The Ops Community

Kithmini Indimagedara
Kithmini Indimagedara

Posted on

Bring your own IP ranges to Azure

As you are aware, when you elect to use cloud services – in this case, Azure – for your on-premises workloads, you will use the cloud provider's IP addresses, whether internal or public.

However, there are instances where using the cloud provider's public IP addresses may be problematic due to dependencies outside of your control, such as IP reputation (public IP addresses of cloud providers may have a low reputation for obvious reasons) or customer configuration (IP whitelisting, hardcoding [sadly still relevant],...).

To assist you in migrating your workloads to Azure, you may now use Azure Custom IP Prefix to bring your own IP (BYOIP).

Before you begin, you should be aware of the following information:

  • The Azure Custom IP Prefix service is available in all Azure regions.
  • The minimum size for enrolling your IP addresses is 256 IP addresses (also known as /24 range).
  • The sole cost involved with hosting and managing onboarded range is for the egress bandwidth from the IP to the related Azure resource.
  • To allow Microsoft to advertise, the IP range must have been registered with a Routing Internet Registry (such as ARIN, RIPE, or APNIC) - the Origin AS must be defined as 8075.
  • Onboarded IP ranges remain your own, although Microsoft advertises them.
  • Any IP address in the onboarded range can then be used with any Azure service that supports Standard SKU public IP addresses.
  • For the time being, it only pertains to IP v4; IP v6 is not supported.

Now let's see how it works.

When you onboard an IP range, you authorize Microsoft to advertise the range, generate the custom IP prefix (through the portal, PowerShell, Azure Cli, or an ARM template), and then validate the range. During these processes, the BYOIP can be assigned to an Azure resource but is not reachable.

When you send the command to advertise your range from Azure, the custom prefix becomes reachable once Microsoft has validated the onboarding.

Discussion (0)