Multiple Public IP Addresses on Azure Cloud Services

Until Ignite last week, we’ve been limited to 1 public IP address (also known as Virtual IP or VIP) per cloud service in Microsoft Azure – but that’s no longer the case! Microsoft finally added the possibility to assign multiple VIPs to the same cloud service, which is sometimes needed for different purposes.

Companies – in the SMB market – I work with usually don’t need multiple cloud services, but so far they’ve had to do this if they wanted 2 or more instances running an application which needs the same port open externally, and doesn’t support Load Balancing (yes, they do exists). When using multiple cloud services to do this, they can’t create availability sets, and therefore can’t get a SLA from Microsoft or leverage upgrade/fault domains – do I have to say how bad that is? 🙂

I’m tempted to say “as usual” when new, advanced features are announced in Azure, we have to use PowerShell for this. It’s actually pretty easy:

Start by adding a new IP:

[powershell]Add-AzureVirtualIP -VirtualIPName VIP1 -ServiceName VIPService[/powershell]

Associate an endpoint with your cloud service (and VM):

[powershell]Get-AzureVM -ServiceName VIPService -Name VIPVM1 | Add-AzureEndpoint -Name HTTPS -Protocol TCP -LocalPort 443 -PublicPort 443 -VirtualIPName VIP1 | Update-AzureVM[/powershell]

If you want to use load balancing on the endpoint, add the -LoadBalancedEndpointSetName to Add-AzureEndpoint cmdlet:

[powershell]Get-AzureVM -ServiceName VIPService -Name VIPVM1 | Add-AzureEndpoint -Name HTTPS -LoadBalancedEndpointSetName VIPLB -Protocol TCP -LocalPort 443 -PublicPort 443 -VirtualIPName VIP1 -DefaultProbe | Update-AzureVM
Get-AzureVM -ServiceName VIPService -Name VIPVM2 | Add-AzureEndpoint -Name HTTPS -LoadBalancedEndpointSetName VIPLB -Protocol TCP -LocalPort 443 -PublicPort 443 -VirtualIPName VIP1 -DefaultProbe | Update-AzureVM[/powershell]

To remove an IP use this cmdlet:
[powershell]Remove-AzureVirtualIP -VirtualIPName VIP1 -ServiceName VIPService[/powershell]

During my testing of the feature I’ve found that you can’t stop a VM, if it has endpoints from an extra IP assigned to it. It will simply fail telling you:
Stop-AzureVM : BadRequest : Port 443 is already in use by one of the endpoints in this deployment. Ensure that the port numbers are unique across endpoints within a deployment.

I’ve reached out to the Azure networking team and asked if this is by design or a mistake. I don’t think the error describes the situation, so I would expect some changes here.

One comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s