Public IP address prefix
A public IP address prefix is a reserved range of IP addresses in Azure. Azure gives a contiguous range of addresses to your subscription based on how many you specify.
If you're not familiar with public addresses, see Public IP addresses.
Public IP addresses are assigned from a pool of addresses in each Azure region. You can download the list of ranges Azure uses for each region. For example, 126.96.36.199/16 is one of over 100 ranges Azure uses in the East US region. The range includes the usable addresses of 188.8.131.52 - 184.108.40.206.
You create a public IP address prefix in an Azure region and subscription by specifying a name, and how many addresses you want the prefix to include.
Public IP address ranges are assigned with a prefix of your choosing. If you create a prefix of /28, Azure gives 16 ip addresses from one of its ranges.
You don't know which range Azure will assign until you create the range, but the addresses are contiguous.
Public IP address prefixes have a fee, for more information, see public IP address pricing.
Why create a public IP address prefix?
When you create public IP address resources, Azure assigns an available public IP address from any of the ranges used in that region.
Until Azure assigns the IP address, you won't know the exact IP. This process can be problematic when you create firewall rules that allow specific IP addresses. For every IP address added, a corresponding firewall rule must be added.
When you assign addresses to your resources from a public IP address prefix, firewall rule updates aren't required. The entire range is added to the rule.
- Creation of public IP address resources from a known range.
- Firewall rule configuration with ranges that include public IP addresses you've currently assigned, and addresses you haven't assigned yet. This configuration eliminates the need to change firewall rules as you assign IP addresses to new resources.
- The default size of a range you can create is /28 or 16 IP addresses.
- There aren't limits as to how many ranges you can create. There are limits on the maximum number of static public IP addresses you can have in an Azure subscription. The number of ranges you create can't encompass more static public IP addresses than you can have in your subscription. For more information, see Azure limits.
- The addresses that you create using addresses from the prefix can be assigned to any Azure resource that you can assign a public IP address to.
- You can easily see which IP addresses that are given and not given within the range.
You can associate the following resources to a static public IP address from a prefix:
|Virtual machines||Associating public IPs from a prefix to your virtual machines in Azure reduces management overhead when adding IP addresses to an allow list in the firewall. You can add an entire prefix with a single firewall rule. As you scale with virtual machines in Azure, you can associate IPs from the same prefix saving cost, time, and management overhead.||To associate IPs from a prefix to your virtual machine: 1. Create a prefix. 2. Create an IP from the prefix. 3. Associate the IP to your virtual machine's network interface. You can also associate the IPs to a Virtual Machine Scale Set.|
|Standard load balancers||Associating public IPs from a prefix to your frontend IP configuration or outbound rule of a load balancer ensures simplification of your Azure public IP address space. Simplify your scenario by grooming outbound connections from a range of contiguous IP addresses.||To associate IPs from a prefix to your load balancer: 1. Create a prefix. 2. Create an IP from the prefix. 3. When creating the load balancer, select or update the IP created in step 2 above as the frontend IP of your load balancer.|
|Azure Firewall||You can use a public IP from a prefix for outbound SNAT. All outbound virtual network traffic is translated to the Azure Firewall public IP.||To associate an IP from a prefix to your firewall: 1. Create a prefix. 2. Create an IP from the prefix. 3. When you deploy the Azure firewall, be sure to select the IP you previously gave from the prefix.|
|Application Gateway v2||You can use a public IP from a prefix for your autoscaling and zone-redundant Application gateway v2.||To associate an IP from a prefix to your gateway: 1. Create a prefix. 2. Create an IP from the prefix. 3. When you deploy the Application Gateway, be sure to select the IP you previously gave from the prefix.|
- You can't specify the IP addresses for the prefix. Azure gives the IP addresses for the prefix, based on the size that you specify.
- You can create a prefix of up to 16 IP addresses or a /28 by default. Review Network limits increase requests and Azure limits for more information.
- You can't change the range, once you've created the prefix.
- Only static public IP addresses created with the Standard SKU can be assigned from the prefix's range. To learn more about public IP address SKUs, see public IP address.
- Addresses from the range can only be assigned to Azure Resource Manager resources. Addresses can't be assigned to resources in the classic deployment model.
- All public IP addresses created from the prefix must exist in the same Azure region and subscription as the prefix. Addresses must be assigned to resources in the same region and subscription.
- You can't delete a prefix if any addresses within it are assigned to public IP address resources associated to a resource. Dissociate all public IP address resources that are assigned IP addresses from the prefix first.
- Create a public IP address prefix