Posted by on Apr 15, 2015 in #Azure | 1 comment

With Azure services you will come across a few types of IP addresses. It’s important to know the differences and capabilities when configuring your services and compute resources (worker role/web role/virtual machine).

DIP (dynamic IP address)

A DIP is an internal IP address assigned by the Azure DHCP. Once a compute resource within the cloud service has leased a DIP, it will not be dropped until the compute resource is stopped or deallocated.

The DIP can be used to communicate between compute resources internally within the cloud service. But to communicate properly via the DIP, you should assign a static DIP to the compute resource ( – known as assigning a static virtual network IP address.

Make sure that the IP address is not used by another compute resource (within the cloud service), as such would result in allocation errors.

PIP (public instance-level IP address) 

A PIP is a public IP address used for direct communication to your compute resources (instances). As of right now each Azure subscription can assign up to 5 PIPs. There’s also billing charges associated with PIPs, see

A PIP can be useful if you need to leverage a wide range of ports on your compute resource as public endpoints. If you need to configure passive FTP, a PIP is required (as passive FTP does not use a static port).

Learn how to configure a PIP here:

VIP (virtual IP address)

The VIP is a public IP address that can be used to access your compute resources externally.

Every worker role/web role/virtual machine is contained within a cloud service – and upon the creation of the cloud service, it is assigned a VIP. The VIP comes from an IP address pool managed by Microsoft.

Unless you reserve and assign your cloud service an IP address ( within the address pool, it may change (especially if all of the compute resources within the cloud service are stopped or deallocated).

At this point, you can’t assign a reserved IP address to an existing cloud service. Instead you should create a new cloud service with the reserved IP address, re-provision the virtual machine using the same disks or redeploy the cloud service package and configuration (for worker roles and web roles) in the new cloud service.

A reserved VIP is useful whenever your service is expected to always respond at the same IP address.

The VIP serves as an outer boundary for your compute resources – you can map external ports on the VIP to be forwarded and load-balanced between compute resources in the cloud service. In other words – you must configure each endpoint used by your instances in the VIP (or use a PIP to bypass the VIP), to allow any traffic through that endpoint. With that the VIP offers a secure manner of controlling the traffic to your compute resources.

This is how the different types of IP addresses could be used.


Knowing your way around the different types and capabilities helps you configure your compute resources and infrastructure effectively.

-Simon Jäger