Reserved IP addresses for Cloud Services & Virtual Machines
I am very glad to announce the General Availability of Reserved IP Addresses for Cloud Services & Virtual Machines starting May 12, 2014. In this blog post, we will walk through the experience of managing Reserved IPs, associating them with Cloud Services/Virtual Machines, pricing model & a few unsupported scenarios. You can read the technical documentation about Reserved IPs here.
What is a Reserved IP address and when do I need it?
With the latest PowerShell release, Microsoft Azure allows you to reserve a public IPv4 address in your Azure Subscription. You can own these IP addresses for as long as you want in your subscription and also associate them with your Cloud Service Deployments in the region of the Reserved IP addresses. This new announcement is specifically focusing public facing IP addresses. The platform already supports reserving internal IPs, as described here.
There are a few reasons why you need Reserved IP address
- Easy A-Record DNS: Because you maintain the same public IP after delete and shutdown VMs, you can avoid having to reprogram DNS or other applications depending upon the IP to the newly assigned IP when you restart.
- On-Premise Connectivity Security: You can now provide access to your Azure Services from your enterprise network, leveraging the public IP but controlling and ACL’ing access through your proxy/firewall on-premises. You now don’t need to worry about re-programming that each time you start and stop your VM.
The following image shows how IP reservation for IP Reservation for VIPs (Reserved IP) works. Azure offers Reserved IP in a regional scope, i.e., the Reserved IP can be used for association with a Cloud Service that uses any Role Instance Size.
How Can I Reserve an IP address in Microsoft Azure?
Starting this week, you can use Azure PowerShell cmdlets or REST APIs to create a Reserved IP address in your Azure Subscription. You can reserve IP Addresses in all regions except the following. We will add support in these regions shortly.
- Brazil (Preview)
- China East
- China North
Please note that the platform doesn’t support creating Reserved IP addresses through the Management Portal. Here is a sample of creating a Reserved IP address using PowerShell cmdlets:
New-AzureReservedIP – ReservedIPName “MyWebsiteIP” –Label “WebsiteIP” –Location “Japan West”
The platform doesn’t support reserving the IP address of the existing Cloud Services or Virtual machines. We expect to announce support for this in the near future.
How do I use a Reserved IP address with Virtual Machines?
Once a Reserved IP has been created in your subscription, you can then use the Reserved IP to create a Virtual Machine deployment. Here is a sample of how to use a Reserved IP with the New-AzureVM PowerShell cmdlet.
New-AzureVMConfig -Name "WebAppVM" -InstanceSize Small -ImageName $images.ImageName | Add-AzureProvisioningConfig -Windows -AdminUsername $username -Password $password | New-AzureVM -ServiceName "MaheshWebApp" -ReservedIPName "MyWebSiteIP" -Location "Japan West"
There are two key scenarios that we would like to highlight
- Shutdown VM - Previously, when all the Virtual Machine instances are moved to the Shutdown state, the public IP would be released and a new public IP will be assigned when one of the Virtual Machines instances is started. However, with this release, if the VM uses a Reserved IP, then the Reserved IP can be used when re-deploying the VMs.
- Delete VM - When you delete all the Virtual Machines that were using a Reserved IP, the Reserved IP will continue be reserved in your subscription so that it can be used for future VM deployment in the region.
You can refer to the Virtual Machine REST API documentation here.
How do I use a Reserved IP address with Cloud Services (Web/Worker Roles)?
We are also announcing support for using a Reserved IP with Cloud Service (Web/Worker) deployments at this same time. You need to download the SDK 2.3 version (April 2014 release) for using Reserved IP with your Cloud Services. Here is a sample of how Reserved IP can be referenced in your Service Configuration Schema (CSCFG).
<?xml version="1.0" encoding="utf-8"?> <ServiceConfiguration serviceName="ReservedIPSample" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceConfiguration" osFamily="4" osVersion="*" schemaVersion="2014-01.2.3"> <Role name="WebRole1"> <Instances count="1" /> <ConfigurationSettings> <Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" value="UseDevelopmentStorage=true" /> </ConfigurationSettings> </Role> <NetworkConfiguration> <AddressAssignments> <ReservedIPs> <ReservedIP name="MyWebSiteIP"/> </ReservedIPs> </AddressAssignments> </NetworkConfiguration> </ServiceConfiguration>
Note that when a Web/Worker role deployment is deleted, the Reserved IP that was associated with the deployment will be available in the subscription and it can be used for future deployments in the same region.
How do I release a Reserved IP address from my subscription?
Please note the Reserved IP address that is not associated with a deployment (Both VM and Cloud Service) incurs billing costs and hence it is recommended that you release the IP addresses that you don’t need. More details on the billing of reserved IPs can be found here. Here is a PowerShell cmdlet that shows how to release a Reserved IP from your subscription.
Remove-AzureReservedIP -ReservedIPName "MyWebSiteIP" -Force
Reserved IP Address and Affinity Group based Virtual Networks
At this moment, Microsoft Azure doesn’t support deploying a Cloud Service or Virtual Machine associated with a Reserved IP into an ‘Affinity Group based Virtual Network’. The following snippet shows a sample error message that you will get when to try to deploy a Virtual Machine deployment with Reserved IP into an ‘Affinity Group based VNET’.
New-AzureVM : BadRequest : The deployment contains VirtualNetwork DemoVNET that belongs to an Affinity Group and ReservedIP that belongs to a region. This combination is not allowed.
Reserved IP Address and Regional Virtual Networks
With this release, we are also announcing support for Regional (location based) Virtual Networks. You can read more about it in the blog here. Microsoft Azure supports the deploying a Cloud Service or Virtual Machine associated with a Reserved IP into a Location based Virtual Network.
Reserved IP Address Pricing
IPv4 addresses are a very scarce resource and hence Microsoft Azure charges a nominal price for IP Addresses under a couple of circumstances. You can read more about the Reserved IP Pricing and Billing FAQs here. Please note that the Cloud Service should at least have one running Web/Worker or Virtual Machine instance.
In your bill, you will see two entities related to Reserved IPs
- Reserved IP Address Hours – Total number of hours where Reserved IPs in your subscription were either
- Not associated with a deployment (VM or Cloud Service) with Running instances (or)
- Was using additional Reserved IP addresses in the subscription.
- Reserved IP Remaps – Every time an IP address is associated with a new Cloud Service, it is considered as a remap. You can read more about the Remaps Pricing in the Reserved IP Pricing page here.
Reserved IP Address Subscription Limits
All Azure subscriptions are authorized to use 5 Reserved IPs. However, you can request a Reserved IP limit increase for your subscription by logging a support request here. Please refer to the Azure Subscription limits documentation here.