Merge pull request #260022 from mbender-ms/pr/mbender-ms/259664-4

ip services - Update for Private IP address allocation wording

Author: v-dirichards

articles/virtual-network/ip-services/private-ip-addresses.md

@@ -4,7 +4,7 @@ titlesuffix: Azure Virtual Network
 description: Learn about private IP addresses in Azure.
 author: mbender-ms
 ms.author: mbender
-ms.date: 08/24/2023
+ms.date: 12/01/2023
 ms.service: virtual-network
 ms.subservice: ip-services
 ms.topic: conceptual
@@ -38,25 +38,32 @@ Azure reserves the first four addresses in each subnet address range. The addres
 
 There are two methods in which a private IP address is given:
 
-- **Dynamic**: Azure assigns the next available unassigned or unreserved IP address in the subnet's address range. For example, Azure assigns 10.0.0.10 to a new resource, if addresses 10.0.0.4-10.0.0.9 are already assigned to other resources. 
+### Dynamic allocation
 
-    Dynamic is the default allocation method. Once assigned, dynamic IP addresses are released if a network interface is:
-    
-    * Deleted
+Azure assigns the next available unassigned or unreserved IP address in the subnet's address range. While this is normally the next sequentially available address, there's no guarantee that the address will be the next one in the range. For example, if addresses 10.0.0.4-10.0.0.9 are already assigned to other resources, the next IP address assigned is most likely 10.0.0.10. However, it could be any address between 10.0.0.10 and 10.0.0.254. If a specific Private IP address is required for a resource, you should use a static private IP address.
 
-    * Reassigned to a different subnet within the same virtual network.
+Dynamic is the default allocation method. Once assigned, dynamic IP addresses are released if a network interface is:
 
-    * The allocation method is changed to static, and a different IP address is specified. 
-    
-    By default, Azure assigns the previous dynamically assigned address as the static address when you change the allocation method from dynamic to static.
+* Deleted
 
-- **Static**: You select and assign any unassigned or unreserved IP address in the subnet's address range. 
+* Reassigned to a different subnet within the same virtual network.
 
-    For example, a subnet's address range is 10.0.0.0/16 and addresses 10.0.0.4-10.0.0.9 are assigned to other resources. You can assign any address between 10.0.0.10 - 10.0.255.254. Static addresses are only released if a network interface is deleted. 
-    
-    Azure assigns the static IP as the dynamic IP when the allocation method is changed. The reassignment occurs even if the address isn't the next available in the subnet. The address changes when the network interface is assigned to a different subnet.
-    
-    To assign the network interface to a different subnet, you change the allocation method from static to dynamic. Assign the network interface to a different subnet, then change the allocation method back to static. Assign an IP address from the new subnet's address range.
+* The allocation method is changed to static, and a different IP address is specified. 
+
+By default, Azure assigns the previous dynamically assigned address as the static address when you change the allocation method from dynamic to static.
+
+### Static allocation
+
+With static allocation, you select and assign any unassigned or unreserved IP address in the subnet's address range. 
+
+For example, a subnet's address range is 10.0.0.0/16 and addresses 10.0.0.4-10.0.0.9 are assigned to other resources. You can assign any address between 10.0.0.10 - 10.0.255.254. Static addresses are only released if a network interface is deleted. 
+
+Azure assigns the static IP as the dynamic IP when the allocation method is changed. The reassignment occurs even if the address isn't the next available in the subnet. The address changes when the network interface is assigned to a different subnet.
+
+To assign the network interface to a different subnet, you change the allocation method from static to dynamic. Assign the network interface to a different subnet, then change the allocation method back to static. Assign an IP address from the new subnet's address range.
+
+> [!NOTE]
+> When requesting a private IP address, the allocation is not deterministic or sequential. There are no guarantees the next allocated IP address will utilize the next sequential IP address or use previously deallocated addresses. If a specific Private IP address is required for a resource, you should consider using a static private IP address.
     
