Convert Existing Dynamic VIP to Reserved IP Addresses in Azure

One of the great things that came with the plethora of new features and capabilities around Azure networking at Build 2015 and didn’t get a lot of attention is the fact that now you have much more flexibility in working with reserved IP addresses in your deployments. By default, VIP addresses of Azure cloud services are dynamic by nature, i.e. they may change when VMs get de-provisioned or the Azure fabric needs to move your VMs to another host, e.g. due to hardware failure.

What you can do now with the latest release of the Azure PowerShell Cmdlets is to convert existing dynamic VIP to reserved IP addresses. Doing so will take the current cloud service VIP from the data center’s general IP address pool and assign it specifically as a reserved IP to your Azure subscription. The IP will remain associated with the cloud service deployment, but can also be used for other deployments in your subscription, as we will see in this post.


Convert Dynamic IP to Reserved IP

Let’s have a look at a regular virtual machine that has been deployed into my Azure subscription: in the current Management Portal you can spot the Public VIP in the dashboard section like this:

DynamicIP

You can see that VM vm01 in my cloud service viptest01.cloudapp.net has a dynamic VIP address of 104.47.161.70 in the West Europe datacenter. If I shut down this VM in the portal (which will de-allocate my resources) and re-start it, the VIP address will be different. Specifically in enterprise scenarios where customers access cloud resources through corporate firewalls, having durable IP addresses for VMs is a common requirement, so let’s see if we can fix this.

Before Build 2015 you had to request a new reserved IP address before you did a cloud service deployment. Now you can just grab any existing dynamic VIP and add it to the list of reserved IPs in your subscription. In order to do that you’ll need to execute the following PowerShell statement like this:


New-AzureReservedIP -ReservedIPName "vip01" -Location "West Europe" -ServiceName "viptest01"

By using the new -ServiceName attribute Azure knows magically that you do not only ask for a new reserved IP, but you also want to use the current VIP of the specified service.

If you check your list of reserved IP addresses using the Get-AzureReservedIP PowerShell Cmdlet, you should see a new entry for this VIP:

ReservedIP

Again, the ServiceName attribute indicates the association with the viptest01 cloud service deployment. You can now safely shutdown and re-provision this VM, and it will reliably keep the same public IP address 104.47.161.70.

Remove Reserved IP from the Deployment

Now let’s see what happens when we de-associate this reserved IP from the running VM. We can do this by executing the following PS statement:


Remove-AzureReservedIPAssociation -ReservedIPName "vip01" -ServiceName "viptest01"

If you check the VM dashboard you can see that Azure assigned a different VIP (104.40.187.145) to the cloud service (which is again a regular, dynamic IP that might potentially change):

DynamicIP2

Checking the list of reserved IP addresses will now show the reserved IP address 104.47.161.70 as unassigned (i.e. with attribute InUse set to False and empty ServiceName and DeploymentName attributes):

ReservedIP2

Assign Reserved IP to Another Deployment

Now, let’s finally take our reserved IP and associate it with another deployment. I took a second VM vm02 in cloud service viptest02.cloudapp.net that was created by default with a dynamic VIP of 104.47.167.161:

DynamicIP3

You can associate the reserved IP vip01 with this deployment as follows:


Set-AzureReservedIPAssociation -ReservedIPName "vip01" -ServiceName "viptest02"

What the Azure fabric will do is switch the public VIP address of the viptest02 cloud service to our reserved IP address of 104.47.161.70 as you can see below.

DynamicIP4

Note that moving the reserved IP address to a different deployment does only work within the same datacenter, as IP ranges in Azure are location-specific.

Conclusion

This new capability is very helpful in scenarios where you need to “move” IP addresses between different deployments, i.e. exchange the implementation of a service or provide a failover type of behavior. Reusing existing IP addresses of deployments and not having to re-deploy is a major improvement and saves lots of time.

Reserved IP addresses can be used with both IaaS VMs as well as PaaS web/worker roles. Association of reserved IPs with PaaS cloud services can also be done via service configuration files (CSCFG).

Reserving IPs and converting IPs from dynamic to reserved does not only work for public VIPs, but also for instance-level public IP addresses (PIPs) in Azure.

20 comments on “Convert Existing Dynamic VIP to Reserved IP Addresses in Azure
  1. Looks like you are the first to cover this long-awaited feature!

    I am trying to convert a dynamic IP to a reserved one. This is for a VM in a supported region, with no affinity groups (which are unsupported). Yet I get this error:

    New-AzureReservedIP : BadRequest : Cannot reserve the ip of deployment …

    Any suggestions on what I may be missing?

      • I’m getting the same error. Specifying another region gives this error:

        New-AzureReservedIP : BadRequest: The region europenorth specified for the reserved ip *snip* is diffe
        rent than the region europewest that hosted service *snip* belongs to, they need to belong to the same region.

    • Got same ” BadRequest : Cannot reserve the ip of deployment” error. So I tried it in different way via Set-AzureReservedIPAssociation and when trying this I got less cryptic error “Set-AzureReservedIPAssociation : BadRequest : This operation is not allowed on deployment/role last updated with old API version , please update deploymet/role and try again.”

      And so I did, I changed something harmless (like static IP) via Get-AzureVM … | Set-AzureStaticVNetIP … | Update-AzureVM

      After this I was able to run original New-AzureReservedIP line without isses :-)

  2. I opened a support case, and we tested various scenarios, and their conclusion was that the -ServiceName option is too good to be true: it does not work on some older systems. Which sort of defies the purpose, because if we had it set up in the last year or so, reservation would already have been possible at setup time.

    The error in these cases is:

    New-AzureReservedIP : BadRequest : Cannot reserve the ip of deployment viptest02.

    It does not seem to be specific to a region. We are experiencing this on both US East and US West, where the command works fine on newly created services (but not on existing ones).

  3. Pingback: Reserved Public IP Addresses in Microsoft Azure | TechKB.onl

  4. Thank you so much for posting this. I have spent about 3 days working on this and finally found your page and finished in minutes. Thanks again.

  5. Thanks for the great article. One question though, I have multiple virtual IP’s associated with my service (have multiple https sites hosted on VM), how do I convert dynamic VIP to static one?
    Running New-AzureReservedIP results in “ConflictError: The specified virtualIP address is already reserved and associated….”.
    Please help.

  6. Hi,

    This is a great topic! I have been wanting to do this for a long time and did not realise how easy it is with the new cmdlets!

    It did take some time to realise which ones I had to import into Powershell as I am not a huge powershell user, but once this was done, the rest was easy.

    Thanks!

  7. Interestingly, this works a treat on a recently created VM, but I have a 3 year old VM and I get an error: BadRequest : Cannot reserve the ip of deployment xxxxxxxx

    Could it be an issue with the age of teh cloud service that contains the VM instance I do want to change? I ran this last night on a new instance and was able to reserved the named instance IP no problem at all.

    I have put i on teh Azure forum and @Azure so will post if I find out more :)

    • One of the reasons you may see this error is if you have not selected the correct Azure Subscription. Check this if you have multiple Azure Subscriptions by doing a “Get-AzureSubscription” command to see all subscriptions and then a “Select-AzureSubscription -name ‘mySubscriptionName'” to select the one containing the cloud service or VM to which you wish to assign the reserved IP.

Leave a Reply to Steven Cancel reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>