From adfe00fb91313aa63df210e75b8b003d8f377185 Mon Sep 17 00:00:00 2001 From: "Will St. Germain IV" Date: Thu, 17 Jul 2025 08:48:20 -0600 Subject: [PATCH 1/4] Update public-ip-address-prefix.md I added a line to the VM, but in a couple of cases we have seen customers demand that any access to their network has to be with public IP space. To facilitate this in Azure we create the Public IP prefix, add it to the VNET, associate it with the Subnet, Assign it to the VM. BGP Routing will then send the prefix to the gateway and allow internal routing of the range. --- .../virtual-network/ip-services/public-ip-address-prefix.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/articles/virtual-network/ip-services/public-ip-address-prefix.md b/articles/virtual-network/ip-services/public-ip-address-prefix.md index 477d53c290f04..08540f52774b2 100644 --- a/articles/virtual-network/ip-services/public-ip-address-prefix.md +++ b/articles/virtual-network/ip-services/public-ip-address-prefix.md @@ -49,7 +49,7 @@ You can associate the following resources to a static public IP address from a p |Resource|Scenario|Steps| |---|---|---| -|Virtual machines| Associating public IPs from a prefix to your virtual machines in Azure reduces management overhead when adding IP addresses to an allowlist in the firewall. You can add an entire prefix with a single firewall rule. As you scale with virtual machines in Azure, you can associate IPs from the same prefix saving cost, time, and management overhead.| To associate IPs from a prefix to your virtual machine:
1. [Create a prefix.](manage-public-ip-address-prefix.md)
2. [Create an IP from the prefix.](manage-public-ip-address-prefix.md)
3. [Associate the IP to your virtual machine's network interface.](./virtual-network-network-interface-addresses.md#add-ip-addresses)
You can also [associate the IPs to a Virtual Machine Scale Set](https://azure.microsoft.com/resources/templates/vmss-with-public-ip-prefix/). +|Virtual machines| Associating public IPs from a prefix to your virtual machines in Azure reduces management overhead when adding IP addresses to an allowlist in the firewall. You can add an entire prefix with a single firewall rule. As you scale with virtual machines in Azure, you can associate IPs from the same prefix saving cost, time, and management overhead.| To associate IPs from a prefix to your virtual machine:
1. [Create a prefix.](manage-public-ip-address-prefix.md)
2. [Create an IP from the prefix.](manage-public-ip-address-prefix.md)
3. [Associate the IP to your virtual machine's network interface.](./virtual-network-network-interface-addresses.md#add-ip-addresses)
You can also [associate the IPs to a Virtual Machine Scale Set](https://azure.microsoft.com/resources/templates/vmss-with-public-ip-prefix/). In the event you'll need the public IP address to be available to route internally, the Public IP Prefix can be added to the VNET, [link](https://learn.microsoft.com/en-us/azure/virtual-network/how-to-multiple-prefixes-subnet?tabs=powershell), and then assigend to the Virtual Machine as an IP address from a subnet that the VM participates in. | Standard load balancers | Associating public IPs from a prefix to your frontend IP configuration or outbound rule of a load balancer ensures simplification of your Azure public IP address space. Simplify your scenario by grooming outbound connections from a range of contiguous IP addresses. | To associate IPs from a prefix to your load balancer:
1. [Create a prefix.](manage-public-ip-address-prefix.md)
2. [Create an IP from the prefix.](manage-public-ip-address-prefix.md)
3. When creating the load balancer, select or update the IP created in step 2 above as the frontend IP of your load balancer. | | Azure Firewall | You can use a public IP from a prefix for outbound SNAT. All outbound virtual network traffic is translated to the [Azure Firewall](../../firewall/overview.md?toc=%2fazure%2fvirtual-network%2ftoc.json) public IP. | To associate an IP from a prefix to your firewall:
