In today’s world lot of organizations are moving their application or infrastructure to cloud. This can sometime mean you have to deal with the applications which are tied with the IP address that you can’t afford to loose. Microsoft introduced an option to use a custom IP address prefix in Azure. Addresses from a custom IP address prefix can be used in the same way as Azure-owned public IP address prefixes. Addresses from a custom IP address prefix can be associated to Azure resources, interact with internal/private IPs and virtual networks, and reach external destinations outbound from the Azure Wide Area Network.

Why do you need this feature?

  • Customers can retain their IP ranges (BYOIP) to maintain established reputation and continue to pass through externally controlled allowlists.
  • Public IP address prefixes and standard SKU public IPs can be derived from custom IP address prefixes. These IPs can be used in the same way as Azure owned public IPs.

Bring an IP prefix to Azure

It’s a three phase process to bring an IP prefix to Azure:

  • Validation
  • Provision
  • Commission
Illustration of the custom IP prefix onboarding process.

Validation

A public IP address range that’s brought to Azure must be owned by you and registered with a Routing Internet Registry such as ARIN or RIPE. When you bring an IP range to Azure, it remains under your ownership. You must authorize Microsoft to advertise the range. Your ownership of the range and its association with your Azure subscription are also verified. Some of these steps will be done outside of Azure.

Provision

After the previous steps are completed, the public IP range can complete the Provisioning phase. The range will be created as a custom IP prefix resource in your subscription. Public IP prefixes and public IPs can be derived from your range and associated to Azure resources. The IPs won’t be advertised at this point and not reachable.

Commission

When ready, you can issue the command to have your range advertised from Azure and enter the Commissioning phase. The range will be advertised first from the Azure region where the custom IP prefix is located, and then by Microsoft’s Wide Area Network (WAN) to the Internet. The specific region where the range was provisioned will be posted publicly on Microsoft’s IP Range GeoLocation page.

Limitations

  • A custom IP prefix must be associated with a single Azure region.
  • The minimum size of an IP range is /24.
  • IPv6 is currently not supported for custom IP prefixes.
  • In regions with availability zones, a custom IP prefix must be specified as either zone-redundant or assigned to a specific zone. It can’t be created with no zone specified in these regions. All IPs from the prefix must have the same zonal properties.
  • The advertisements of IPs from a custom IP prefix over Azure ExpressRoute aren’t currently supported.
  • Once provisioned, custom IP prefix ranges can’t be moved to another subscription. Custom IP address prefix ranges can’t be moved within resource groups in a single subscription. It’s possible to derive a public IP prefix from a custom IP prefix in another subscription with the proper permissions.
  • Any IP addresses utilized from a custom IP prefix currently count against the standard public IP quota for a subscription and region. Contact Azure support to have quotas increased when required.

Pricing

  • There is no charge to provision or use custom IP prefixes. There is no charge for any public IP prefixes and public IP addresses that are derived from custom IP prefixes.
  • All traffic destined to a custom IP prefix range is charged the internet egress rate. Customers traffic to a custom IP prefix address from within Azure are charged internet egress for the source region of their traffic. Egress traffic from a custom IP address prefix range is charged the equivalent rate as an Azure public IP from the same region.
Advertisement