One of the great things that came with the plethora of new features and capabilities around Azure networking at Build 2015 and didn’t get a lot of attention is the fact that now you have much more flexibility in working with reserved IP addresses in your deployments. By default, VIP addresses of Azure cloud services are dynamic by nature, i.e. they may change when VMs get de-provisioned or the Azure fabric needs to move your VMs to another host, e.g. due to hardware failure.
What you can do now with the latest release of the Azure PowerShell Cmdlets is to convert existing dynamic VIP to reserved IP addresses. Doing so will take the current cloud service VIP from the data center’s general IP address pool and assign it specifically as a reserved IP to your Azure subscription. The IP will remain associated with the cloud service deployment, but can also be used for other deployments in your subscription, as we will see in this post.
Convert Dynamic IP to Reserved IP
Let’s have a look at a regular virtual machine that has been deployed into my Azure subscription: in the current Management Portal you can spot the Public VIP in the dashboard section like this:
You can see that VM vm01 in my cloud service viptest01.cloudapp.net has a dynamic VIP address of 104.47.161.70 in the West Europe datacenter. If I shut down this VM in the portal (which will de-allocate my resources) and re-start it, the VIP address will be different. Specifically in enterprise scenarios where customers access cloud resources through corporate firewalls, having durable IP addresses for VMs is a common requirement, so let’s see if we can fix this.
Before Build 2015 you had to request a new reserved IP address before you did a cloud service deployment. Now you can just grab any existing dynamic VIP and add it to the list of reserved IPs in your subscription. In order to do that you’ll need to execute the following PowerShell statement like this:
New-AzureReservedIP -ReservedIPName "vip01" -Location "West Europe" -ServiceName "viptest01"
By using the new -ServiceName attribute Azure knows magically that you do not only ask for a new reserved IP, but you also want to use the current VIP of the specified service.
If you check your list of reserved IP addresses using the Get-AzureReservedIP PowerShell Cmdlet, you should see a new entry for this VIP:
Again, the ServiceName attribute indicates the association with the viptest01 cloud service deployment. You can now safely shutdown and re-provision this VM, and it will reliably keep the same public IP address 104.47.161.70.
Remove Reserved IP from the Deployment
Now let’s see what happens when we de-associate this reserved IP from the running VM. We can do this by executing the following PS statement:
Remove-AzureReservedIPAssociation -ReservedIPName "vip01" -ServiceName "viptest01"
If you check the VM dashboard you can see that Azure assigned a different VIP (104.40.187.145) to the cloud service (which is again a regular, dynamic IP that might potentially change):
Checking the list of reserved IP addresses will now show the reserved IP address 104.47.161.70 as unassigned (i.e. with attribute InUse set to False and empty ServiceName and DeploymentName attributes):
Assign Reserved IP to Another Deployment
Now, let’s finally take our reserved IP and associate it with another deployment. I took a second VM vm02 in cloud service viptest02.cloudapp.net that was created by default with a dynamic VIP of 104.47.167.161:
You can associate the reserved IP vip01 with this deployment as follows:
Set-AzureReservedIPAssociation -ReservedIPName "vip01" -ServiceName "viptest02"
What the Azure fabric will do is switch the public VIP address of the viptest02 cloud service to our reserved IP address of 104.47.161.70 as you can see below.
Note that moving the reserved IP address to a different deployment does only work within the same datacenter, as IP ranges in Azure are location-specific.
Conclusion
This new capability is very helpful in scenarios where you need to “move” IP addresses between different deployments, i.e. exchange the implementation of a service or provide a failover type of behavior. Reusing existing IP addresses of deployments and not having to re-deploy is a major improvement and saves lots of time.
Reserved IP addresses can be used with both IaaS VMs as well as PaaS web/worker roles. Association of reserved IPs with PaaS cloud services can also be done via service configuration files (CSCFG).
Reserving IPs and converting IPs from dynamic to reserved does not only work for public VIPs, but also for instance-level public IP addresses (PIPs) in Azure.
Looks like you are the first to cover this long-awaited feature!
I am trying to convert a dynamic IP to a reserved one. This is for a VM in a supported region, with no affinity groups (which are unsupported). Yet I get this error:
New-AzureReservedIP : BadRequest : Cannot reserve the ip of deployment …
Any suggestions on what I may be missing?
Not sure what’s going on. Is the error message giving more specific details? Maybe try another region.
I’m getting the same error. Specifying another region gives this error:
New-AzureReservedIP : BadRequest: The region europenorth specified for the reserved ip *snip* is diffe
rent than the region europewest that hosted service *snip* belongs to, they need to belong to the same region.
Got same ” BadRequest : Cannot reserve the ip of deployment” error. So I tried it in different way via Set-AzureReservedIPAssociation and when trying this I got less cryptic error “Set-AzureReservedIPAssociation : BadRequest : This operation is not allowed on deployment/role last updated with old API version , please update deploymet/role and try again.”
And so I did, I changed something harmless (like static IP) via Get-AzureVM … | Set-AzureStaticVNetIP … | Update-AzureVM
After this I was able to run original New-AzureReservedIP line without isses 🙂
Hello,
Thanks for the good write-up. Can I somehow in the portal see that a cloudservice/vm is using a reserved IP ?
Regards,
Rikard Strand, Cloudworks
You can see it in the new preview portal, but not in the current production portal.
I opened a support case, and we tested various scenarios, and their conclusion was that the -ServiceName option is too good to be true: it does not work on some older systems. Which sort of defies the purpose, because if we had it set up in the last year or so, reservation would already have been possible at setup time.
The error in these cases is:
New-AzureReservedIP : BadRequest : Cannot reserve the ip of deployment viptest02.
It does not seem to be specific to a region. We are experiencing this on both US East and US West, where the command works fine on newly created services (but not on existing ones).
Hello,
Did someone had news on when is this going to be solved?
Best Regards
Hi _suspect_ it has something to do with Virtual Networks: If your VM is NOT in a VNET, you can’t reserve it’s IP. Can someone confirm this?
I found this statement: “Reserved IPs are only supported in regional VNets. It is not supported for VNets that are associated with affinity groups.” https://azure.microsoft.com/en-us/documentation/articles/virtual-networks-reserved-public-ip/
Thanks for the awesome post, really useful!
Just for anyone that stumbles across the same issue, there were some issues with the New-AzureReservedIP cmdlet with Azure Powershell 0.9.4. I had to downgrade to 0.9.3 to get it to work. Discussion available at:
https://social.msdn.microsoft.com/Forums/en-US/c9a5bc8d-b589-4473-8002-096933076e5e/trying-to-reserve-ip-but-keep-on-getting-errors?forum=windowsazuredevelopment
Pingback: Reserved Public IP Addresses in Microsoft Azure | TechKB.onl
Extremely helpful, thank you for this information!
Thank you so much for posting this. I have spent about 3 days working on this and finally found your page and finished in minutes. Thanks again.
thanks for this information, i am searching a long time to realize this.
Great content, great writeup, really helpful. Couldn’t ask for more.
Thanks for the great article. One question though, I have multiple virtual IP’s associated with my service (have multiple https sites hosted on VM), how do I convert dynamic VIP to static one?
Running New-AzureReservedIP results in “ConflictError: The specified virtualIP address is already reserved and associated….”.
Please help.
Hi,
This is a great topic! I have been wanting to do this for a long time and did not realise how easy it is with the new cmdlets!
It did take some time to realise which ones I had to import into Powershell as I am not a huge powershell user, but once this was done, the rest was easy.
Thanks!
Interestingly, this works a treat on a recently created VM, but I have a 3 year old VM and I get an error: BadRequest : Cannot reserve the ip of deployment xxxxxxxx
Could it be an issue with the age of teh cloud service that contains the VM instance I do want to change? I ran this last night on a new instance and was able to reserved the named instance IP no problem at all.
I have put i on teh Azure forum and @Azure so will post if I find out more 🙂
One of the reasons you may see this error is if you have not selected the correct Azure Subscription. Check this if you have multiple Azure Subscriptions by doing a “Get-AzureSubscription” command to see all subscriptions and then a “Select-AzureSubscription -name ‘mySubscriptionName'” to select the one containing the cloud service or VM to which you wish to assign the reserved IP.