As you know when you decide to make the move the cloud services – in this case Azure – for your on-premises workloads you will then use the cloud provider IP addresses, either internal or public ones.
However there are situations where using the cloud provider public IP addresses may be problematic due to dependencies outside of your control like IP reputation (public IP addresses of cloud providers may have a low reputation for obvious reason) or because of your customers configuration (IP whitelisting, hardcoding [unfortunately still relevant],…).
Well, to help you moving your workloads to Azure, you can now bring your own IP (BYOIP) using Azure Custom IP Prefix.
Before you start, you need to know the below details:
- Azure Custom IP Prefix is available in all Azure region
- The minimum size for onboarding your IP’s is 256 IP address (aka /24 range)
- There is no cost associated with hosting and management of onboarded range; the only associated cost is for the egress bandwidth from the IP to the associated Azure resource
- The IP range must have been registered with a Routing Internet Registry (such as ARIN, RIPE or APNIC) – to allow Microsoft to advertise you need to define the Origin AS must be defined as 8075.
- Onboarded IP ranges remain under your ownership but are advertised by Microsoft
- Any IP address from the onboarded range can then be use with any of Azure service supporting Standard SKU public IP’s
- It applies only to IP v4 for now; IP v6 are currently not supported
Ok, now how it is working.
When you onboard an IP range, you authorize Microsoft to advertise the range, create the custom IP prefix (either from the portal, PowerShell, Azure Cli or ARM template) then Microsoft perform validation. During these steps, the BYOIP can already be allocated to Azure resource BUT not reachable.
The custom prefix becomes reachable once Microsoft has validated the onboarding when you issue the command to advertise your range from Azure.
Complete details to onboard an IP range are available here: