0

For an Azure VM deployed with the classic method I need to be sure that my output IP address never change and never get translated by SNAT. As far as I know I must reserve an IP Address in order to be sure that it never change, and I need to assign an Instance Level IP in order to avoid SNAT, but how can I associate a reserved IP Address to an Instance Level IP ? (ILPIP)

I've found something similar here, but couldn't find a way to have an output address for an Azure VM that never change and never get translated.

Many thanks

Community
  • 1
mCasamento
  • 103
  • 3

2 Answers2

2

In the classic deployment model, an instance level public IP address cannot be static. They are dynamic only. Refer to the table labeled Differences between Resource Manager and classic deployments in the following link:

https://azure.microsoft.com/en-us/documentation/articles/virtual-network-ip-addresses-overview-classic/

You have not shared the specifics of your requirements, but assuming the no-NAT requirement is firm you have the following choices:

  • Use a static public IP assigned to the VM NIC in the Resource Manager deployment model
  • Remain in the classic model and plan to change DNS/other configurations if the VM has to be stopped and started again for some reason.
learley
  • 439
  • 2
  • 5
1

I've ammended this response based on my incorrect assumuption that ILIP's were static. If you want a static outbound IP with a classic deployment then you need to look at setting a reserved IP for the cloud service. By default the outbound IP of an instance is that of the IP configured for the cloud service, so the solution to your issue is to get a reserved IP for your cloud service and you are done. All your outbound traffic will use the cloud service IP and it won't change because it is reserved.

You can get an Instance Level IP for the specific VM. This will then use this IP as the outbound address, not the cloud service. However the ILIP will not keep the same IP if the machine is de-allocated and started again. If you want a persistent IP address you will need to use the cloud service method.

This all changes with V2 (resource manager) deployments where there are no cloud services and you can assign static IP's directly to VM's.

Sam Cogan
  • 38,158
  • 6
  • 77
  • 113
  • I've already put a reserved IP to the cloud service the VM belongs, but it happens (seldom but still an issue) that the port get "translated" since I'm behind the SNAT. It never happens if I activate the ILIP but I can't have such ILIP for the cloud service, am I right ? – mCasamento Mar 16 '16 at 15:55
  • @mCasamento how many IPs is your cloud service showing as having? Does it have more than 1? I've not seen an issue with a cloud service with a single IP getting different outbound addresses. – Sam Cogan Mar 17 '16 at 15:42
  • Just 1, and it always uses this one; it only happens that when I leave an ssh connection idle for a while, starting from that server, when I try to open a new one, on the receiving server it get opened with another port (21 instead of 22). the problem disappear if I use an Instance Level IP – mCasamento Mar 18 '16 at 11:44
  • @mCasamento I'm gettign confused here, you said you had issues with the IP changing, but now you are saying the port is changing. Which is it? – Sam Cogan Mar 18 '16 at 16:44
  • Sorry, I've realized that the question itself was a bit confusing. My output IP (reserved) it's always the same. it happens that if I open an SSH connection to another server, leave it idle for a while, then close and try again, than the receiving server (the one that host the SSH server) receive requests from port 21 instead of 22. Also, it happens that I can't open two SSH connections towards the same server at the same time, because one of them get "translated". The same things doesn't happens if I assign an ILPIP to the VM. – mCasamento Mar 19 '16 at 16:12