1.1 Design and Implement IP Addressing for Azure Resources
📘Microsoft Azure Networking Solutions (AZ-700)
1. What is a Public IP Address Prefix?
A Public IP Address Prefix is a range of consecutive public IP addresses that you can use for Azure resources.
- Normally, Azure assigns public IPs automatically when you create resources like Load Balancers, Azure Firewall, or Virtual Machines with public IPs.
- A prefix is useful when you need multiple consecutive public IPs or want better control and predictability over your IP addresses.
Think of it as reserving a block of IPs for your company in Azure, so all your services use IPs from that block.
2. What is BYOIP (Bring Your Own IP)?
BYOIP allows you to bring your own public IP addresses that you already own from your IP provider (like your corporate ISP) and use them in Azure.
Key points:
- Normally, public IPs in Azure are assigned from Microsoft’s IP ranges.
- With BYOIP, you can advertise your own IP addresses to Azure.
- This is useful for network consistency, compliance, or reputation purposes, like when your IPs are already trusted by customers or firewalls.
Exam Tip: You need to know BYOIP allows you to bring IPv4 prefixes only (as of now, IPv6 BYOIP isn’t supported for production).
3. Why Use a Custom Public IP Prefix or BYOIP?
Scenarios in IT environments:
- Consistent IPs for firewall rules
- Your firewall or partner systems may require specific IPs to allow traffic.
- Using a custom prefix ensures all your Azure services use the same predictable IP range.
- Load Balancers & Application Gateways
- If your company hosts multiple applications, you may need consecutive public IPs for multi-site routing or SSL certificates.
- Reputation and whitelisting
- Some services may trust your existing public IP range, so BYOIP keeps your IP reputation intact.
- Regulatory compliance
- Certain industries require specific IPs for auditing or geo-location control.
4. Steps to Plan a Custom Public IP Prefix (BYOIP)
Here’s the simplified exam-focused flow:
Step 1: Acquire the IP Prefix
- You get a public IP prefix from your ISP (like a /24 block, which is 256 IPs).
Step 2: Validate Your IP Prefix with Microsoft
- Submit your IP prefix to Microsoft for validation.
- Microsoft checks that:
- You own the IP addresses.
- The IP block is not already used in Azure.
Step 3: Publish the IP Prefix in Azure
- After validation, you register the IP prefix in your Azure subscription.
- This allows you to assign these IPs to Azure resources like:
- Azure Firewall
- Public Load Balancer
- Application Gateway
- Virtual Machines
Step 4: Assign Public IPs
- You can now create public IP addresses from your prefix.
- These IPs behave like any normal Azure public IPs:
- Can be static or dynamic.
- Can be associated with VMs, Load Balancers, or NAT gateways.
Step 5: Advertise the IP Prefix
- Microsoft automatically advertises your prefix to the internet via Azure’s network infrastructure.
- If needed, you can configure custom BGP routing with ExpressRoute or VPN for more advanced networking.
5. Important Considerations / Exam Tips
- IP Prefix Size:
- Must be at least /24 (256 IP addresses) for BYOIP.
- Larger prefixes are supported (/23, /22, etc.) depending on your requirements.
- Ownership Proof:
- You must prove ownership of the IP prefix. Microsoft will not allow unverified IPs.
- Supported IP Types:
- IPv4 only for BYOIP in most production scenarios.
- IPv6 can be used only in limited preview or internal testing.
- Cost:
- The prefix itself is free, but Azure resources using the IPs (VMs, Load Balancers, etc.) are charged normally.
- Resource Compatibility:
- Not all Azure services support custom IP prefixes. Make sure to check service compatibility before planning.
6. Summary Table for Easy Exam Revision
| Concept | Key Points |
|---|---|
| Public IP Prefix | A range of consecutive public IP addresses in Azure. |
| BYOIP | Bring your own public IP range to Azure. |
| Why use | Consistency, firewall rules, compliance, reputation, multi-service IP planning. |
| Minimum prefix | /24 (256 IP addresses) |
| Steps | Acquire IP → Validate → Register → Assign to Azure resources → Advertise via Azure network |
| Supported IP | IPv4 only (BYOIP), static/dynamic allowed |
| Services compatible | VM, Load Balancer, Application Gateway, Azure Firewall, NAT Gateway |
7. Quick Exam Notes
- BYOIP is mainly for enterprise scenarios where IP ownership and consistency matter.
- Azure automatically advertises the prefix; you do not need to configure internet routing manually unless using custom BGP.
- You can still use Azure-assigned public IPs if BYOIP is not required.
✅ Key Takeaways for the Exam:
- Understand what a custom public IP prefix is.
- Know what BYOIP allows (bring IPv4 addresses you own).
- Be familiar with steps to implement BYOIP in Azure.
- Remember minimum prefix size and ownership requirement.
- Know which Azure resources can use the custom IPs.
