Azure Public IP Availability Zone
Overview
After you’ve developed the requirements for your application, the next step is to build resiliency and availability into it.
Each Availability Zone has a distinct power source, network, and cooling. Deploying resource across Availability Zones helps to protect an application against datacenter-wide failures. You could also apply redundancy across regions to guard against a regional outage. In general, there’s a tradeoff between greater redundancy and reliability versus higher costs and complexity.
Azure public IP address is Azure resource, can be associated with application gateway or load balancer, so this sounds a simple question, is Azure public IP zone redundant?
MS document says standard SKU public IP “Can be zone-redundant (advertized from all 3 zones) or zonal (can be created zonal and guaranteed in a specific availability zone). ”
However depends on API version, the syntax for zone redundancy option is different. As of 02/20/2021, Azure portal PIP properties blade shows the zone information for standard sku pip.
In this article, we will explore public IP creation and lookup the zone configuration.
Demonstration
We are going to create the list of public IP, and check its zone redundancy configuration.
pip-portal
From Azure portal, when select standard SKU, zone redundancy is selected by default.
After public IP is created, from portal, zone redundancy property shows all three zones
You may also use api version 2020–08–01 or newer to query the public IP.
The response confirms that this public IP is across all three zones.
(In case you need to know how to get access token in order to be authenticated to call Azure management API, please refer to https://cloudjourney.medium.com/aad-resource-owner-password-credentials-5fddef49cb4d)
pip-ps
If you try following code which is documented exactly in MS document, it might fail.
## Variables for the command ##
$rg = 'ronniepersonal'
$loc = 'eastus2'
$pubIP = 'pip-ps'
$sku = 'Standard'
$alloc = 'Static'
$zone = 1,2,3New-AzPublicIpAddress -ResourceGroupName $rg -Name $pubIP -Location $loc -AllocationMethod $alloc -SKU $sku -zone $zoneWARNING: Upcoming breaking changes in the cmdlet ‘New-AzPublicIpAddress’ :
Default behaviour of Zone will be changed
Cmdlet invocation changes :
Old Way : Sku = Standard means the Standard Public IP is zone-redundant.
New Way : Sku = Standard and Zone = {} means the Standard Public IP has no zones. If you want to create a zone-redundant Public IP address, please specify all the zones in the region. For example, Zone = [‘1’, ‘2’, ‘3’].
Note : Go to https://aka.ms/azps-changewarnings for steps to suppress this breaking change warning, and other information on breaking changes in Azure PowerShell.
New-AzPublicIpAddress : Resource /subscriptions/b85657bc-5f32–4693–9c19–1ea6ecf9049a/resourceGroups/ronniepersonal/providers/Microsoft.Network/publicIPAddresses/pip-ps has 3 zones specified. Only one zone can be specified
for this resource.
StatusCode: 400
ReasonPhrase: Bad Request
ErrorCode: ResourceCannotHaveMultipleZonesSpecified
ErrorMessage: Resource /subscriptions/b85657bc-5f32–4693–9c19–1ea6ecf9049a/resourceGroups/ronniepersonal/providers/Microsoft.Network/publicIPAddresses/pip-ps has 3 zones specified. Only one zone can be specified for this
resource.
OperationID : 194edc46-a05f-4b5c-b181-e3fb32983016
At line:1 char:1
+ New-AzPublicIpAddress -ResourceGroupName $rg -Name $pubIP -Location $ …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [New-AzPublicIpAddress], NetworkCloudException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Network.NewAzurePublicIpAddressCommand
By running in DEBUG mode, more information is provided. The powershell command call 2020–07–01 api version, which does not accept 1,2,3 zone input. This Powershell command does not have apiversion option, so we won’t be able to indicate to use the latest API version.
New-AzPublicIpAddress -ResourceGroupName $rg -Name $pubIP -Location $loc -AllocationMethod $alloc -SKU $sku -zone $zone -debugHTTP Method:
PUTAbsolute Uri:
https://management.azure.com/subscriptions/<subscription id>/resourceGroups/ronniepersonal/providers/Microsoft.Network/publicIPAddresses/pip-ps?api-version=2020-07-01Headers:
x-ms-client-request-id : 7c927df6–3d84–42d3–9920-d43e6d43e4c6
accept-language : en-USBody:
{
“sku”: {
“name”: “Standard”
},
“properties”: {
“publicIPAllocationMethod”: “Static”,
“ipTags”: []
},
“zones”: [
“1”,
“2”,
“3”
],
“location”: “eastus”
Now, let’s create public IP WITHOUT zone option, the public IP is successfully created.
New-AzPublicIpAddress -ResourceGroupName $rg -Name $pubIP -Location $loc -AllocationMethod $alloc -SKU $sku
When check the zone configuration using 2020–08–01 API, it’s confirmed that this public IP is across all three zones.
pip-ps-zonal
No matter it’s latest API or order version API, they both support to create zone redundant and zonal public IP. Now, we add zone option, and indicate the public IP will be created in zone 1. The resource is created successfully. The template from portal also confirm the zone configuration.
$pubIP = 'pip-ps-zonal'
$sku = 'Standard'
$alloc = 'Static'
$zone = 1New-AzPublicIpAddress -ResourceGroupName $rg -Name $pubIP -Location $loc -AllocationMethod $alloc -SKU $sku -zone $zone
Create Public IP — ARM Template
In this ARM template, we use latest API version, and omit zones property, it ends up creating a public IP without zone. (yes, no zone, sounds confusing, meaning, not across three AZs, not pinned to a specific zone)
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"pip_name": {
"defaultValue": "pip-arm-latest-api-no-zone",
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Network/publicIPAddresses",
"apiVersion": "2020-08-01",
"name": "[parameters('pip_name')]",
"location": "eastus",
"sku": {
"name": "Standard"
},
"properties": {
"publicIPAddressVersion": "IPv4",
"publicIPAllocationMethod": "Static",
"idleTimeoutInMinutes": 4,
"ipTags": []
}
}
]
}
Conclusion
No matter which API version, we are able to create public IP across availability zones, or pin to one zone.
However API version 2020–08–01 introduces breaking change, so plan well when migrate to newer version, and build resiliency consistently.