|
| 1 | +--- |
| 2 | +title: Create a custom IPv6 address prefix |
| 3 | +titleSuffix: Azure Virtual Network |
| 4 | +description: Learn about how to create a custom IPv6 address prefix using Azure PowerShell |
| 5 | +author: asudbring |
| 6 | +ms.service: virtual-network |
| 7 | +ms.subservice: ip-services |
| 8 | +ms.topic: how-to |
| 9 | +ms.date: 03/31/2022 |
| 10 | +ms.author: allensu |
| 11 | +--- |
| 12 | +# Create a custom IPv6 address prefix using Azure PowerShell |
| 13 | + |
| 14 | +A custom IPv6 address prefix enables you to bring your own IPv6 ranges to Microsoft and associate it to your Azure subscription. The range would continue to be owned by you, though Microsoft would be permitted to advertise it to the Internet. A custom IP address prefix functions as a regional resource that represents a contiguous block of customer owned IP addresses. |
| 15 | + |
| 16 | +The steps in this article detail the process to: |
| 17 | + |
| 18 | +* Prepare a range to provision |
| 19 | + |
| 20 | +* Provision the range for IP allocation |
| 21 | + |
| 22 | +* Enable the range to be advertised by Microsoft |
| 23 | + |
| 24 | +## Differences between using BYOIPv4 and BYOIPv6 |
| 25 | + |
| 26 | +> [!IMPORTANT] |
| 27 | +> Onboarded custom IPv6 address prefixes are have several unique attributes which make them different than custom IPv4 address prefixes. |
| 28 | +
|
| 29 | +* Custom IPv6 prefixes use a "parent"/"child" model, where the global (parent) range is advertised by the Microsoft Wide Area Network (WAN) and the regional (child) range(s) are advertised by their respective region(s). Note that global ranges must be /48 in size, while regional ranges must always be /64 size. |
| 30 | + |
| 31 | +* Only the global range needs to be validated using the steps detailed in the [Create Custom IP Address Prefix](create-custom-ip-address-prefix-portal.md) articles. The regional ranges are derived from the global range in a similar manner to the way public IP prefixes are derived from custom IP prefixes. |
| 32 | + |
| 33 | +* Public IPv6 prefixes must be derived from the regional ranges. Only the first 2048 IPv6 addresses of each regional /64 custom IP prefix can be utilized as valid IPv6 space. Attempting to create public IPv6 prefixes that span beyond this will result in an error. |
| 34 | + |
| 35 | +## Prerequisites |
| 36 | + |
| 37 | +- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F). |
| 38 | +- Azure PowerShell installed locally or Azure Cloud Shell. |
| 39 | +- Sign in to Azure PowerShell and ensure you've selected the subscription with which you want to use this feature. For more information, see [Sign in with Azure PowerShell](/powershell/azure/authenticate-azureps). |
| 40 | +- Ensure your Az.Network module is 4.21.0 or later. To verify the installed module, use the command Get-InstalledModule -Name "Az.Network". If the module requires an update, use the command Update-Module -Name "Az.Network" if necessary. |
| 41 | +- A customer owned IP range to provision in Azure. |
| 42 | + - A sample customer range (2a05:f500:2::/48) is used for this example. This range won't be validated by Azure. Replace the example range with yours. |
| 43 | + |
| 44 | +If you choose to install and use PowerShell locally, this article requires the Azure PowerShell module version 5.4.1 or later. Run `Get-Module -ListAvailable Az` to find the installed version. If you need to upgrade, see [Install Azure PowerShell module](/powershell/azure/install-Az-ps). If you're running PowerShell locally, you also need to run `Connect-AzAccount` to create a connection with Azure. |
| 45 | + |
| 46 | +> [!NOTE] |
| 47 | +> For problems encountered during the provisioning process, please see [Troubleshooting for custom IP prefix](manage-custom-ip-address-prefix.md#troubleshooting-and-faqs). |
| 48 | +
|
| 49 | +## Pre-provisioning steps |
| 50 | + |
| 51 | +To utilize the Azure BYOIP feature, you must perform and number of steps prior to the provisioning of your IPv6 address range. Please refer to the [IPv4 instructions](create-custom-ip-address-prefix-powershell.md#pre-provisioning-steps) for details. Note all these steps should be completed for the IPv6 global (parent) range. |
| 52 | + |
| 53 | +## Provisioning for IPv6 |
| 54 | + |
| 55 | +The following steps display the modified steps for provisioning a sample global (parent) IPv6 range (2a05:f500:2::/48) and regional (child) IPv6 ranges. Note that some of the steps have been abbreviated or condensed from the [IPv4 instructions](create-custom-ip-address-prefix-powershell.md) to focus on the differences between IPv4 and IPv6. |
| 56 | + |
| 57 | +### Create a resource group and specify the prefix and authorization messages |
| 58 | + |
| 59 | +Create a resource group in the desired location for provisioning the global range resource. |
| 60 | + |
| 61 | +> [!IMPORTANT] |
| 62 | +> Although the resource for the global range will be associated with a region, the prefix will be advertised by the Microsoft WAN globally. |
| 63 | +
|
| 64 | + ```azurepowershell-interactive |
| 65 | +$rg =@{ |
| 66 | + Name = 'myResourceGroup' |
| 67 | + Location = 'WestUS2' |
| 68 | +} |
| 69 | +New-AzResourceGroup @rg |
| 70 | +``` |
| 71 | + |