 ## Virtual machines
 

articles/virtual-network/ip-services/virtual-network-network-interface-addresses.md

@@ -2,7 +2,7 @@
 title: Configure IP addresses for an Azure network interface
 description: Learn how to add, change, and remove private and public IP addresses for a network interface.
 services: virtual-network
-ms.date: 08/24/2023
+ms.date: 12/01/2023
 ms.author: mbender
 author: mbender-ms
 ms.service: virtual-network
@@ -36,7 +36,7 @@ The account you log into, or connect to Azure with, must be assigned to the [net
 
 ## Add IP addresses
 
-You can add as many [private](#private) and [public](#public) [IPv4](#ipv4) addresses as necessary to a network interface, within the limits listed in the [Azure limits](../../azure-resource-manager/management/azure-subscription-service-limits.md#azure-resource-manager-virtual-networking-limits) article. You can add a private IPv6 address to one [secondary IP configuration](#secondary) (as long as there are no existing secondary IP configurations) for an existing network interface. Each network interface may have at most one IPv6 private address. You can optionally add a public IPv6 address to an IPv6 network interface configuration. See [IPv6](#ipv6) for details about using IPv6 addresses.
+You can add as many [private](#private) and [public](#public) [IPv4](#ipv4) addresses as necessary to a network interface, within the limits listed in the [Azure limits](../../azure-resource-manager/management/azure-subscription-service-limits.md#azure-resource-manager-virtual-networking-limits) article. You can add a private IPv6 address to one [secondary IP configuration](#secondary) (as long as there are no existing secondary IP configurations) for an existing network interface. Each network interface can have one IPv6 private address. You can optionally add a public IPv6 address to an IPv6 network interface configuration. See [IPv6](#ipv6) for details about using IPv6 addresses.
 
 # [**Portal**](#tab/nic-address-portal)
 
@@ -96,7 +96,7 @@ az network nic ip-config create --resource-group myResourceGroup --name myIpConf
 
 ## Change IP address settings
 
-You may need to change the allocation method of an IPv4 address, change the static IPv4 address, or change the public IP address associated with a network interface. Place a virtual machine into the stopped (deallocated) state before changing the private IPv4 address of a secondary IP configuration associated with the secondary network interface. To learn more, see [primary and secondary network interfaces](../../virtual-network/virtual-network-network-interface-vm.md)).
+Situations arise where you need to change the allocation method of an IPv4 address, change the static IPv4 address, or change the public IP address associated with a network interface. Place a virtual machine into the stopped (deallocated) state before changing the private IPv4 address of a secondary IP configuration associated with the secondary network interface. To learn more, see [primary and secondary network interfaces](../../virtual-network/virtual-network-network-interface-vm.md)).
 
 # [**Portal**](#tab/nic-address-portal)
 
@@ -191,18 +191,18 @@ az network nic ip-config delete --resource-group myResourceGroup --name myIpConf
 Each network interface is assigned one primary IP configuration. A primary IP configuration:
 
 - Has a [private](#private) [IPv4](#ipv4) address assigned to it. You can't assign a private [IPv6](#ipv6) address to a primary IP configuration.
-- May also have a [public](#public) IPv4 address assigned to it. You can't assign a public IPv6 address to a primary (IPv4) IP configuration. 
+- Can have a [public](#public) IPv4 address assigned to it. You can't assign a public IPv6 address to a primary (IPv4) IP configuration. 
 
 ### Secondary
 
-In addition to a primary IP configuration, a network interface may have zero or more secondary IP configurations assigned to it. A secondary IP configuration:
+In addition to a primary IP configuration, a network interface can have zero or more secondary IP configurations assigned to it. A secondary IP configuration:
 
