WEBVTT 0:00:02.540000 --> 0:00:07.460000 Welcome this video on private and public IP addressing and Azure networking. 0:00:07.460000 --> 0:00:11.140000 In this video, we're going to take a look at the following topics. 0:00:11.140000 --> 0:00:15.960000 We're going to start out with IP addressing in Azure, and then we're going 0:00:15.960000 --> 0:00:21.460000 to dive into Azure public IP addressing, and then we'll dive into Azure 0:00:21.460000 --> 0:00:24.560000 private IP addressing, what those options are. 0:00:24.560000 --> 0:00:28.940000 Finally, I'm going to wrap this up with a quick demonstration of Azure 0:00:28.940000 --> 0:00:33.180000 IP addressing, particularly as it relates to virtual networks and virtual 0:00:33.180000 --> 0:00:38.060000 machines. Let's go ahead and let's dive right into this. 0:00:38.060000 --> 0:00:43.100000 Now, when we talk about IP addressing, I'm really going to focus on at 0:00:43.100000 --> 0:00:46.780000 the IP addressing at the infrastructure level because it's really handled 0:00:46.780000 --> 0:00:49.760000 for you at the platform level. 0:00:49.760000 --> 0:00:53.280000 But when I'm thinking about IP addressing at the infrastructure level, 0:00:53.280000 --> 0:00:55.280000 I have a couple of things to think about. 0:00:55.280000 --> 0:00:58.440000 First of all, there's the private environment. 0:00:58.440000 --> 0:01:06.840000 The private environment really consists of a virtual network, I'm just 0:01:06.840000 --> 0:01:10.920000 going to say VNet because I'm lazy, and then subnets. 0:01:10.920000 --> 0:01:21.560000 Let's say I've got subnet one or we'll say S1, some super lazy and S2. 0:01:21.560000 --> 0:01:26.500000 Now, within these subnets, I have virtual machines, and these virtual 0:01:26.500000 --> 0:01:32.540000 machines are connected to the subnets via network interface cards. 0:01:32.540000 --> 0:01:40.100000 So, I can have, let's say, that virtual machine, so let's just say VM 0:01:40.100000 --> 0:01:55.860000 A, and this is VM B, and VM B could connect to S1 through its NIC. 0:01:55.860000 --> 0:02:00.920000 Now, in addition to that, I can have public IP addresses. 0:02:00.920000 --> 0:02:07.420000 Public IP addresses are separate. 0:02:07.420000 --> 0:02:11.600000 I decided to make that purple. 0:02:11.600000 --> 0:02:19.380000 Public IP addresses are separate resources that are connected to a NIC. 0:02:19.380000 --> 0:02:26.420000 In fact, the NIC is really the critical component when it comes to IP 0:02:26.420000 --> 0:02:36.160000 addressing. That is because every NIC has one or more IP configurations. 0:02:36.160000 --> 0:02:50.300000 Each IP configuration on a NIC includes settings for the private IP and 0:02:50.300000 --> 0:02:55.440000 optionally connection to a PIP resource. 0:02:55.440000 --> 0:03:01.360000 You can have multiple IP configs, so you can have multiple, certainly 0:03:01.360000 --> 0:03:05.420000 multiple private, multiple public IPs gets a little wonky when it comes 0:03:05.420000 --> 0:03:08.880000 to trying to do that, but you can have multiple private IPs associated 0:03:08.880000 --> 0:03:14.480000 with a single NIC, and thus associated with a single virtual machine. 0:03:14.480000 --> 0:03:19.400000 So, if you're hosting, let's say, a web server, and you've got a number 0:03:19.400000 --> 0:03:24.940000 of intranets, that's private websites that you want to have different 0:03:24.940000 --> 0:03:29.460000 IP addresses for, and different even going beyond this video, different 0:03:29.460000 --> 0:03:30.980000 DNS settings for. 0:03:30.980000 --> 0:03:34.800000 You could do that by having multiple IP addresses associated with multiple 0:03:34.800000 --> 0:03:38.900000 configurations, IP configurations with a single NIC. 0:03:38.900000 --> 0:03:42.040000 That's the only thing that's a little bit weird is that you're doing this 0:03:42.040000 --> 0:03:44.840000 configuration really at the NIC level. 0:03:44.840000 --> 0:03:46.300000 That's the key to this. 0:03:46.300000 --> 0:03:51.260000 Now, both the private IP address and the public IP address have the option 0:03:51.260000 --> 0:03:54.380000 of either being dynamic or static. 