1. [Create a prefix.](manage-public-ip-address-prefix.md)
2. [Create an IP from the prefix.](manage-public-ip-address-prefix.md)
3. When you [deploy the Azure firewall](../../firewall/tutorial-firewall-deploy-portal.md?toc=%2fazure%2fvirtual-network%2ftoc.json#create-a-virtual-network), be sure to select the IP you previously gave from the prefix.| | VPN Gateway (AZ SKU), Application Gateway v2, NAT Gateway | You can use a public IP from a prefix for your gateway | To associate an IP from a prefix to your gateway:
1. [Create a prefix.](manage-public-ip-address-prefix.md)
2. [Create an IP from the prefix.](manage-public-ip-address-prefix.md)
3. When you deploy the [VPN Gateway](../../vpn-gateway/tutorial-create-gateway-portal.md), [Application Gateway](../../application-gateway/quick-create-portal.md#create-an-application-gateway), or [NAT Gateway](../nat-gateway/quickstart-create-nat-gateway-portal.md), be sure to select the IP you previously gave from the prefix.| From 00d21856940019e57cd14e9bfe956eeae2478189 Mon Sep 17 00:00:00 2001 From: "Will St. Germain IV" Date: Fri, 18 Jul 2025 09:13:48 -0600 Subject: [PATCH 2/4] Update articles/virtual-network/ip-services/public-ip-address-prefix.md Co-authored-by: Michael Bender <102542398+mbender-ms@users.noreply.github.com> --- .../virtual-network/ip-services/public-ip-address-prefix.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/articles/virtual-network/ip-services/public-ip-address-prefix.md b/articles/virtual-network/ip-services/public-ip-address-prefix.md index 08540f52774b2..68e4e41455544 100644 --- a/articles/virtual-network/ip-services/public-ip-address-prefix.md +++ b/articles/virtual-network/ip-services/public-ip-address-prefix.md @@ -49,7 +49,7 @@ You can associate the following resources to a static public IP address from a p |Resource|Scenario|Steps| |---|---|---| -|Virtual machines| Associating public IPs from a prefix to your virtual machines in Azure reduces management overhead when adding IP addresses to an allowlist in the firewall. You can add an entire prefix with a single firewall rule. As you scale with virtual machines in Azure, you can associate IPs from the same prefix saving cost, time, and management overhead.| To associate IPs from a prefix to your virtual machine:
1. [Create a prefix.](manage-public-ip-address-prefix.md)
2. [Create an IP from the prefix.](manage-public-ip-address-prefix.md)
3. [Associate the IP to your virtual machine's network interface.](./virtual-network-network-interface-addresses.md#add-ip-addresses)
You can also [associate the IPs to a Virtual Machine Scale Set](https://azure.microsoft.com/resources/templates/vmss-with-public-ip-prefix/). In the event you'll need the public IP address to be available to route internally, the Public IP Prefix can be added to the VNET, [link](https://learn.microsoft.com/en-us/azure/virtual-network/how-to-multiple-prefixes-subnet?tabs=powershell), and then assigend to the Virtual Machine as an IP address from a subnet that the VM participates in. +|Virtual machines| Associating public IPs from a prefix to your virtual machines in Azure reduces management overhead when adding IP addresses to an allowlist in the firewall. You can add an entire prefix with a single firewall rule. As you scale with virtual machines in Azure, you can associate IPs from the same prefix saving cost, time, and management overhead.| To associate IPs from a prefix to your virtual machine:
1. [Create a prefix.](manage-public-ip-address-prefix.md)
2. [Create an IP from the prefix.](manage-public-ip-address-prefix.md)
3. [Associate the IP to your virtual machine's network interface.](./virtual-network-network-interface-addresses.md#add-ip-addresses)
