Shulou(Shulou.com)06/02 Report--

I'm sure we all know Azure's Public IP, but what is Public IP Prefex? Many people may not have heard of it, but let's not mention what exactly it means. Let's talk about a question first.

Very often, we will have a pain point. We all know that the public IP on the cloud will be very comfortable to use, especially if you run a crawler or something, you can change it if you want. Of course, this also leads to a lot of spam, spam messages and so on are also sent from the cloud. In addition, we often encounter a problem, that is, when the firewall wants to set up a whitelist, the IP on the cloud is actually not fixed. And most of the time there are no rules to speak of, which is a problem.

In enterprises, firewalls are indispensable. When communicating with cloud services, especially some PaaS services, we all need to add the corresponding IP addresses to the whitelist. For PaaS services, Microsoft actually has some fixed network segments, and the information of these network segments is also published to the public. We can download them directly from Microsoft's official website, so that when setting firewall rules, You can add the IP side to the rule. For some IaaS services, if you do not want to add public network IP manually every time, in fact, Azure provides a function that provides users with a pool of public network IP addresses, and users can get a batch of public network IP with specific addresses, so that they do not need to add firewall rules manually every time, and this function is actually Public IP Prefex.

Currently, IP in Public IP Prefex can be associated with the following services

Resource scenario step A virtual machine associates a public IP from a prefix to a virtual machine in Azure to reduce the administrative overhead of creating an allow list IP in the firewall. You can use a single firewall rule to simplify the process of creating an entire prefix allow list. When scaling virtual machines in Azure, you can associate IP from the same prefix, saving cost, time, and administrative overhead. Associate the IP from a prefix to the virtual machine: 1. Create a prefix. two。 Create an IP from the prefix. 3. Associate the IP to the virtual machine network interface. You can also associate the IP to the virtual machine size set. Standard load balancers (Basic LB cannot) associate the public IP from a prefix to the front-end IP configuration or outbound rules of the load balancer to ensure that the Azure public IP address space is simplified. You can simplify your solution by sorting out outbound connections to the source's contiguous range of IP addresses defined by the public IP prefix. Associate the IP from a prefix to the load balancer: 1. Create a prefix. two。 Create an IP from the prefix. 3. When you create a load balancer, select or update the IP created in the previous step 2 as the front-end IP of the load balancer. The Azure firewall can use the public IP address from the prefix as the outbound SNAT. This means that all outbound virtual network traffic is converted to the Azure Firewall public IP. The IP comes from a predetermined prefix, so it's easy to know in advance what the public IP occupancy in Azure will be in the future. 1. Create a prefix. two。 Create an IP from the prefix. 3. When deploying Azure firewalls, be sure to select the IP that was previously assigned through the prefix. Application gateway v2 for automatic scaling and zone redundancy application gateway v2, a public IP from the prefix can be used. The IP comes from a predetermined prefix, so it's easy to know in advance what the public IP occupancy in Azure will be in the future. 1. Create a prefix. two。 Create an IP from the prefix. 3. When deploying an application gateway, be sure to select the IP that was previously assigned through the prefix.

It is important to note that for Public IP Prefex, there are also the following restrictions

The IP address of the prefix cannot be specified. Azure assigns the IP address of the prefix based on the specified size.

You can create an IP address with a maximum prefix of 16 or / 28. For more information, see Azure restrictions.

The range cannot be changed after the prefix is created.

Only static public IP addresses created using standard SKU can be assigned from the prefix range. To learn more about the public IP address SKU, see the public IP address.

Addresses in the range can only be assigned to Azure Explorer resources. These addresses cannot be assigned to resources created through the classic deployment model.

All public IP addresses created with prefixes must be in the same Azure zone and subscription as a prefix, and must be assigned to resources in the same zone and subscription.

If any address in the prefix is assigned to a public IP address resource associated with a resource, the prefix cannot be deleted. You should first disassociate all public IP address resources, which are assigned IP addresses by prefix.

The use of Public IP Prefex is actually very simple. Let's take a look.

Public IP Prefex is created by network segment, and the size of the network segment determines the number of IP in the pool. It should be noted that the larger the network segment, the more the number of IP in the pool, and the more expensive the fee will be.

You can see that after the creation is completed, you can create a public network IP by adding ip.

Try to create two IP addresses and you will find that what is created will be a contiguous IP

The rest is no different from the ordinary public network IP. You can mount it to the corresponding service. However, it is important to remind you that what Public IP Prefex creates is the IP of Standard, so it is impossible to mount it to some Basic services.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.