-- Must have a private IPv4 or IPv6 address assigned to it. If the address is IPv6, the network interface can only have one secondary IP configuration. If the address is IPv4, the network interface may have multiple secondary IP configurations assigned to it. To learn more about how many private and public IPv4 addresses can be assigned to a network interface, see the [Azure limits](../../azure-resource-manager/management/azure-subscription-service-limits.md#azure-resource-manager-virtual-networking-limits).
-- May also have a public IPv4 or IPv6 address assigned to it. Assigning multiple IPv4 addresses to a network interface is helpful in scenarios such as:
+- Must have a private IPv4 or IPv6 address assigned to it. If the address is IPv6, the network interface can only have one secondary IP configuration. If the address is IPv4, the network interface can have multiple secondary IP configurations assigned to it. To learn more about how many private and public IPv4 addresses can be assigned to a network interface, see the [Azure limits](../../azure-resource-manager/management/azure-subscription-service-limits.md#azure-resource-manager-virtual-networking-limits).
+- Can have a public IPv4 or IPv6 address assigned to it. Assigning multiple IPv4 addresses to a network interface is helpful in scenarios such as:
   - Hosting multiple websites or services with different IP addresses and TLS/SSL certificates on a single server.
   - A virtual machine serving as a network virtual appliance, such as a firewall or load balancer.
   - The ability to add any of the private IPv4 addresses for any of the network interfaces to an Azure Load Balancer back-end pool. In the past, only the primary IPv4 address for the primary network interface could be added to a back-end pool. To learn more about how to load balance multiple IPv4 configurations, see [Load balancing multiple IP configurations](../../load-balancer/load-balancer-multiple-ip.md). 
-  - The ability to load balance one IPv6 address assigned to a network interface. To learn more about how to load balance to a private IPv6 address, see [Load balance IPv6 addresses](../../load-balancer/load-balancer-ipv6-overview.md).
+  - The ability to load balance one IPv6 address assigned to a network interface. To learn more about load balancing a private IPv6 address, see [Load balance IPv6 addresses](../../load-balancer/load-balancer-ipv6-overview.md).
 
 ## Address types
 
@@ -219,11 +219,11 @@ There are scenarios where it's necessary to manually set the IP address of a net
 1. Ensure that the virtual machine is receiving a primary IP address from the Azure DHCP servers. Don't set this address in the operating system if running a Linux VM.
 2. Delete the IP configuration to be changed.
 3. Create a new IP configuration with the new address you would like to set.
-4. [Manually configure](virtual-network-multiple-ip-addresses-portal.md#os-config) the secondary IP addresses within the operating system (and also the primary IP address within Windows) to match what you set within Azure. Don't manually set the primary IP address in the OS network configuration on Linux, or it may not be able to connect to the Internet when the configuration is re-loaded.
-5. Re-load the network configuration on the guest operating system. This can be done by rebooting the system, or by running 'nmcli con down "System eth0 && nmcli con up "System eth0"' in Linux systems running NetworkManager.
+4. [Manually configure](virtual-network-multiple-ip-addresses-portal.md#os-config) the secondary IP addresses within the operating system (and also the primary IP address within Windows) to match what you set within Azure. Don't manually set the primary IP address in the OS network configuration on Linux, or it may not be able to connect to the Internet when the configuration is reloaded.
+5. Reload the network configuration on the guest operating system. This can be done by rebooting the system, or by running 'nmcli con down "System eth0 && nmcli con up "System eth0"' in Linux systems running NetworkManager.
 6. Verify the networking set-up is as desired. Test connectivity for all IP addresses of the system.
 
-By following the previous steps, the private IP address assigned to the network interface within Azure, and within a virtual machine's operating system, remain the same. To keep track of which virtual machines within your subscription that you've manually set IP addresses within an operating system for, consider adding an Azure [tag](../../azure-resource-manager/management/tag-resources.md) to the virtual machines. You might use "IP address allocation: Static", for example. This way, you can easily find the virtual machines within your subscription that you've manually set the IP address for within the operating system.
+By following the previous steps, the private IP address assigned to the network interface within Azure, and within a virtual machine's operating system, remain the same. To keep track of virtual machines in your subscription that have manually set IP addresses within an operating system for, consider adding an Azure [tag](../../azure-resource-manager/management/tag-resources.md) to the virtual machines. You might use "IP address allocation: Static", for example. This way, you can easily find the virtual machines within your subscription that you've manually set the IP address for within the operating system.
 
 In addition to enabling a virtual machine to communicate with other resources within the same, or connected virtual networks, a private IP address also enables a virtual machine to communicate outbound to the Internet. Outbound connections are source network address translated by Azure to an unpredictable public IP address. To learn more about Azure outbound Internet connectivity, see [Azure outbound Internet connectivity](../../load-balancer/load-balancer-outbound-connections.md). You can't communicate inbound to a virtual machine's private IP address from the Internet. If your outbound connections require a predictable public IP address, associate a public IP address resource to a network interface.
 
@@ -245,14 +245,14 @@ Public and private IP addresses are assigned using one of the following allocati
 Dynamic private IPv4 and IPv6 (optionally) addresses are assigned by default.
 
