Azure: Difference between IPv4 and IPv6 single IPs versus bundle

Question

I want to assign public IPs to my services (IPv4 and IPv6 are needed) but I can choose to either:

• Assign a dedicated IPv4 Address
• Assign a dedicated IPv6 Address
• Assign a bundle - of an IPv4 and IPv6 Address...

As I need both I'd like to know what's the benefit of assigning them one by one or together... Are there any disadvantages in case I am choosing one?

And did I miss somewhere the point to assign a public IPv6 directly to a machine? In my case I had to first assign a local IPv6 address to the machine and then to add the IPv6 to it - basically a NAT, which feels not correct...

Maybe someone can help me on this.... Thanks in advance, Sebastian

Answer 1

Assign as many IP addresses and routes as needed to get traffic where you need it to go. Assume the external facing service addresses should be dual stack.

Azure's dual stack load balancer examples tend to have public IPs on the LB and private on the backend. Taking an example from Azure's docs, 2a01:111:f100:3000::a83e:19c3 from Azure's public range, and fd00:db8:deca:deed::4 from a unique ULA /48 you generated.

No NAT required for v6. Connections to 2a01:111:f100:3000::a83e:19c3 are routed via the internet to Azure, then terminate on the LB. New connections are proxied to the backend fd00:db8:deca:deed::4. Although, as it is a proxy, the backend could just as easily been a v4 RFC 1918 address, or a v6 public address. Within Azure, if you have a route to the vnet, you also can connect directly to the backend host.

Should you wish to connect directly to an instance, assign it public IPv6 address. This can be in addition to other IP addresses it has.

Quirks:

• As far as I know, a VM must be assigned at least one v4 address.
• Some Azure documentation screenshots incorrectly use unallocated IPv6 ranges. Use ULA for private v6 space.