1.1 Design and Implement IP Addressing for Azure Resources
📘Microsoft Azure Networking Solutions (AZ-700)
What Is a Public IP Address in Azure?
A public IP address in Azure is an IP address that allows Azure resources to be accessible from the internet.
Examples of Azure resources that may need public IPs include:
- Virtual machines
- Azure Load Balancers
- Application Gateways
- Azure Firewalls
- NAT Gateways
By default, Azure allows you to create individual public IP addresses one by one. However, in enterprise or large environments, managing many individual public IPs becomes difficult.
This is where Public IP Prefix is used.
What Is a Public IP Prefix?
A Public IP Prefix is a contiguous block (range) of public IP addresses reserved for your Azure subscription.
Instead of creating separate public IP addresses one at a time, you:
- Create a public IP prefix
- Assign individual public IPs from that prefix to Azure resources
Key Definition (Exam-Important)
A Public IP Prefix is a reserved range of public IP addresses that can be assigned to Azure resources.
Why Use a Public IP Prefix?
Creating a public IP prefix provides better control, predictability, and management of public IP addresses.
Main Benefits
1. Predictable IP Address Range
- All public IPs come from a known range
- Useful for:
- Firewall rules
- Partner allowlists
- Security policies
2. Simplified Management
- Manage many public IPs as a single object
- Easier auditing and governance
3. Reuse and Consistency
- IP addresses remain consistent even when resources are deleted and recreated
- Helps avoid IP changes in production systems
4. Required for Some Architectures
- Some enterprise designs require pre-approved public IP ranges
Public IP Prefix vs Individual Public IP
| Feature | Individual Public IP | Public IP Prefix |
|---|---|---|
| IP allocation | One IP at a time | Multiple IPs in a range |
| Predictability | Low | High |
| Management | Manual | Centralized |
| Best for | Small setups | Large or enterprise environments |
| Exam relevance | Basic | Very important |
Supported IP Versions
Azure supports:
- IPv4 Public IP Prefix
- IPv6 Public IP Prefix
⚠️ IPv4 is most commonly tested in AZ-700.
Prefix Size (Very Important for Exam)
When creating a public IP prefix, you must choose a prefix size.
Common Prefix Sizes
| Prefix Size | Number of IPs |
|---|---|
| /31 | 2 IPs |
| /30 | 4 IPs |
| /29 | 8 IPs |
| /28 | 16 IPs |
| /27 | 32 IPs |
| /26 | 64 IPs |
📌 Smaller number = larger IP range
Exam Tip
- You cannot change the prefix size later
- Choose carefully based on future needs
SKU Types for Public IP Prefix
Azure supports two SKUs:
1. Standard SKU (Exam Focus)
- Required for public IP prefixes
- Supports:
- Availability Zones
- Azure Load Balancer
- Azure Firewall
- More secure
- No default open access
2. Basic SKU
❌ Not supported for public IP prefixes
📌 Exam Rule
Public IP Prefix only supports Standard SKU
Regional Scope
- A public IP prefix is region-specific
- You can only assign IPs to resources in the same Azure region
Example:
- Prefix created in East US
- Can only be used by resources in East US
How Public IPs Are Assigned from a Prefix
After creating a prefix:
- You create public IP address resources
- You select the existing prefix
- Azure assigns the next available IP from the prefix
Important Behavior
- IPs are assigned dynamically from the prefix
- Once assigned, the IP remains reserved for that resource
Supported Azure Resources
Public IPs created from a prefix can be attached to:
- Virtual Machines (NIC or VM)
- Azure Load Balancer (Frontend)
- Application Gateway
- Azure Firewall
- NAT Gateway
📌 Exam Note
The prefix itself is not attached directly to resources — individual IPs from the prefix are used.
Availability Zone Support
Public IP Prefix supports:
- Zonal
- Zone-redundant
Options:
- Assign prefix to a specific availability zone
- Make prefix zone-redundant (recommended for resiliency)
📌 Exam Tip
Zone-redundant public IP prefixes provide higher availability.
Security and Access Control
Role-Based Access Control (RBAC)
You can control:
- Who can create a prefix
- Who can assign IPs from the prefix
Network Security Groups (NSGs)
- NSGs do not apply directly to public IPs
- NSGs apply at:
- Subnet level
- Network Interface level
Lifecycle and Deletion Rules (Exam Critical)
Deleting a Public IP Prefix
You cannot delete a public IP prefix if:
- Any IP from the prefix is still assigned
Correct Process:
- Unassign public IPs from resources
- Delete the individual public IPs
- Delete the public IP prefix
Pricing Considerations (High-Level)
- You are charged for:
- Public IP prefix
- Public IP addresses assigned
- Pricing depends on:
- Region
- SKU
- Usage duration
📌 Exact prices are not tested, but understanding cost awareness is important.
Common Exam Mistakes to Avoid
❌ Thinking public IP prefix works with Basic SKU
❌ Believing the prefix can span multiple regions
❌ Assuming the prefix is directly attached to resources
❌ Forgetting prefix size cannot be changed
❌ Attempting to delete prefix while IPs are in use
When Should You Use a Public IP Prefix? (Exam Scenario Thinking)
Use a public IP prefix when:
- You need predictable outbound or inbound IP addresses
- You manage many internet-facing resources
- You need centralized IP governance
- Security teams require fixed IP ranges
Key Exam Summary (Memorize This)
- Public IP Prefix = Reserved block of public IP addresses
- Standard SKU only
- Region-specific
- Supports IPv4 and IPv6
- Prefix size cannot be changed
- IPs are assigned from the prefix to resources
- Required for enterprise-scale designs
- Supports Availability Zones
