Tutorial / Cram Notes
Private IP addresses are used within a virtual network and are not reachable from the internet. These addresses allow Azure resources to communicate with each other in a secure environment. Azure automatically assigns a private IP address from the address range that you specify when creating a VNet.
When setting up a private IP for an Azure Virtual Machine (VM) or any other resource, you have two options:
- Dynamic Allocation: Azure DHCP assigns the private IP address. The address is released if the resource is deleted or the network interface (NIC) is disassociated.
- Static Allocation: You manually assign a static private IP address. This address remains with the resource until you change or remove it.
To configure a private IP address for an Azure VM, you can follow these steps:
- Navigate to the Azure portal.
- Go to the Virtual Machine’s settings, and select Networking.
- Click on the Network Interface associated with your VM.
- Under IP configurations, select the IP configuration you want to modify.
- Choose either dynamic or static assignment and, if applicable, specify the static IP address you want to use.
Azure reserves the first four addresses in each subnet for its use; therefore, they cannot be assigned to resources.
Public IP Addresses
Public IP addresses allow Azure resources to communicate with external networks, including the internet. You can assign these IP addresses to resources such as VMs, internet-facing load balancers, or VPN gateways.
Azure offers two types of public IP addresses:
- Dynamic: The public IP address can change if the resource it’s associated with is stopped (deallocated) and then started again.
- Static (reserved): The public IP address is fixed and does not change. It’s reserved for your subscription until you delete it.
Configuring a public IP address involves creating a public IP resource and associating it with a VM or service:
- Navigate to the Azure portal.
- Click on “Create a resource” and search for “Public IP address”.
- Fill in the details such as Name, Subscription, Resource group.
- Choose whether you want a static or dynamic IP.
- Select the appropriate SKU (Basic or Standard).
- Click “Create” to provision the public IP address.
- Once created, associate the public IP address with the intended Azure resource.
You may assign public IP addresses to resources either directly or through a load balancer. Using Azure Load Balancer helps distribute traffic to multiple VMs and ensures high availability and reliability.
Considerations for IP Address Management
Understanding Azure’s IP address capabilities is essential for network planning and design:
- IP Address Availability: Check the availability of IP addresses within the desired Azure region and subscription limits.
- Network Security Groups (NSGs): While configuring IP addresses, remember to update NSGs to allow or deny traffic to your VMs.
- Cost: Static public IP addresses incur cost as long as they are provisioned, even if not associated with an active resource.
- DNS: Consider integrating your IP address configuration with Azure DNS services for name resolution.
- SKU: Public IP addresses come in two SKUs: Basic and Standard, which differ in features such as availability, and support for availability zones.
In summary, configuring private and public IP addresses in Azure is a critical skill for an Azure Administrator, which involves understanding the differences between address types, their use cases, and implications for network security and reliability. It is a balancing act between ensuring seamless connectivity and maintaining best practices for security and cost management.
Practice Test with Explanation
True or False: Azure Virtual Networks (VNet) can be linked to other VNets in Azure regardless of the regions through VNet Peering.
Answer: True
Explanation: VNet Peering allows connecting Azure VNets within the same region or across different regions (Global VNet Peering).
In Azure, you can assign private IP addresses to Azure services manually or Azure can do it dynamically. Which Azure feature is responsible for dynamic IP address allocation?
- A) Azure DNS
- B) Azure Load Balancer
- C) Azure Resource Manager
- D) Azure DHCP
Answer: D) Azure DHCP
Explanation: Azure DHCP is responsible for the dynamic allocation of IP addresses to virtual machines and other Azure services.
True or False: When setting up an Azure public IP address, it can only be associated with a Virtual Network Gateway.
Answer: False
Explanation: An Azure public IP address can be associated with various resources, including a Virtual Machine, Load Balancer, and Application Gateway, not just a Virtual Network Gateway.
Which of the following are valid assignment methods for a public IP address resource in Azure? (Choose all that apply)
- A) Dynamic
- B) Static
- C) Elastic
- D) Reserved
Answer: A) Dynamic, B) Static
Explanation: Azure provides Dynamic and Static assignment methods for public IP addresses resources.
True or False: Once a public IP address is assigned to an Azure resource, you cannot change the assignment method from static to dynamic or vice versa.
Answer: False
Explanation: You can change the assignment method of a public IP address from static to dynamic and vice versa, but the IP address may change as a result, and the operation requires disassociating and reassociating the IP address.