| 72 | +### Provision a global custom IPv6 address prefix |
| 73 | + |
| 74 | +The following command creates a custom IP prefix in the specified region and resource group. Specify the exact prefix in CIDR notation as a string to ensure there's no syntax error. (The `-AuthorizationMessage` and `-SignedMessage` parameters are constructed in the same manner as they are for IPv4; for more information, see [Create a custom IP prefix - PowerShell](create-custom-ip-address-prefix-powershell.md).) Note that no zonal properties are provided because the global range isn't associated with any particular region (and therefore no regional availability zones). |
| 75 | + |
| 76 | + ```azurepowershell-interactive |
| 77 | +$prefix =@{ |
| 78 | + Name = 'myCustomIPv6GlobalPrefix' |
| 79 | + ResourceGroupName = 'myResourceGroup' |
| 80 | + Location = 'WestUS' |
| 81 | + CIDR = '2a05:f500:2::/48' |
| 82 | + AuthorizationMessage = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx|2a05:f500:2::/48|yyyymmdd' |
| 83 | + SignedMessage = $byoipauthsigned |
| 84 | +} |
| 85 | +$myCustomIpPrefix = New-AzCustomIPPrefix @prefix |
| 86 | +``` |
| 87 | + |
| 88 | +### Provision a regional custom IPv6 address prefix |
| 89 | + |
| 90 | +After the global custom IP prefix is in a **Provisioned** state, regional custom IP prefixes can be created. These ranges must always be of size /64 to be considered valid. The ranges can be created in any region (it doesn't need to be the same as the global custom IP prefix), keeping in mind any geolocation restrictions associated with the original global range. The "children" custom IP prefixes will be advertised locally from the region they are created in. Because the validation is only done for global custom IP prefix provision, no Authorization or Signed message is required. (Because these ranges will be advertised from a specific region, zones can be utilized.) |
| 91 | + |
| 92 | + ```azurepowershell-interactive |
| 93 | +$prefix =@{ |
| 94 | + Name = 'myCustomIPv6RegionalPrefix' |
| 95 | + ResourceGroupName = 'myResourceGroup' |
| 96 | + Location = 'EastUS2' |
| 97 | + CIDR = '2a05:f500:2:1::/64' |
| 98 | +} |
| 99 | +$myCustomIpPrefix = New-AzCustomIPPrefix @prefix -Zone 1,2,3 |
| 100 | +``` |
| 101 | +Similar to IPv4 custom IP prefixes, after the regional custom IP prefix is in a **Provisioned** state, public IP prefixes can be derived from the regional custom IP prefix. These public IP prefixes and any public IP addresses derived from them can be attached to networking resources, though they are not yet being advertised. |
| 102 | + |
| 103 | +> [!IMPORTANT] |
| 104 | +> Public IPv6 prefixes derived from regional custom IPv6 prefixes can only utilize the first 2048 IPs of the /64 range. |
| 105 | +
|
| 106 | +### Commission the custom IPv6 address prefixes |
| 107 | + |
| 108 | +When commissioning custom IPv6 prefixes, the global and regional prefixes are treated separately. In other words, commissioning a regional custom IPv6 prefix isn't connected to commissioning the global custom IPv6 prefix. |
| 109 | + |
| 110 | +:::image type="content" source="./media/create-custom-ip-address-prefix-ipv6/any-region-prefix.png" alt-text="Diagram of custom IPv6 prefix showing parent prefix and child prefixes across multiple regions."::: |
| 111 | + |
| 112 | +The safest strategy for range migrations is as follows: |
| 113 | +1. Provision all required regional custom IPv6 prefixes in their respective regions. Create public IPv6 prefixes and public IP addresses and attach to resources. |
| 114 | +2. Commission each regional custom IPv6 prefix and test connectivity to the IPs within the region. Repeat for each regional custom IPv6 prefix. |
| 115 | +3. After all regional custom IPv6 prefixes (and derived prefixes/IPs) have been verified to work as expected, commission the global custom IPv6 prefix, which will advertise the larger range to the Internet. |
| 116 | + |
| 117 | +Using the example ranges above, the command sequence would be: |
| 118 | + |
| 119 | +```azurepowershell-interactive |
| 120 | +Update-AzCustomIpPrefix -ResourceId $myCustomIPv6RegionalPrefix.Id -Commission |
| 121 | +``` |
| 122 | +Followed by: |
| 123 | + |
| 124 | +```azurepowershell-interactive |
| 125 | +Update-AzCustomIpPrefix -ResourceId $myCustomIPv6GlobalPrefix.Id -Commission |
| 126 | +``` |
| 127 | + |
| 128 | +It is possible to commission the global custom IPv6 prefix prior to the regional custom IPv6 prefixes; however, note that this will mean the global range is being advertised to the Internet before the regional prefixes are ready, so this is not recommended for migrations of active ranges. Additionally, it is possible to decommission a global custom IPv6 prefix while there are still active (commissioned) regional custom IPv6 prefixes or to decommission a regional custom IP prefix while the global prefix is still active (commissioned). |
| 129 | + |
| 130 | +## Next steps |
| 131 | + |
| 132 | +- To learn about scenarios and benefits of using a custom IP prefix, see [Custom IP address prefix (BYOIP)](custom-ip-address-prefix.md). |
| 133 | + |
| 134 | +- For more information on managing a custom IP prefix, see [Manage a custom IP address prefix (BYOIP)](manage-custom-ip-address-prefix.md). |
0 commit comments