You can also [associate the IPs to a Virtual Machine Scale Set](https://azure.microsoft.com/resources/templates/vmss-with-public-ip-prefix/). In the event you'll need the public IP address to be available to route internally, the [Public IP Prefix can be added to the VNET](./how-to-multiple-prefixes-subnet.md), and then assigned to the Virtual Machine as an IP address from a subnet that the VM participates in. | Standard load balancers | Associating public IPs from a prefix to your frontend IP configuration or outbound rule of a load balancer ensures simplification of your Azure public IP address space. Simplify your scenario by grooming outbound connections from a range of contiguous IP addresses. | To associate IPs from a prefix to your load balancer:
1. [Create a prefix.](manage-public-ip-address-prefix.md)
2. [Create an IP from the prefix.](manage-public-ip-address-prefix.md)
3. When creating the load balancer, select or update the IP created in step 2 above as the frontend IP of your load balancer. | | Azure Firewall | You can use a public IP from a prefix for outbound SNAT. All outbound virtual network traffic is translated to the [Azure Firewall](../../firewall/overview.md?toc=%2fazure%2fvirtual-network%2ftoc.json) public IP. | To associate an IP from a prefix to your firewall:
1. [Create a prefix.](manage-public-ip-address-prefix.md)
2. [Create an IP from the prefix.](manage-public-ip-address-prefix.md)
3. When you [deploy the Azure firewall](../../firewall/tutorial-firewall-deploy-portal.md?toc=%2fazure%2fvirtual-network%2ftoc.json#create-a-virtual-network), be sure to select the IP you previously gave from the prefix.| | VPN Gateway (AZ SKU), Application Gateway v2, NAT Gateway | You can use a public IP from a prefix for your gateway | To associate an IP from a prefix to your gateway:
1. [Create a prefix.](manage-public-ip-address-prefix.md)
2. [Create an IP from the prefix.](manage-public-ip-address-prefix.md)
3. When you deploy the [VPN Gateway](../../vpn-gateway/tutorial-create-gateway-portal.md), [Application Gateway](../../application-gateway/quick-create-portal.md#create-an-application-gateway), or [NAT Gateway](../nat-gateway/quickstart-create-nat-gateway-portal.md), be sure to select the IP you previously gave from the prefix.| From 49b5960656f7c21c7ebba41760dabfdda8bcab07 Mon Sep 17 00:00:00 2001 From: "Will St. Germain IV" Date: Fri, 18 Jul 2025 12:39:02 -0600 Subject: [PATCH 3/4] Update articles/virtual-network/ip-services/public-ip-address-prefix.md Co-authored-by: Michael Bender <102542398+mbender-ms@users.noreply.github.com> --- .../virtual-network/ip-services/public-ip-address-prefix.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/articles/virtual-network/ip-services/public-ip-address-prefix.md b/articles/virtual-network/ip-services/public-ip-address-prefix.md index 68e4e41455544..393c6b9449373 100644 --- a/articles/virtual-network/ip-services/public-ip-address-prefix.md +++ b/articles/virtual-network/ip-services/public-ip-address-prefix.md @@ -49,7 +49,7 @@ You can associate the following resources to a static public IP address from a p |Resource|Scenario|Steps| |---|---|---| -|Virtual machines| Associating public IPs from a prefix to your virtual machines in Azure reduces management overhead when adding IP addresses to an allowlist in the firewall. You can add an entire prefix with a single firewall rule. As you scale with virtual machines in Azure, you can associate IPs from the same prefix saving cost, time, and management overhead.| To associate IPs from a prefix to your virtual machine:
1. [Create a prefix.](manage-public-ip-address-prefix.md)
2. [Create an IP from the prefix.](manage-public-ip-address-prefix.md)
3. [Associate the IP to your virtual machine's network interface.](./virtual-network-network-interface-addresses.md#add-ip-addresses)
