Azure VNet – IP Address Terms
The following terms/ definitions related to IP Address are very helpful for you to work with Azure Virtual Network.
|1||VIP||Virtual IP Address||A VIP is the public IP address associated with a VM. Every Azure VM has a VIP, with all the VMs in a cloud service having the same VIP.
The VIP is allocated at random from a pool of IP addresses managed by Microsoft. However, it is possible to reserve an IP address from the Microsoft pool and allocate that reserved IP address as a VIP. There is a limit of 5 reserved IPs for a subscription.
|2||DIP||Dynamic IP Address||A DIP is an internal IP address associated with a VM. This IP address is associated automatically with the VM when it is created and remains associated with it while it is deployed. The DIP survives system reboots as well as service healing migration of the VM. If the VM is deleted or changed into a stopped/de-allocated state it loses its DIP, which may then be allocated to another VM.
Alternatively, the DIP can be a static IP address allocated to the VM on creation. This address comes from the range configured for the subnet the VM is deployed into. It is a good practice to use a distinct subnet for statically-allocated DIPs to avoid the possibility of collision between a dynamically and statically allocated DIP.
Azure supports the ability for a VM to have multiple virtual NICs, with each NIC being allocated a distinct DIP.
|3||PIP||Instance-level public IP Address||A PIP is a public instance-level IP address associated with the VM in addition to the VIP.
Traffic to the PIP goes directly to the VM and is not routed through the Azure Load Balancer. Internet-bound traffic from a VM with a configured PIP is also sent over the PIP rather than going through the VIP.
Consequently, there is no need to configure an endpoint when using a PIP. The PIP must be appropriately firewalled to restrict traffic to only that desired.
A PIP is useful for workloads such as passive FTP that require a large number of ports to be opened, which is impractical when using the VIP which supports only a limited number of endpoints.
The following diagram represents 3 types of IP Address and the routings from networks to a given VM.
Azure Load Balancer and IP Address
All inbound traffic to the VIP is routed through the Azure Load Balancer which firewalls and distributes it. The Azure Load Balancer only allows inbound traffic to reach a VM if there is a configured endpoint which maps some port on the VIP to a port on the DIP. The Azure Load Balancer supports only the TCP and UDP protocols, all other internet protocols are denied.
Internal Load Balancer and IP Address
An Internal Load Balancer can be configured to port-forward or load-balance traffic inside a VNET or cloud service. The Internal Load Balancer supports only the TCP and UDP protocols, all other internet protocols are denied. The Internal Load Balancer associating a DIP/port combination on the load balancer with the DIP port/combination on a VM.