0:03:54.380000 --> 0:03:59.780000 The public IP address can only be dynamic if you use a basic public IP 0:03:59.780000 --> 0:04:04.000000 address. If you use a standard public IP address, it is by definition 0:04:04.000000 --> 0:04:07.420000 static, and that's something that's good to know. 0:04:07.420000 --> 0:04:11.200000 The standard public IP address gives you more functionality, can be used 0:04:11.200000 --> 0:04:14.740000 with availability zones, for example, and things that we're really not 0:04:14.740000 --> 0:04:18.340000 getting into right now, but just know you do have those two tiers and 0:04:18.340000 --> 0:04:22.580000 if you use the standard public IP address, it has to be static. 0:04:22.580000 --> 0:04:27.160000 For the private IP address, when you make it static, what you're really 0:04:27.160000 --> 0:04:32.420000 doing is you're really reserving it in the internal DHCP system, dynamic 0:04:32.420000 --> 0:04:40.980000 host control protocol that is internal to the Azure Virtual Network. 0:04:40.980000 --> 0:04:43.640000 And dynamic host configuration protocol, sorry. 0:04:43.640000 --> 0:04:47.760000 In any case, that's key to what we have here. 0:04:47.760000 --> 0:04:53.120000 Now, as far as the allocation of that private IP address or those private 0:04:53.120000 --> 0:04:57.220000 IP addresses, those, of course, are going to be allocated based on the 0:04:57.220000 --> 0:05:02.060000 IP address range of your subnet. 0:05:02.060000 --> 0:05:15.940000 Right? And so, you'd have, you know, 10.0.0.0. 0:05:15.940000 --> 0:05:24.340000 Or 10.0.1.0.24. They're both on the 10.0.16. 0:05:24.340000 --> 0:05:27.840000 And if I were at the VNet level to set that. 0:05:27.840000 --> 0:05:33.640000 Okay? And that is, you know, how their IP addresses are all allocated, 0:05:33.640000 --> 0:05:35.060000 of course, within that space. 0:05:35.060000 --> 0:05:38.900000 Now, there's really only one other thing that you need to know as far 0:05:38.900000 --> 0:05:45.300000 as your IP addressing, and that is that virtual machines can have multiple 0:05:45.300000 --> 0:05:54.740000 nicks. So, for example, if this VMB were a network virtual appliance, 0:05:54.740000 --> 0:05:58.820000 if I was using it as a router, I might have one nick on the S1, which 0:05:58.820000 --> 0:06:04.760000 maybe is our public subnet, and another nick that's associated with S2. 0:06:04.760000 --> 0:06:09.200000 I can have multiple nicks on the same virtual machine that are in different 0:06:09.200000 --> 0:06:14.900000 subnets, but they have to always be in the same virtual network. 0:06:14.900000 --> 0:06:21.680000 So, I cannot have a single virtual machine that has nicks that span multiple 0:06:21.680000 --> 0:06:24.820000 subnets, just our multiple virtual networks, excuse me. 0:06:24.820000 --> 0:06:27.960000 All right? So, that's really it for IP addressing. 0:06:27.960000 --> 0:06:32.760000 Remember, the public IP thing to keep in mind, that public IP is a separate 0:06:32.760000 --> 0:06:37.760000 resource. Now, let's go ahead and let's look at a few of the details. 0:06:37.760000 --> 0:06:43.680000 So, the Azure public IP address, as I mentioned, it is a standalone resource, 0:06:43.680000 --> 0:06:48.120000 and there's a number of resources that you can assign it to. 0:06:48.120000 --> 0:06:52.380000 I've been discussing this in terms of a virtual machine, which, as you 0:06:52.380000 --> 0:06:57.140000 can see, is the first of the items that it can be assigned to. 0:06:57.140000 --> 0:07:00.600000 In addition to that, though, I can use it for load balancing, whether 0:07:00.600000 --> 0:07:05.360000 I'm using an Azure load balancer or an Azure application gateway, both 0:07:05.360000 --> 0:07:08.460000 of which provide load balancing in different scenarios. 0:07:08.460000 --> 0:07:13.440000 I can also assign a public IP address to a VPN gateway. 0:07:13.440000 --> 0:07:18.020000 So, if I'm using a VPN gateway to set up a tunnel between my on-prem environment 0:07:18.020000 --> 0:07:22.260000 and my Azure environment, I can do that, and in fact, I have to do that 0:07:22.260000 --> 0:07:26.360000 with a public IP address. 