Search code examples
asp.net-mvcazureazure-cloud-servicesstatic-ip-address

Reserved IP address for Azure Cloud Service not working

I am trying to assign a reserved IP address to a cloud service. I need this feature to restrict the IP access to the database (and NO i do not want to allow all azure nodes this access), and I also have to access external API's for which I need to have a static IP.

So far I have created a cloud service solution and added a MVC Web Role to the solution. Using the Azure Powershell, i have obtained an IP address (success verified by using GetAzureReservedIP) and have updated the configuration file ServiceConfiguration.cloud.cscfg. 

<?xml version="1.0" encoding="utf-8"?>
<ServiceConfiguration serviceName="TestApp" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceConfiguration" osFamily="4" osVersion="*" schemaVersion="2014-06.2.4">
  <Role name="MvcWebRole">
    <Instances count="1" />
    <ConfigurationSettings>
      <Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" value="DefaultEndpointsProtocol=https;AccountName=XYZ;AccountKey=XYZ" />
    </ConfigurationSettings>
  </Role>
  <NetworkConfiguration>
    <AddressAssignments>
      <ReservedIPs>
        <ReservedIP name="MyReservedIP"/>
      </ReservedIPs>
    </AddressAssignments>
  </NetworkConfiguration>
</ServiceConfiguration>

(Obviously, I have made sure that the name of the IP address is exactly the same as shown in GetAzureReservedIP.)

Using this configuration, I have deployed the solution to a new cloud service, but it did not receive the expected IP adress. I am using Visual Studio 2012 and the Azure SDK 2.4. I deploy to Azure from Visual Studio by selecting Build -> Publish to Azure, where I create new cloud services and select the "Cloud" Service Configuration.

Edit I can see that the IP adress is not used for outgoing traffic because the database cannot be accessed (only allowed for the one IP address) and my requests to external webservices are blocked. The management portal shows that another IP address is used.

Solution

  • Based on my personal use experience on AZure , if you try to assign reserved IP on cloud service with vip , it won't work . You can assign to a new cloud service or a cloud service without any deployment (vip not yet allocated ).

    Also beware there is limitation on reserved Ip on affinity group based cloud service , you may have below issue in this case:

    New-AzureVM : BadRequest : The deployment contains VirtualNetwork DemoVNET that belongs to an Affinity Group and ReservedIP that belongs to a region. This combination is not allowed.

    ref : http://azure.microsoft.com/blog/2014/05/14/reserved-ip-addresses/