 - **Public only**: Azure assigns the address from a range unique to each Azure region. You can download the list of ranges (prefixes) for the Azure [Public](https://www.microsoft.com/download/details.aspx?id=56519), [US government](https://www.microsoft.com/download/details.aspx?id=57063), [China](https://www.microsoft.com/download/details.aspx?id=57062), and [Germany](https://www.microsoft.com/download/details.aspx?id=57064) clouds. The address can change when a virtual machine is stopped (deallocated), then started again. You can't assign a public IPv6 address to an IP configuration using either allocation method.
-- **Private only**: Azure reserves the first four addresses in each subnet address range, and doesn't assign the addresses. Azure assigns the next available address to a resource from the subnet address range. For example, if the subnet's address range is 10.0.0.0/16, and addresses 10.0.0.4-10.0.0.14 are already assigned (.0-.3 are reserved), Azure assigns 10.0.0.15 to the resource. Dynamic is the default allocation method. Once assigned, dynamic IP addresses are only released if a network interface is deleted, assigned to a different subnet within the same virtual network, or the allocation method is changed to static, and a different IP address is specified. By default, Azure assigns the previous dynamically assigned address as the static address when you change the allocation method from dynamic to static. 
-
+- **Private only**: Azure reserves the first four addresses in each subnet address range, and doesn't assign the addresses. Azure assigns the next available unassigned or unreserved IP address in the subnet's address range. While this is normally the next sequentially available address, there's no guarantee that the address will be the next one in the range. For example, if the subnet's address range is 10.0.0.0/16, and addresses 10.0.0.4-10.0.0.14 are already assigned (.0-.3 are reserved), the next IP address assigned is most likely 10.0.0.15. However, it could be any address between 10.0.0.10 and 10.0.0.254. If a specific Private IP address is required for a resource, you should use a static private IP address. Dynamic is the default allocation method. Once assigned, dynamic IP addresses are only released if a network interface is deleted, assigned to a different subnet within the same virtual network, or the allocation method is changed to static, and a different IP address is specified. By default, Azure assigns the previous dynamically assigned address as the static address when you change the allocation method from dynamic to static. 
+ 
 ### Static
 
 You can (optionally) assign a public or private static IPv4 or IPv6 address to an IP configuration. To learn more about how Azure assigns static public IPv4 addresses, see [Manage an Azure public IP address](virtual-network-public-ip-address.md).
 
 - **Public only**: Azure assigns the address from a range unique to each Azure region. You can download the list of ranges (prefixes) for the Azure [Public](https://www.microsoft.com/download/details.aspx?id=56519), [US government](https://www.microsoft.com/download/details.aspx?id=57063), [China](https://www.microsoft.com/download/details.aspx?id=57062), and [Germany](https://www.microsoft.com/download/details.aspx?id=57064) clouds. The address doesn't change until the public IP address resource it's assigned to is deleted, or the allocation method is changed to dynamic. If the public IP address resource is associated to an IP configuration, it must be disassociated from the IP configuration before changing its allocation method.
-- **Private only**: You select and assign an address from the subnet's address range. The address you assign can be any address within the subnet address range that isn't one of the first four addresses in the subnet's address range and isn't currently assigned to any other resource in the subnet. Static addresses are only released if a network interface is deleted. If you change the allocation method to static, Azure dynamically assigns the previously assigned dynamic IP address as the static address, even if the address isn't the next available address in the subnet's address range. The address also changes if the network interface is assigned to a different subnet within the same virtual network, but to assign the network interface to a different subnet, you must first change the allocation method from static to dynamic. Once you've assigned the network interface to a different subnet, you can change the allocation method back to static, and assign an IP address from the new subnet's address range.
+- **Private only**: You select and assign an address from the subnet's address range. The address you assign can be any address within the subnet address range outside one of the first four addresses in the subnet's address range and not currently assigned to an existing resource in the subnet. Static addresses are only released if a network interface is deleted. If you change the allocation method to static, Azure dynamically assigns the previously assigned dynamic IP address as the static address, even if the address isn't the next available address in the subnet's address range. The address also changes if the network interface is assigned to a different subnet within the same virtual network. In order to assign the network interface to a different subnet, you must first change the allocation method from static to dynamic. Once the network interface is assigned to a different subnet, you can change the allocation method back to static, and assign an IP address from the new subnet's address range.
 
 ## IP address versions