0:07:26.360000 --> 0:07:30.680000 The tiers, two different tiers, there's basic, which can be static or 0:07:30.680000 --> 0:07:39.220000 dynamic. There's also standard, which is static only, and it provides 0:07:39.220000 --> 0:07:44.260000 availability zone awareness and availability zone redundancy. 0:07:44.260000 --> 0:07:50.220000 It also can be associated with a new feature called a public IP prefix. 0:07:50.220000 --> 0:07:56.180000 If you need a set of public IP addresses that are contiguous, you can 0:07:56.180000 --> 0:08:01.280000 now actually provision a resource, which is a public IP prefix, a set 0:08:01.280000 --> 0:08:07.400000 of public IPs, and then you can create your public IP address resources 0:08:07.400000 --> 0:08:11.080000 using that public IP prefix. 0:08:11.080000 --> 0:08:15.960000 So, that is standard versus basic, and if, by the way, you're using static, 0:08:15.960000 --> 0:08:19.620000 then you probably want to use standard because the cost difference is 0:08:19.620000 --> 0:08:21.540000 really completely marginal. 0:08:21.540000 --> 0:08:26.620000 Definitely look into that and just be aware what the differences are. 0:08:26.620000 --> 0:08:28.840000 Look at the pricing between basic and standard. 0:08:28.840000 --> 0:08:31.660000 There's not massive pricing difference. 0:08:31.660000 --> 0:08:34.000000 Now, what about private? 0:08:34.000000 --> 0:08:37.600000 What are some of our details with private networking? 0:08:37.600000 --> 0:08:42.820000 First of all, private networking is defined by the subnet IP address range. 0:08:42.820000 --> 0:08:46.200000 As I mentioned, you are specifying this in CIDR notation. 0:08:46.200000 --> 0:08:51.480000 If you're not familiar with it, you specify the network ID and the essentially 0:08:51.480000 --> 0:08:54.580000 network mask bits. 0:08:54.580000 --> 0:09:00.400000 In this case, in this example, I've got 10.0.0.0, but the first three 0:09:00.400000 --> 0:09:05.260000 octets, the first 24 bits are for the network. 0:09:05.260000 --> 0:09:10.360000 Now, there are, depending on how you want to count it, five IP addresses, 0:09:10.360000 --> 0:09:13.500000 and this is important, this is just absolutely standard knowledge, there 0:09:13.500000 --> 0:09:20.540000 are five IP addresses in each subnet that are not assignable, that are 0:09:20.540000 --> 0:09:27.800000 unavailable. The actual network ID itself, the broadcast ID, and the first 0:09:27.800000 --> 0:09:30.880000 three additional IP addresses. 0:09:30.880000 --> 0:09:38.240000 In the case of 10.0.0.0.0.24, I could not use 10.0.0.0. 0:09:38.240000 --> 0:09:44.840000 I cannot use 10.0.0.255 because that's the network address, the network 0:09:44.840000 --> 0:09:47.380000 address, and the broadcast address. 0:09:47.380000 --> 0:09:52.560000 I also cannot use addresses .1.2 and .3. 0:09:52.560000 --> 0:09:58.580000 And so, oftentimes, because this is a very common network addressing scheme 0:09:58.580000 --> 0:10:03.900000 in Azure, you'll see the first machine, for example, it's going to be 0:10:03.900000 --> 0:10:09.020000 10.0.0.0.4. Now, a lot of people think that 4 is the first IP address 0:10:09.020000 --> 0:10:14.340000 you can use, that's only true for a slash 24, right? 0:10:14.340000 --> 0:10:19.320000 Or if you happen to be on the zero subnet, obviously, if you are, let's 0:10:19.320000 --> 0:10:26.120000 say, if you're using a slash 25 and you're on 128, right, that, of course, 0:10:26.120000 --> 0:10:29.500000 also would not be usable. 0:10:29.500000 --> 0:10:35.180000 All right. So, again, the example for that is right there, so if I'm on 0:10:35.180000 --> 0:10:47.320000 the 10.0.0.0, you'll see that 2.51 are available. 0:10:47.320000 --> 0:10:53.440000 That also means that the smallest IP address range that you can have for 0:10:53.440000 --> 0:10:59.280000 a subnet is a slash 29, which would leave three available IP addresses. 0:10:59.280000 --> 0:11:04.240000 Your private IP addresses, as I mentioned, can be static or dynamic. 0:11:04.240000 --> 0:11:05.960000 It's very simple. 0:11:05.960000 --> 0:11:11.560000 And the whole private IP addressing is net base, right? 