Reserved IP addresses (Classic)

IP addresses in Azure fall into two categories: dynamic and reserved. Public IP addresses managed by Azure are dynamic by default. That means that the IP address used for a given cloud service (VIP) or to access a VM or role instance directly (ILPIP) can change from time to time, when resources are shut down or stopped (deallocated).

To prevent IP addresses from changing, you can reserve an IP address. Reserved IPs can be used only as a VIP, ensuring that the IP address for the cloud service remains the same, even as resources are shut down or stopped (deallocated). Furthermore, you can convert existing dynamic IPs used as a VIP to a reserved IP address.

Important

Azure has two different deployment models for creating and working with resources: Resource Manager and classic. This article covers using the classic deployment model. Microsoft recommends that most new deployments use the Resource Manager model. Learn how to reserve a static public IP address using the Resource Manager deployment model.

To learn more about IP addresses in Azure, read the IP addresses article.

When do I need a reserved IP?

  • You want to ensure that the IP is reserved in your subscription. If you want to reserve an IP address that is not released from your subscription under any circumstance, you should use a reserved public IP.
  • You want your IP to stay with your cloud service even across stopped or deallocated state (VMs). If you want your service to be accessed by using an IP address that doesn't change, even when VMs in the cloud service are shut down or stop (deallocated).
  • You want to ensure that outbound traffic from Azure uses a predictable IP address. You may have your on-premises firewall configured to allow only traffic from specific IP addresses. By reserving an IP, you know the source IP address, and don't need to update your firewall rules due to an IP change.

FAQ

  1. Can I use a reserved IP for all Azure services?
    No. Reserved IPs can only be used for VMs and cloud service instance roles exposed through a VIP.
  2. How many reserved IPs can I have?
    For details, see the Azure limits article.
  3. Is there a charge for reserved IPs?
    Sometimes. For pricing details, see the Reserved IP Address Pricing Details page.
  4. How do I reserve an IP address?
    You can use PowerShell, the Azure Management REST API, or the Azure portal to reserve an IP address in an Azure region. A reserved IP address is associated to your subscription.
  5. Can I use a reserved IP with affinity group-based VNets?
    No. Reserved IPs are only supported in regional VNets. Reserved IPs are not supported for VNets that are associated with affinity groups. For more information about associating a VNet with a region or affinity group, see the About Regional VNets and Affinity Groups article.

Manage reserved VIPs

Ensure you have installed and configured PowerShell by completing the steps in the Install and configure PowerShell article.

Before you can use reserved IPs, you must add it to your subscription. To create a reserved IP from the pool of public IP addresses available in the Central US location, run the following command:

New-AzureReservedIP –ReservedIPName MyReservedIP –Location "Central US"

Notice, however, that you cannot specify what IP is being reserved. To view what IP addresses are reserved in your subscription, run the following PowerShell command, and notice the values for ReservedIPName and Address:

Get-AzureReservedIP

Expected output:

ReservedIPName       : MyReservedIP
Address              : 23.101.114.211
Id                   : d73be9dd-db12-4b5e-98c8-bc62e7c42041
Label                :
Location             : Central US
State                : Created
InUse                : False
ServiceName          :
DeploymentName       :
OperationDescription : Get-AzureReservedIP
OperationId          : 55e4f245-82e4-9c66-9bd8-273e815ce30a
OperationStatus      : Succeeded

Note

When you create a reserved IP address with PowerShell, you cannot specify a resource group to create the reserved IP in. Azure places it into a resource group named Default-Networking automatically. If you create the reserved IP using the Azure portal, you can specify any resource group you choose. If you create the reserved IP in a resource group other than Default-Networking however, whenever you reference the reserved IP with commands such as Get-AzureReservedIP and Remove-AzureReservedIP, you must reference the name Group resource-group-name reserved-ip-name. For example, if you create a reserved IP named myReservedIP in a resource group named myResourceGroup, you must reference the name of the reserved IP as Group myResourceGroup myReservedIP.

Once an IP is reserved, it remains associated to your subscription until you delete it. To delete a reserved IP, run the following PowerShell command:

Remove-AzureReservedIP -ReservedIPName "MyReservedIP"

Reserve the IP address of an existing cloud service

You can reserve the IP address of an existing cloud service by adding the -ServiceName parameter. To reserve the IP address of a cloud service TestService in the Central US location, run the following PowerShell command:

New-AzureReservedIP –ReservedIPName MyReservedIP –Location "Central US" -ServiceName TestService

Associate a reserved IP to a new cloud service

The following script creates a new reserved IP, then associates it to a new cloud service named TestService.

New-AzureReservedIP –ReservedIPName MyReservedIP –Location "Central US"

$image = Get-AzureVMImage|?{$_.ImageName -like "*RightImage-Windows-2012R2-x64*"}

New-AzureVMConfig -Name TestVM -InstanceSize Small -ImageName $image.ImageName `
| Add-AzureProvisioningConfig -Windows -AdminUsername adminuser -Password MyP@ssw0rd!! `
| New-AzureVM -ServiceName TestService -ReservedIPName MyReservedIP -Location "Central US"

Note

When you create a reserved IP to use with a cloud service, you still refer to the VM by using VIP:<port number> for inbound communication. Reserving an IP does not mean you can connect to the VM directly. The reserved IP is assigned to the cloud service that the VM has been deployed to. If you want to connect to a VM by IP directly, you have to configure an instance-level public IP. An instance-level public IP is a type of public IP (called an ILPIP) that is assigned directly to your VM. It cannot be reserved. For more information, read the Instance-level Public IP (ILPIP) article.

Remove a reserved IP from a running deployment

To remove a reserved IP added to a new cloud service, run the following PowerShell command:

Remove-AzureReservedIPAssociation -ReservedIPName MyReservedIP -ServiceName TestService

Note

Removing a reserved IP from a running deployment does not remove the reservation from your subscription. It simply frees the IP to be used by another resource in your subscription.

Associate a reserved IP to a running deployment

The following commands create a cloud service named TestService2 with a new VM named TestVM2. The existing reserved IP named MyReservedIP is then associated to the cloud service.

$image = Get-AzureVMImage|?{$_.ImageName -like "*RightImage-Windows-2012R2-x64*"}

New-AzureVMConfig -Name TestVM2 -InstanceSize Small -ImageName $image.ImageName `
| Add-AzureProvisioningConfig -Windows -AdminUsername adminuser -Password MyP@ssw0rd!! `
| New-AzureVM -ServiceName TestService2 -Location "Central US"

Set-AzureReservedIPAssociation -ReservedIPName MyReservedIP -ServiceName TestService2

Associate a reserved IP to a cloud service by using a service configuration file

You can also associate a reserved IP to a cloud service by using a service configuration (CSCFG) file. The following sample xml shows how to configure a cloud service to use a reserved VIP named MyReservedIP:

<?xml version="1.0" encoding="utf-8"?>
<ServiceConfiguration serviceName="ReservedIPSample" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceConfiguration" osFamily="4" osVersion="*" schemaVersion="2014-01.2.3">
  <Role name="WebRole1">
    <Instances count="1" />
    <ConfigurationSettings>
      <Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" value="UseDevelopmentStorage=true" />
    </ConfigurationSettings>
  </Role>
  <NetworkConfiguration>
    <AddressAssignments>
      <ReservedIPs>
       <ReservedIP name="MyReservedIP"/>
      </ReservedIPs>
    </AddressAssignments>
  </NetworkConfiguration>
</ServiceConfiguration>

Next steps