You can also [associate the IPs to a Virtual Machine Scale Set](https://azure.microsoft.com/resources/templates/vmss-with-public-ip-prefix/). In the event you'll need the public IP address to be available to route internally, the [Public IP Prefix can be added to the VNET](./how-to-multiple-prefixes-subnet.md), and then assigned to the Virtual Machine as an IP address from a subnet that the VM participates in. +|Virtual machines| Associating public IPs from a prefix to your virtual machines in Azure reduces management overhead when adding IP addresses to an allowlist in the firewall. You can add an entire prefix with a single firewall rule. As you scale with virtual machines in Azure, you can associate IPs from the same prefix saving cost, time, and management overhead.| To associate IPs from a prefix to your virtual machine:
1. [Create a prefix.](manage-public-ip-address-prefix.md)
2. [Create an IP from the prefix.](manage-public-ip-address-prefix.md)
3. [Associate the IP to your virtual machine's network interface.](./virtual-network-network-interface-addresses.md#add-ip-addresses)
You can also [associate the IPs to a Virtual Machine Scale Set](https://azure.microsoft.com/resources/templates/vmss-with-public-ip-prefix/). In the event you'll need the public IP address to be available to route internally, the [Public IP Prefix can be added to the VNET](./how-to-multiple-prefixes-subnet), and then assigned to the Virtual Machine as an IP address from a subnet that the VM participates in. | Standard load balancers | Associating public IPs from a prefix to your frontend IP configuration or outbound rule of a load balancer ensures simplification of your Azure public IP address space. Simplify your scenario by grooming outbound connections from a range of contiguous IP addresses. | To associate IPs from a prefix to your load balancer:
1. [Create a prefix.](manage-public-ip-address-prefix.md)
2. [Create an IP from the prefix.](manage-public-ip-address-prefix.md)
3. When creating the load balancer, select or update the IP created in step 2 above as the frontend IP of your load balancer. | | Azure Firewall | You can use a public IP from a prefix for outbound SNAT. All outbound virtual network traffic is translated to the [Azure Firewall](../../firewall/overview.md?toc=%2fazure%2fvirtual-network%2ftoc.json) public IP. | To associate an IP from a prefix to your firewall:
1. [Create a prefix.](manage-public-ip-address-prefix.md)
2. [Create an IP from the prefix.](manage-public-ip-address-prefix.md)
3. When you [deploy the Azure firewall](../../firewall/tutorial-firewall-deploy-portal.md?toc=%2fazure%2fvirtual-network%2ftoc.json#create-a-virtual-network), be sure to select the IP you previously gave from the prefix.| | VPN Gateway (AZ SKU), Application Gateway v2, NAT Gateway | You can use a public IP from a prefix for your gateway | To associate an IP from a prefix to your gateway:
1. [Create a prefix.](manage-public-ip-address-prefix.md)
2. [Create an IP from the prefix.](manage-public-ip-address-prefix.md)
3. When you deploy the [VPN Gateway](../../vpn-gateway/tutorial-create-gateway-portal.md), [Application Gateway](../../application-gateway/quick-create-portal.md#create-an-application-gateway), or [NAT Gateway](../nat-gateway/quickstart-create-nat-gateway-portal.md), be sure to select the IP you previously gave from the prefix.| From 0b0300a19f7377a7bf82bf77d5256dbebef439d1 Mon Sep 17 00:00:00 2001 From: Courtney Wales <62625502+Court72@users.noreply.github.com> Date: Tue, 29 Jul 2025 14:38:39 -0600 Subject: [PATCH 4/4] Apply suggestions from PR review Co-authored-by: Michael Bender <102542398+mbender-ms@users.noreply.github.com> --- .../virtual-network/ip-services/public-ip-address-prefix.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/articles/virtual-network/ip-services/public-ip-address-prefix.md b/articles/virtual-network/ip-services/public-ip-address-prefix.md index 393c6b9449373..5dcd58e6919b2 100644 --- a/articles/virtual-network/ip-services/public-ip-address-prefix.md +++ b/articles/virtual-network/ip-services/public-ip-address-prefix.md @@ -49,7 +49,7 @@ You can associate the following resources to a static public IP address from a p |Resource|Scenario|Steps| |---|---|---| -|Virtual machines| Associating public IPs from a prefix to your virtual machines in Azure reduces management overhead when adding IP addresses to an allowlist in the firewall. You can add an entire prefix with a single firewall rule. As you scale with virtual machines in Azure, you can associate IPs from the same prefix saving cost, time, and management overhead.| To associate IPs from a prefix to your virtual machine:
