1.1 Design and Implement IP Addressing for Azure Resources
📘Microsoft Azure Networking Solutions (AZ-700)
Overview
In Azure, a public IP address prefix is a block (range) of public IP addresses that Azure assigns to you as a single resource.
Instead of creating many public IP addresses one by one, you can reserve and manage them together.
For the AZ-700 exam, you must clearly understand:
- What a public IP prefix is
- Why Azure provides it
- When you should choose a public IP prefix
- Which Azure services commonly use it
- Benefits and limitations
- How it compares to individual public IP addresses
What Is a Public IP Address Prefix?
A public IP address prefix is:
- A contiguous range of public IPv4 or IPv6 addresses
- Assigned and reserved in advance
- Used to create multiple public IP resources from the same range
Example (conceptual):
- Azure assigns a block like
/29 - That block contains 8 public IP addresses
- You can use those IPs for different Azure resources
Key point for exam:
A public IP prefix guarantees that your public IP addresses remain within the same known range.
Why Azure Introduced Public IP Prefixes
Azure introduced public IP prefixes to solve problems such as:
- Managing large numbers of public IPs
- Ensuring IP address consistency
- Supporting firewall allow-lists
- Simplifying network administration
Without a prefix:
- Each public IP is assigned independently
- IP addresses may not be sequential
- Harder to manage and track
When Should You Use a Public IP Address Prefix?
1. When You Need Multiple Public IP Addresses
Use a public IP prefix when:
- You need many public-facing Azure resources
- You want all public IPs to come from one known range
Common IT scenarios:
- Multiple virtual machines with public access
- Multiple load balancer frontends
- Multiple NAT Gateway outbound IPs
Exam note:
Public IP prefixes are designed for scale.
2. When IP Address Consistency Is Required
Choose a public IP prefix when:
- External systems require fixed IP ranges
- IP changes are not acceptable
Examples in IT environments:
- Partner firewalls
- External SaaS platforms
- On-premises security devices
Instead of allowing:
- Many random public IPs
You allow:
- One known prefix range
3. When Firewall or Security Allow-Listing Is Needed
Public IP prefixes are ideal when:
- External firewalls allow traffic only from approved IP ranges
- You want to minimize firewall rule changes
Why this matters:
- One prefix = one firewall rule
- Easier security management
AZ-700 exam focus:
Public IP prefixes simplify security rule management.
4. When Using Azure NAT Gateway
Azure NAT Gateway:
- Requires public IP addresses or a public IP prefix
- Controls outbound internet traffic for subnets
Why prefixes are preferred:
- NAT Gateway may scale outbound connections
- A prefix provides multiple IPs for high traffic
Important exam point:
NAT Gateway supports public IP prefixes for scalable outbound connectivity.
5. When Using Azure Load Balancer at Scale
Public IP prefixes are commonly used with:
- Standard Load Balancer
Benefits:
- Multiple frontend IP configurations
- Predictable IP allocation
- Simplified outbound SNAT management
Exam hint:
Standard Load Balancer works well with public IP prefixes for large deployments.
6. When Planning Long-Term Network Architecture
Choose a public IP prefix when:
- Designing enterprise or production environments
- Planning future growth
- Wanting predictable IP address planning
Prefixes help with:
- Network documentation
- Capacity planning
- Reduced reconfiguration
When You Should NOT Use a Public IP Prefix
Do not use a public IP prefix when:
- You only need one public IP
- The resource is temporary
- No IP consistency is required
- You want minimal configuration
Examples:
- One test virtual machine
- Short-lived lab resources
Exam tip:
Public IP prefixes are optional, not mandatory.
Supported Azure Services
Public IP prefixes can be used with:
- Public IP addresses (Standard SKU)
- Azure Load Balancer (Standard)
- Azure NAT Gateway
- Virtual Machines
- Virtual Machine Scale Sets
- Azure Firewall (outbound scenarios)
Important:
- Only Standard SKU public IPs support prefixes
Size and Address Planning
Public IP prefixes:
- Use CIDR notation (
/31to/24) - Larger prefix = more IP addresses
- Must be planned carefully
Key exam detail:
Once created, a public IP prefix cannot be resized.
IPv4 and IPv6 Support
Public IP prefixes support:
- IPv4
- IPv6
However:
- IPv4 is more commonly tested in AZ-700
- IPv6 support depends on the service
Public IP Prefix vs Individual Public IP
| Feature | Public IP Prefix | Individual Public IP |
|---|---|---|
| IP Range Control | Yes | No |
| Scalability | High | Limited |
| Firewall Allow-Listing | Easy | Difficult |
| Management | Centralized | Separate |
| Best for | Enterprise, production | Small or test setups |
Key Exam Points to Remember
✔ A public IP prefix is a reserved range of public IP addresses
✔ Used when multiple public IPs are required
✔ Helps with security allow-lists and consistency
✔ Common with NAT Gateway and Standard Load Balancer
✔ Supports Standard SKU only
✔ Cannot be resized after creation
✔ Ideal for enterprise and scalable environments
Summary
You should choose a public IP address prefix when:
- You need multiple public IPs
- IP addresses must remain consistent
- External systems require fixed IP ranges
- You are designing scalable and secure Azure networks
For the AZ-700 exam, always remember:
Public IP prefixes are about control, scalability, and predictability in Azure networking.
