Geek Answers Handbook

Azure Reserved IP Address

I tried to find the answer to this question for several days.

I want to host a new azure website at the Basic or Standard level.

The site will call a third-party service.

I need to provide this service provider with an IP address that they will be white. Therefore, when a new azure website makes requests for this service, the IP address for the request should always be the same as it will be the IP address of white.

I read that Azure offers “Reserved IPs” for cloud services and virtual machines, but I wanted to know if something like this could be done with Azure Websites, since I really don't want to go with the cloud / VM.

My networking knowledge is limited, but as far as I understand, if I received the SSL SSL certificate and applied it to my Azure Website, then the website would have a static IP address.

If so, will any requests to a third-party service remove the external firewall of the service providers using the same static IP?

Thanks for any advice people can give.

+8
azure azure-web-sites static-ip-address
source share
4 answers

The SSL certificate with the websites will be tied to the incoming IP address. However, websites do not provide a static outbound IP address.

If you need a static IP address to negotiate with third-party services, you will need something that resides in Azure (e.g. application layer) running on the cloud service / virtual private network that your website accesses, and then The application layer (with a static IP address) communicates with third-party services.

+8
source share

As David Makogon points out, using an IP-based SSL certificate gives the website a static inbound IP address.

However, the outgoing IP address used by the website in outgoing network calls can be determined based on where your website is hosted. Microsoft has a list of these IP addresses here . The third-party service will have to redirect all IP addresses used by the scaling unit that hosts your website (for example, waws-prod-am2-005).

+7
source share

Correct me if I am wrong, but the information shared by Brant Bobby above shows that in fact:

All Azure websites (/ Web Apps) already have an accessible and published outbound IP address.

This outbound IP address will never be unique to their own site. Therefore, you need to keep in mind if they use it for a white list, this will allow many other Azure visitors to be placed on the same scale.

Just enter the so-called name "scale units" for your site, which matches what is indicated on your FTP address of your site (etc.), which is in the format: " waws-prod-[3LetterVar]-[3DigitNum] ", for example. waws-prod-blu-007 .

As an example from this article, all Azure websites in the eastern region of the USA can find four IP addresses on which their site can rely as follows (so, if there is a white list, all 4 must be white):

Eastern region of the USA

Outgoing IP addresses for each block of the scale, currently 4 for each. They said that in the future they may add more IP addresses for each unit of the scale, but they should not change.

waws-prod-blu-001 : 168.62.48.13, 168.62.48.19, 168.62.48.33, 168.62.48.122

waws-prod-blu-003 : 137.117.81.128, 137.117.81.142, 137.117.81.181, 137.117.81.82

waws-prod-blu-005 : 137.117.80.189, 137.117.81.52, 137.117.81.90, 137.117.80.178

waws-prod-blu-007 : 23.96.33.205, 23.96.34.196, 23.96.35.20, 23.96.36.229

waws-prod-blu-009 : 23.96.97.203, 23.96.97.233, 23.96.97.235, 23.96.97.238

waws-prod-blu-011 : 23.96.112.60, 23.96.112.117, 23.96.112.152, 23.96.112.15

waws-prod-blu-013 : 191.238.8.154, 191.238.9.80, 191.238.9.94, 191.238.9.170

waws-prod-blu-015 : 191.236.19.222, 191.236.19.242, 191.236.21.165, 191.236.18.160

waws-prod-blu-017 : 191.238.32.104, 191.238.32.154, 191.238.34.67, 191.238.35.12

waws-prod-blu-019 : 104.45.138.197, 104.45.142.87, 104.45.128.144, 104.45.142.131

waws-prod-blu-021 : 191.237.24.189, 191.237.30.36, 191.237.26.164, 191.237.28.161

waws-prod-blu-023 : 191.236.50.206, 191.237.30.215, 191.237.25.148, 191.237.22.195

waws-prod-blu-025 : 191.237.31.86, 191.237.26.176, 191.237.20.70, 191.237.18.239

+6
source share

Azure now also supports static outbound IP.

https://azure.microsoft.com/en-us/documentation/articles/app-service-app-service-environment-intro/

If we don’t want to use the more expensive setup of the App Service environment, we can directly use the outgoing IP addresses specified on the Azure portal in the properties section, Azure guarantees that it remains 99.9% static. Nothing changes until there is some change in the data center. Moreover, the reserved Ip that we use in IaaS is also not 100% reserved for us, but the azure one provides 99.9% SLA here. So, in my opinion, instead of going to the ASE and hosting the IaaS and using the reserved IP address, we can just use the outgoing Ip provided by azure, since we get the same reliability in both cases.

+1
source share

More articles:


All Articles