1. [Create a prefix.](manage-public-ip-address-prefix.md)
2. [Create an IP from the prefix.](manage-public-ip-address-prefix.md)
3. [Associate the IP to your virtual machine's network interface.](./virtual-network-network-interface-addresses.md#add-ip-addresses)
You can also [associate the IPs to a Virtual Machine Scale Set](https://azure.microsoft.com/resources/templates/vmss-with-public-ip-prefix/). In the event you'll need the public IP address to be available to route internally, the [Public IP Prefix can be added to the VNET](./how-to-multiple-prefixes-subnet), and then assigned to the Virtual Machine as an IP address from a subnet that the VM participates in. +|Virtual machines| Associating public IPs from a prefix to your virtual machines in Azure reduces management overhead when adding IP addresses to an allowlist in the firewall. You can add an entire prefix with a single firewall rule. As you scale with virtual machines in Azure, you can associate IPs from the same prefix saving cost, time, and management overhead.| To associate IPs from a prefix to your virtual machine:
1. [Create a prefix.](manage-public-ip-address-prefix.md)
2. [Create an IP from the prefix.](manage-public-ip-address-prefix.md)
3. [Associate the IP to your virtual machine's network interface.](./virtual-network-network-interface-addresses.md#add-ip-addresses)
You can also [associate the IPs to a Virtual Machine Scale Set](https://azure.microsoft.com/resources/templates/vmss-with-public-ip-prefix/). In the event you'll need the public IP address to be available to route internally, the [Public IP Prefix can be added to the VNET](../how-to-multiple-prefixes-subnet.md), and then assigned to the Virtual Machine as an IP address from a subnet that the VM participates in. | Standard load balancers | Associating public IPs from a prefix to your frontend IP configuration or outbound rule of a load balancer ensures simplification of your Azure public IP address space. Simplify your scenario by grooming outbound connections from a range of contiguous IP addresses. | To associate IPs from a prefix to your load balancer:
1. [Create a prefix.](manage-public-ip-address-prefix.md)
2. [Create an IP from the prefix.](manage-public-ip-address-prefix.md)
3. When creating the load balancer, select or update the IP created in step 2 above as the frontend IP of your load balancer. | | Azure Firewall | You can use a public IP from a prefix for outbound SNAT. All outbound virtual network traffic is translated to the [Azure Firewall](../../firewall/overview.md?toc=%2fazure%2fvirtual-network%2ftoc.json) public IP. | To associate an IP from a prefix to your firewall:
1. [Create a prefix.](manage-public-ip-address-prefix.md)
2. [Create an IP from the prefix.](manage-public-ip-address-prefix.md)
3. When you [deploy the Azure firewall](../../firewall/tutorial-firewall-deploy-portal.md?toc=%2fazure%2fvirtual-network%2ftoc.json#create-a-virtual-network), be sure to select the IP you previously gave from the prefix.| | VPN Gateway (AZ SKU), Application Gateway v2, NAT Gateway | You can use a public IP from a prefix for your gateway | To associate an IP from a prefix to your gateway:
1. [Create a prefix.](manage-public-ip-address-prefix.md)
2. [Create an IP from the prefix.](manage-public-ip-address-prefix.md)
3. When you deploy the [VPN Gateway](../../vpn-gateway/tutorial-create-gateway-portal.md), [Application Gateway](../../application-gateway/quick-create-portal.md#create-an-application-gateway), or [NAT Gateway](../nat-gateway/quickstart-create-nat-gateway-portal.md), be sure to select the IP you previously gave from the prefix.|