0:11:11.560000 --> 0:11:17.020000 And so typically what you'll see with your IP addresses in a subnet for 0:11:17.020000 --> 0:11:23.240000 your private IPs are you'll see one of the standard IP, private IP address 0:11:23.240000 --> 0:11:30.440000 ranges, right? So, 10.0.0.0 slash 8, anything under 10, 172.16 slash 12, 0:11:30.440000 --> 0:11:34.420000 or 192.168 slash 16. 0:11:34.420000 --> 0:11:40.140000 You can use what our public IP address ranges. 0:11:40.140000 --> 0:11:44.380000 Doesn't matter. However, those are not publicly routed, okay? 0:11:44.380000 --> 0:11:48.140000 So, the only reason you would ever use a public, well, I mean, I would 0:11:48.140000 --> 0:11:50.880000 think in production, certainly you could find edge cases. 0:11:50.880000 --> 0:11:55.060000 If you happen to be at an institution that has been around long enough 0:11:55.060000 --> 0:11:59.280000 that their internal IP addresses are all public IP addresses, right? 0:11:59.280000 --> 0:12:03.420000 If you wanted to stay consistent with that, then you could use public 0:12:03.420000 --> 0:12:08.660000 IP addressing for our public IP addresses for your private IP addressing. 0:12:08.660000 --> 0:12:14.020000 But again, understand, even if you're using, they are not routed, right? 0:12:14.020000 --> 0:12:19.220000 It's always in that if you want public access, you have to add a public 0:12:19.220000 --> 0:12:25.900000 IP. All right, let's take a look at Azure IP addressing. 0:12:25.900000 --> 0:12:31.140000 I have a few different virtual machines that are running right now. 0:12:31.140000 --> 0:12:35.440000 I'm just going to go into one of them and we're going to take a look at 0:12:35.440000 --> 0:12:41.800000 how to configure the IP addressing for that virtual machine, including 0:12:41.800000 --> 0:12:44.600000 the settings at the network level. 0:12:44.600000 --> 0:12:48.240000 All right, so let's go ahead and let's jump into that. 0:12:48.240000 --> 0:12:51.240000 All right, and actually what I'm going to do first is I'm going to bring 0:12:51.240000 --> 0:12:53.260000 up the network topology that I've deployed. 0:12:53.260000 --> 0:12:56.480000 I use this in a number of demos. 0:12:56.480000 --> 0:13:00.460000 I'm not going to go deep into this right now, but just so you can kind 0:13:00.460000 --> 0:13:03.940000 of get a feel for what's going on here. 0:13:03.940000 --> 0:13:10.120000 I've got a network topology where I've got a number of virtual machines. 0:13:10.120000 --> 0:13:14.300000 And I'm really going to focus on this virtual machine over here. 0:13:14.300000 --> 0:13:18.900000 Actually, I can't remember, it's either zero or one. 0:13:18.900000 --> 0:13:19.420000 I think I got one. 0:13:19.420000 --> 0:13:22.280000 It doesn't matter because they're basically configured the same. 0:13:22.280000 --> 0:13:27.060000 Each one of these has a single NIC and they're each associated with a 0:13:27.060000 --> 0:13:28.520000 public IP address. 0:13:28.520000 --> 0:13:32.320000 Now notice that the public IP address, you can see, just as I said, it's 0:13:32.320000 --> 0:13:38.500000 drawn into the NIC and all of these NICs are tied to a subnet and the 0:13:38.500000 --> 0:13:41.880000 subnet is part of a virtual network. 0:13:41.880000 --> 0:13:46.840000 And so I set at the highest level, I set my IP address range for the virtual 0:13:46.840000 --> 0:13:54.040000 network, then I segment that out by my subnet, then I go to the NIC and 0:13:54.040000 --> 0:14:00.160000 I set the configuration, including connectivity to a public IP address. 0:14:00.160000 --> 0:14:04.600000 Let's go ahead and let's take a look at this and we'll start at the network 0:14:04.600000 --> 0:14:11.360000 level. So here I have my network level and I go up here to the address 0:14:11.360000 --> 0:14:14.720000 space. Now you can actually have multiple address spaces. 0:14:14.720000 --> 0:14:19.440000 The only time I've ever used multiple address spaces is when I messed 0:14:19.440000 --> 0:14:23.220000 up and I made my subnet, I made one subnet take up the entire address 0:14:23.220000 --> 0:14:25.840000 space and I needed to add another subnet. 0:14:25.840000 --> 0:14:28.740000 So I had to add another address space. 