In Azure, which address space is used by default for virtual networks?
- A) 0/16
- B) 0/12
- C) 0/24
- D) 0/24
Answer: A) 0/16
Explanation: 0/16 is one of the default address spaces offered when creating a virtual network in Azure, although you can specify a different address space.
True or False: Network Security Groups (NSGs) can be used to control inbound and outbound traffic to network interfaces (NIC), VMs, and subnets in Azure.
Answer: True
Explanation: NSGs are used to filter network traffic to and from Azure resources in an Azure Virtual Network.
Which Azure feature ensures that your VM has the same private IP address across restarts, re-deployments, and even moving to a different subnet?
- A) Static Public IP
- B) Static Private IP
- C) Dynamic Public IP
- D) Dynamic Private IP
Answer: B) Static Private IP
Explanation: Assigning a static private IP address to your VM ensures that it retains the same IP address across various operations.
True or False: The public IP addresses used in Azure are not accessible from the internet by default.
Answer: False
Explanation: Public IP addresses in Azure are, by definition, accessible from the internet unless security measures such as NSGs or firewalls are implemented to restrict access.
In Azure, what is the term used for the feature that allows you to filter network traffic between subnets within the same virtual network?
- A) Network Security Group
- B) Application Security Group
- C) Route Table
- D) Service Endpoint
Answer: A) Network Security Group
Explanation: Network Security Groups (NSGs) can be associated with subnets within the same virtual network to filter network traffic between those subnets.
True or False: An Azure Load Balancer requires a public IP address to balance traffic coming from the internet.
Answer: True
Explanation: An Azure Load Balancer uses a public IP address to receive internet traffic and distribute it across VMs or services within a VNet.
Interview Questions
What is a public IP address in Azure?
A public IP address in Azure is an IP address that is accessible from the internet and is used to identify resources on the internet.
What is a private IP address in Azure?
A private IP address in Azure is an IP address used for communication between resources within the virtual network and is not accessible from the internet.
What resources in Azure can be assigned a public IP address?
Resources such as virtual machines, load balancers, and application gateways can be assigned a public IP address in Azure.
How do you configure a public IP address in Azure?
To configure a public IP address in Azure, you need to navigate to the Public IP Addresses section in the Azure portal, create a new public IP address, and associate it with the desired resource.
What is the allocation method for a public IP address in Azure?
The allocation method for a public IP address in Azure can be either static or dynamic.
What is the difference between a static and a dynamic public IP address in Azure?
A static public IP address in Azure remains the same even if the resource it’s assigned to is deleted, while a dynamic public IP address is released when the resource it’s assigned to is deleted.
What is a network interface in Azure?
A network interface in Azure is a virtual network interface card (NIC) that enables a virtual machine or other resource to communicate with the virtual network.
What is an IP configuration in Azure?
An IP configuration in Azure is a network configuration that includes IP address, subnet, and optional IP forwarding settings.
How do you configure a private IP address in Azure?
To configure a private IP address in Azure, you need to navigate to the Network Interfaces section in the Azure portal, create a new network interface, and associate it with the desired resource.
Can you change the private IP address of a network interface in Azure?
Yes, you can change the private IP address of a network interface in Azure by modifying the IP configuration settings.
Can a network interface have both a public and a private IP address in Azure?
Yes, a network interface can have both a public and a private IP address in Azure.
What is the purpose of assigning a private IP address to a virtual machine in Azure?
Assigning a private IP address to a virtual machine in Azure enables communication between the virtual machine and other resources within the virtual network.
Can a virtual machine have multiple network interfaces in Azure?
Yes, a virtual machine can have multiple network interfaces in Azure.
What is the difference between a private IP address and an internal IP address in Azure?
A private IP address is used for communication within a virtual network, while an internal IP address is used for communication between virtual networks within the same region.
What is the purpose of IP forwarding in Azure?
IP forwarding in Azure enables the routing of network traffic between virtual networks or between a virtual network and an on-premises network.
Does anyone know if there’s a limit to the number of public IP addresses one can configure in Azure?
Great article on configuring private and public IP addresses!
I’m having trouble assigning a public IP to my Virtual Machine. Any tips?
Does this apply to Azure VNet as well?
I appreciate how concise this explanation is. Thanks!
How do I change a dynamic public IP to a static one in Azure?
Nice blog post, but a video tutorial would have been better.
Is it possible to attach multiple public IPs to a single NIC in Azure?