Windows Azure application VM and (virtual) IP Address

  • Article

Time to time, I get involved with our Windows Azure partners to discussion IP address configuration in Windows Azure Virtual Machine so I decided to write this article to point out most of the configuration:

 

  • When you have your application running in Windows Azure, your application gets a virtual IP address from a pool of available virtual IP address. This IP address is what you see when you ping to your service or this is the one single IP address used by all of your instances sitting behind the load balancer.
  • For example let’s assume you have two instance of your application.
    • When both the instance are starting, each one get its own internal IP address
      • Let’s assume 10.0.0.1 and 10.0.0.2
    • These internal IP address related with each instances are linked with your application Virtual IP address, i.e. 65.52.14.112
    • Finally both 10.0.0.1 and 10.0.02 IP address are bind to Load balancer over VIP 65.52.14.112
    • So when any outside request comes to your application, it first come to Windows Azure load balancer. Load balancer knows all the instances related with your application and depend on load balancing algorithm load balancer route the outside connection to appropriate instance.
  • In nutshell, when your VM starts, the VIP is used to bind with Load balancer. So if you have only 1 instance or multiple instances of the same service, Load Balancer knows how to route your call to appropriate instance. for outside world it does not matter which interal IP address was used with which specific instance.
  • Even when you have more than 1 instance, the VIP which is associated with your service will be one single Virtual IP Address, This is the same address, which will available to each of your input endpoint as configured to your service. For example:
    • If your Service shows VIP 65.52.14.112
    • The if you have Web Role enabled on port 80 then you will see input endpoint as - 65.52.14.112:80
    • For SSL enabled web role, the input endpoint will be listed as - 65.52.14.112:443
    • For RDP enabled virtual machine will have input endpoint as 65.52.14.112:3389
  • If you have RDP enabled in your application, and login into your virtual machine, IP address you will see will be the internal IP address. If you have more than 1 instance, each instance will have its own internal IP address. But please be sure that the IP address you could see inside your virtual machine is not accessible to outside world. The outside world connect to your service only through the Virtual IP address.
  • If you have any requirement to use your application IP address to either add in your firewall exception list or any other reason, you can just use the VIP. This also remain true for SQL Azure also.
  • As long as you don’t delete your service, the VIP will remain same. So if you have any requirement to keep your VIP intact, be sure to do not delete your deployment while updating and you can guarantee to keep the IP address intact.