0:14:28.740000 --> 0:14:31.480000 Generally speaking, I don't tend to have to do that, but if you need it 0:14:31.480000 --> 0:14:33.720000 for whatever reason, you can. 0:14:33.720000 --> 0:14:38.280000 Then I go down into the subnets and notice right here, I've got a default 0:14:38.280000 --> 0:14:43.080000 subnet, which is 10.1.0.0.24. 0:14:43.080000 --> 0:14:48.340000 And I can actually go in and I cannot modify this right now because it's 0:14:48.340000 --> 0:14:55.100000 being used. In fact, it's going to tell me I've got 249 available addresses. 0:14:55.100000 --> 0:14:56.600000 And it's actually pretty cool. 0:14:56.600000 --> 0:14:58.600000 I can go and even see the devices that are connected. 0:14:58.600000 --> 0:15:01.920000 So I've got two different devices that are connected. 0:15:01.920000 --> 0:15:06.260000 I've got my win server zero, NIC and my win server one, NIC. 0:15:06.260000 --> 0:15:09.120000 Let's go ahead to the NIC. 0:15:09.120000 --> 0:15:14.320000 Notice by the way, it's 10 .1.0.4 and then 10.1.0.5. 0:15:14.320000 --> 0:15:23.820000 So those are my private IP addresses for these NICs. 0:15:23.820000 --> 0:15:30.960000 I have IP configurations and I have my primary IP configuration. 0:15:30.960000 --> 0:15:35.160000 And if I go into that, I can see that it has a public IP address associated 0:15:35.160000 --> 0:15:41.780000 with it and that it is set up with dynamic private IP addressing. 0:15:41.780000 --> 0:15:45.660000 And to change that from dynamic to static, I can literally just click 0:15:45.660000 --> 0:15:49.800000 static. When you're provisioning a NIC, if you wanted to have a static 0:15:49.800000 --> 0:15:54.360000 IP address, you simply specify the IP address that you want in the definition 0:15:54.360000 --> 0:16:00.180000 of the NIC. We're going to leave that as dynamic for right now so I don't 0:16:00.180000 --> 0:16:02.240000 really want to change that up. 0:16:02.240000 --> 0:16:06.980000 And then again, we can see that public IP address and I can actually go 0:16:06.980000 --> 0:16:13.620000 all the way back to the topology and just pull up the public IP address. 0:16:13.620000 --> 0:16:16.660000 And I can see that this is a standard skew. 0:16:16.660000 --> 0:16:22.860000 I can see what the public IP address actually is and I can see what it's 0:16:22.860000 --> 0:16:23.820000 associated with. 0:16:23.820000 --> 0:16:26.580000 I can see it's the, you know, the NIC. 0:16:26.580000 --> 0:16:29.900000 And then that NIC, of course, is associated with this virtual machine. 0:16:29.900000 --> 0:16:34.220000 Meaning that I can connect to my virtual machines through this public 0:16:34.220000 --> 0:16:39.220000 IP address. Now I've been showing you zero, but zero, one, the wind server, 0:16:39.220000 --> 0:16:41.060000 zero, and one are set up the same. 0:16:41.060000 --> 0:16:46.320000 And I have connected to this server through its public IP address. 0:16:46.320000 --> 0:16:48.160000 I am in remote desktop. 0:16:48.160000 --> 0:16:52.140000 This is my wind server one and I can go and interact with it as I would 0:16:52.140000 --> 0:16:57.460000 with any machine that I've connected to via the remote desktop. 0:16:57.460000 --> 0:17:05.080000 And that is pretty much it on public and private IP addressing. 0:17:05.080000 --> 0:17:09.260000 One thing with public, if I have this queue, if it's a basic skew, then 0:17:09.260000 --> 0:17:11.740000 I have the option to make it dynamic or static. 0:17:11.740000 --> 0:17:15.940000 But in this case, because it's standard, it's only going to be static. 0:17:15.940000 --> 0:17:19.880000 So remember, you've got private IP addressing, which is associated, it's 0:17:19.880000 --> 0:17:22.820000 defined by the network and the subnet. 0:17:22.820000 --> 0:17:27.080000 It's associated with the NIC, with the IP configuration of the NIC. 0:17:27.080000 --> 0:17:31.840000 And then I've got the public IP address, which is a separate resource. 0:17:31.840000 --> 0:17:35.520000 It's its own independent resource and it is associated with typically 0:17:35.520000 --> 0:17:41.460000 a NIC, although it can also be associated with a load balancer, a application 0:17:41.460000 --> 0:17:43.380000 gateway, or a VPN gateway.