IP Address Management (IPAM) is crucial in the IT landscape for several reasons. As organisations migrate to cloud infrastructure, the complexity of managing IP addresses increases due to dynamic resource allocation and the potential for overlapping address spaces. IPAM helps streamline this process by allowing for efficient planning and organisation of IP address allocation, ensuring that each resource receives a unique address. This reduces the risk of conflicts and enhances network reliability. In this article, let me guide you with the usage of IPAM to assign IP addresses from pools to your virtual networks by using IP address management (IPAM) in Azure Virtual Network Manager.
Azure Virtual Network Manager – Azure IPAM
Azure Virtual Network Manager is a networking service in the Azure cloud that provides a tool for effective IP address management. IPAM enables cloud administrators to create and assign IP address pools to virtual networks, facilitating better management and planning of IP addresses. With this feature, you can generate pools for structured IP address allocation, automatically assign non-overlapping classless inter-domain routing (CIDR) addresses to various Azure resources, and mitigate address space conflicts across on-premises and multicloud environments. This enhances IP address management and promotes a more streamlined networking experience.
The diagram below illustrates the Azure IPAM features:
How does Azure IPAM work?
The Azure IPAM feature in Azure Virtual Network Manager consists of four key components that include:
Managing IP Address Pools: IPAM allows administrators to create and organise IP address pools, dividing larger pools into smaller child pools for better control. There are two types of pools: root pools (the entire IP range) and child pools (subsets of root or other child pools) with up to seven layers.
Allocating IP Addresses: Administrators can allocate Azure resources, such as virtual networks, to specific CIDR address pools. Static CIDRs can also be allocated, ensuring efficient management and release of IPs when resources are deleted.
Delegating Permissions: IPAM enables users to delegate permissions for controlled access to IP pools. This feature allows users to view pool usage statistics and associated resources, aiding in resource management.
Simplifying Resource Creation: When creating CIDR-supporting resources, the system automatically allocates non-overlapping CIDRs from the selected pool, ensuring integrity and preventing conflicts.
The diagram below simplifies the process of setting up Azure IPAM:
Azure IPAM – Additional Features
Managing IP Address Spaces Across Multiple Regions
We can now associate a single IPAM pool with virtual networks across multiple regions, simplifying governance and ensuring consistent CIDR allocation globally.
Automate IP Address Management with IPAM Pools
IPAM Pools in Azure Virtual Network Manager allow you to manage IP address spaces for virtual networks, helping prevent overlapping address spaces and ensuring that correct IP ranges are used. Microsoft provides a PowerShell script to create and manage VNets with IPAM pools.
Prevent Overlapping Address Spaces with Azure Policy
While Azure Virtual Network Manager aids in governance, it does not automatically prevent overlapping address spaces. We can enforce non-overlapping IP address ranges using Azure Policy alongside IPAM pools to avoid IP conflicts. To implement this feature, follow the step-by-step guide in the Microsoft article.
Configure Cross-Tenant IPAM
Managing IP addresses across multiple Azure tenants can be complex. Azure Virtual Network Manager facilitates centralised IP address management across tenants, allowing deployment of VNets in a managed tenant using IP addresses from a management tenant’s IPAM pool.
How to Create IP Pools?
- Log in to the Azure portal and select your Azure virtual network management resource.
- If you don’t have a network manager instance, create one; please refer to Create a network manager instance.
- In the left menu, select IP address pools under IP address management.
- Select + Create to create a new IP address pool.
- In the Create an IP address pool window, enter the information for the name and description of the IP address pool. This pool will be a root or parent IP Pool. Click next.
- Enter the IP address information for the parent pool. Example: 10.10.0.0/16. Click next and click create.
After we create a new IPAM Pool, you can see which VNets can be associated with it. Click the pool association recommendation under the settings page. The image below shows that a single VNet can be associated with a newly created IPAM pool, and that the IP addresses of other virtual networks do not match those in IPAM.
We can associate the highlighted VNET with the IPAM pool, and need to create a new IPAM Pool for other IP addresses. The existing IPAM pool cannot be expanded to include new or additional IP addresses.
Associate a virtual network with an IP address pool
As the next step, we can associate an existing virtual network with an IPAM IP address pool from the Allocations settings.
- Go to your network manager resource and select your IP address pool.
- Click Allocations under Settings. There will be no allocations.
3. In the Allocations window, choose Associate resources to add a CIDR to a virtual network.
4. Select the virtual networks you want to link to the IP address pool, then click Select.
5. Verify that the virtual network is listed.
Create a VNET with an association of an IP address pool
- Create a new Virtual network from the existing IPAM pool. Click Create a new VNET and provide the required information, such as name, resource group and subscription. Click next.
2. On the IP address space page, select allocate using IP address pools. A new window opens, and select the existing IPAM pool and edit the VNET space and subnet name as required. In my example, I have selected an IPAM pool from a different region. My IPAM pool is located in Australia East, and VNET is created in the Australia Southeast region. This helps manage cross-region IP allocations.
3. Click Review and Create.
IPAM pool usage and allocations are available on the IP pool’s allocation page.
That’s the end of the blog, which showcases the usage of Azure IPAM. Furthermore, with the growing trend of multicloud deployments, effective IPAM solutions facilitate consistency and visibility across diverse environments, enabling seamless integration and management of cloud resources. Ultimately, IPAM is essential for maintaining network integrity and optimising resource utilisation in the cloud.
Santhosh has over 19 years of experience in the IT organisation. Working as a Cloud Architect and has a wide range of expertise in Microsoft technologies, with a specialisation in public & private cloud services for enterprise customers. My varied background includes work in cloud computing, virtualisation, storage, networks, automation and DevOps.
