none
PublicIP Pools for Azure Stack - Different networks and/or different network carriers RRS feed

  • Question

  • Hi All,

    We are currently exploring a possibility of exposing Azure Stack to different networks than just Internet.

    The problem we are facing is that Public IP Pools are just added to a Pool and you cannot differentiate from neither a tenant nor an admin perspective which IP Pool from Public IP Pools you allocate to your Services.

    To illustrate the problem further:

    Public IP Pool is set as follows:

    Pool 1: 65.x.x.x/26 range

    Pool 2: 75.x.x.x/26 range

     

    To the best of my knowledge you cannot specify which IP you will be given, it looks like it assigns it at random so within the same Resource Group your VMs at random can get an IP from Pool 1 or Pool 2.

    If all of the IPs are from the Internet, then it is not a massive problem but if we wanted to have tenants that can provision services to a network like PSN, Janet etc… how would we go about it?

    The issue technically speaking also is problematic when we think about the Internet itself as we would like to be able to give tenants an ability to provision from specific IP Pool for resiliency. In this example we would provision Pool 1 from one network carrier, and Pool 2 from another so we do not put all eggs in one basket.

     

    I looked at Azure Policy Management to accomplish that as there is nothing in the API and/or any documentation that mentions how to “select” IP Pool, or only allow specific IP Pool inside Network Quota and/or Plan/Offer/Subscription.

     

    Has anyone else come across this problem and maybe can shed some light regarding this?

     

    Cheers,

    Chris

    Monday, June 25, 2018 10:31 PM

Answers

  • Azure Stack has no capability that will allow you to deterministically allocate a Puplic IP Address from a specific pool.  With that said, I wil say that it's not totally random either.  Azure Stack will provision the addresses from each pool in order, and once it goes through all the addresses in a given pool, it will begin allocating from that pool (assuming that you've added another IP Pool that is!).

    We're looking into how we might provide supoprt for multiple VIP Pools as there is no API support in Azure for this, but it may be something it's possible to do "behind the scenes".  The scenario you're describing sounds a little diffrerent from ones I've heard before in which the Cloud Service Provider wants to be able to assing a given VIP pool to a particular tenant so they always get VIPs from that pool.  You're scenario sounds like you want to be able to have each tenant allocate from multiple pools deterministically.  Is that the case? 

    Wednesday, June 27, 2018 5:27 PM

All replies

  • Hello Chris,

    Question: Are you configuring this on an ASDK or ASIS?

     

    Note: The ASDK has limitted networking functionaluty.

     

    You cannot specifciy diffenrent Public IP pools for tenant deployments but there are options in Datacenter Inegration for configuring tenant connectivity to the internet and On-Premises/Corp Network.  

     

    Please see the followoing for specifics:

    Network integration

    Border connectivity

    Edge firewall scenario

    Enterprise intranet or perimeter network firewall scenario

    General Azure Stack integration considerations

     

    Public infrastructure network

    This /27 network is the small range from the Azure Stack infrastructure subnet mentioned earlier, it does not require public IP addresses, but it does require internet access through a NAT or Transparent Proxy. This network will be allocated for the Emergency Recovery Console System (ERCS), the ERCS VM requires internet access during registration to Azure and during infrastructure backups. The ERCS VM should be routable to your management network for troubleshooting purposes.

     

    Public VIP network

    The Public VIP Network is assigned to the network controller in Azure Stack. It’s not a logical network on the switch. The SLB uses the pool of addresses and assigns /32 networks for tenant workloads. On the switch routing table, these /32 IPs are advertised as an available route via BGP. This network contains the external-accessible or public IP addresses. The Azure Stack infrastructure reserves the first 31 addresses from this Public VIP Network while the remainder is used by tenant VMs. The network size on this subnet can range from a minimum of /26 (64 hosts) to a maximum of /22 (1022 hosts), we recommend that you plan for a /24 network

     

    Network integration planning is an important prerequisite for successful Azure Stack integrated systems deployment, operation, and management. Border connectivity planning begins by choosing whether or not to use dynamic routing with border gateway protocol (BGP). This requires assigning a 16-bit BGP autonomous system number (public or private) or using static routing, where a static default route is assigned to the border devices.

      

    Let us know how it goes.

     

    We apologize for any inconvenience and appreciate your time and interest in Azure Stack.

    If you continue experience any issues with ASDK release, feel free to contact us.

           

     Thanks

    Gary Gallanes

    Tuesday, June 26, 2018 1:06 AM
    Moderator
  • Azure Stack has no capability that will allow you to deterministically allocate a Puplic IP Address from a specific pool.  With that said, I wil say that it's not totally random either.  Azure Stack will provision the addresses from each pool in order, and once it goes through all the addresses in a given pool, it will begin allocating from that pool (assuming that you've added another IP Pool that is!).

    We're looking into how we might provide supoprt for multiple VIP Pools as there is no API support in Azure for this, but it may be something it's possible to do "behind the scenes".  The scenario you're describing sounds a little diffrerent from ones I've heard before in which the Cloud Service Provider wants to be able to assing a given VIP pool to a particular tenant so they always get VIPs from that pool.  You're scenario sounds like you want to be able to have each tenant allocate from multiple pools deterministically.  Is that the case? 

    Wednesday, June 27, 2018 5:27 PM
  • Hi Scott,

    VIP Pools is just one idea that would be nice to have but ultimately I want to be able to select Public IP Pool at creation of resource - as simple and as difficult as that...

    There is an API from a Provider Admin to list IP Pools GUIDs and all the details etc...

    "All" we need to do is expose that feature to tenants to select that GUID/Name so that the Pool of IPs it will provision will match said GUID/Name.

    Without knowing how it is all coded behind the scenes, to me it is super easy and simple to do :-)

    Thursday, June 28, 2018 9:34 AM
  • I there any update on this question.

    We have added an ip pool (10.25.15.1/24) near the public ip pool and now i want to assign an ip from that new ip pool to an Azure Stack VM. We want to use it for our backup solution by assigning an ip address from the new added pool to the VSA VM (CommVault) on Azure Stack.

    Azure Stack version: 1.1907.12.44

    Kind Regards,

    Arie Heukels

      


    Tuesday, August 20, 2019 2:33 PM