned when the virtual machine is created.
It's actually assigned during the start-up of the virtual machine. This means that that IP address will be released when the virtual machine is restarted, stopped or deallocated. If a dynamic IP will not work for you, then you'll need to move to a static IP. Public IP addresses are assigned when the virtual machine is provisioned. That means the IP address is never released unless you delete the resource, or change from a static IP to a dynamic IP.
And the IP address is assigned from the Azure resource pool. Next we have private IPs. Private IPs will be assigned to our virtual machines from the IP range that we specify within the virtual network. We use these private IPs to connect to our on-premise environments. We can assign these to our VPN gateways. ExpressRoute will require private IP. And these IPs are not directly accessible to the internet. You can associate an IP address to the NIC of the virtual machine just as we do with our public IPs.
And if there are multiple NICs, then again, that primary NIC will be used. Private IPs are also assigned to internal load balancers and application gateways. And here we also have two types of private IP addresses. Our first is our dynamic IP address. This again will be the default. It is assigned during the start-up of the virtual machine. It is released when the virtual machine is stopped. And it may change from reboot to reboot. If a dynamic IP will not work for you then your other option is static private IP.
As with our public static IPs, the private static IP will be assigned when that virtual machine is provisioned. Again meaning that it will never be released unless you delete that resource or virtual machine, and we do not configure the private IP within the server. I know from an infrastructure on-premise point of view that's what we do. We go into networking, we assign that private IP address. If you do that within an Windows Azure virtual machine, it will result in failures and dropped connections.
And there will be times when you will need a static private IP address such as for domain controllers, just as we do on-prem, our DNS servers, again just as we do on-prem, and any other resources that require a static IP for connectivity. As you can see, IP addressing within Azure is very very similar to what we do on-premise. The learning curve isn't that great. A couple of the key things though to remember is please do not set static IP addresses on your virtual machines within Azure.
- Designing virtual machines
- Selecting appropriate VM SKUs
- Designing template deployment
- Deploying ARM templates via PowerShell and CLI
- Designing for availability
- Designing Azure Virtual Networks
- Azure VPN and ExpressRoute architecture and design