While cloud providers already offer publicly routable IP address ranges, which is excellent for cloud-native applications or services, some users would instead use their own public IPv4 (or IPv6) address space as they move to the cloud. Bring Your Own IP or BYOIP is a set of policies offered by cloud providers to allow an IP prefix owner or renter to use its own IP addresses on their cloud resources.
In this post, you’ll learn everything about Bring Your Own IP (BYOIP), what is it, and why should you use it? You’ll also learn about the current popular cloud providers, such as AWS, GCP, and Cloudflare, offering the BYOIP service.
Table of contents.
1. What is BYOIP?
Most known public clouds provide a service known as BYOIP (Bring your Own IP), which lets you provision and employ your own public IPv4 (or IPv6) address space on their cloud services and products. Whether you recently leased or bought an IP address prefix or you have been using it on your on-premise Data Center for a long time ago, the Bring your Own IPs service lets you move the IPs into the cloud and use them with cloud services and products. When you use BYOIP services, the cloud provider will announce your own IP prefixes across distributed sites worldwide.
Why is BYOIP key to cloud migration?
Using a new IP address scheme from the cloud provider is the right thing for cloud-native applications, but cloud migration is another story. Unfortunately, changes in IP addressing schemes usually create havoc. And this is because connected applications or devices are typically hard-coded with IPs for their communication.
To avoid third-party re-routing, creating new firewall entries, losing IP reputation, or the risk of hard-coded dependencies mishaps, a client migrating an application to the cloud can use the same source IP prefix (BYOIP) in the target cloud provider. The target cloud-based data center providing BYOIP encompasses the VLAN/subnet and the gateway IP of all workloads and advertises the IP prefix.
2. Why Should you use BYOIP?
A public IP address is one of the most critical elements used for identification on the Internet. When it comes to migrating to the cloud, your IP address space must move along with the application. In addition, it is also critical that your IP addresses remain the same to protect your whitelists and IP address reputation.
BYOIP provides you with many benefits, including:
a. Reduce migration risks and complexities.
BYOIP reduces the risks of introducing new IPs when migrating. Developers won’t have to redefine applications’ hardcoded IPs for communications. In addition, network engineers won’t have to split traffic for some time between two different locations. Plus, they won’t have to spend time monitoring the change.
b. Avoid risking hardcoded dependencies.
Applications are highly dependent on other systems. For instance, an application server and a database. If your IP addresses have strict architectural dependencies or are hardcoded into devices, the BYOIP approach will allow you a smooth migration to the cloud.
c. The IP reputation.
It takes time to build a solid IP reputation, but only a few unwanted requests to lose it. A strong reputation means that the IP is trustworthy for its communication and location. Some Internet services and applications rely on IP reputation to allow traffic to flow from the client to target receiving endpoints such as commercial email providers and mail delivery systems. To ensure the IP already has a good or clean reputation lease or buy your IPs from a trusted provider.
d. Customer and partner’s whitelisting.
Your applications are usually using IP addresses that important sites or your customers and partners trust. Most likely, they have already white-listed or allow-listed your IP addresses in their firewall. Migrating to a new IP risks losing those hard-attained firewall entries. With BOYIP, you can move applications to the cloud along with those trusted IP addresses without requiring anybody to re-configure their firewalls.
e. Compliance and regulation.
Data is often subject to the laws and governance of the nation where it is generated or collected—This is known as data sovereignty. BYOIP can be useful in this situation. For instance, when you need to deploy your own IP in specific regions or have explicit technical or legal demands for where your IP prefixes can (and cannot) be announced.
f. Keep full control of your IPs on the cloud.
Obviously, the IPs are yours and not the cloud providers, so you never lose control. Cloud providers can’t reassign BYOIP’s IP addresses to other users and can’t charge you extra for idle or in-use IP addresses. In a positive light, a cloud provider would let you use your IPs on their resources; they will advertise them, protect them, and accelerate them. In addition, cloud services with BOYIP also usually offer control and management via UI. They let you manage the IP pools and deploy them directly from the UI to firewalls, load balancers, and web servers.
3. Who Offers BOYIP?
As stated in the beginning, although cloud providers already offer publicly routable IPv4 and IPv6 address ranges to be used in their infrastructure and services, there were many users that wanted to continue using their own public IP address space as they were moving to the cloud. In addition, those users wanted to avoid cloud lock-ins. They wanted to keep full control of their IPs to use them back on-premises or in other clouds. An alternative to hiring cloud IP services was BYOIP.
AWS BYOIP was one of the first to announce and offer the service. But soon, other leading cloud service providers followed.
So, who offers BOYIP now, and what are their requirements?
a. AWS BYOIP Requierements.
AWS allows you to bring your IPv4 and IPv6 address range to your AWS account. Bear in mind that BYOIP is not available in all of AWS’s Regions and resources. Your IP address range must be registered with an RIR and an institute or business and not individually registered. The most specific IPv4 address you can bring into AWS is a /24. To onboard your IPs, you must create an RSA key pair, upload a self-signed certificate and create a ROA.
Visit AWS official documentation for more information on AWS BYOIP requirements.
b. GCP BYOIP Requierements.
GCP allows you to bring and provision your own IP addresses onto the Google Cloud resources. CGP BYOIP requires you to create a Public Advertised Prefix (PAP). To make the PAP, you need first to provide the prefix. Then you’ll need to verify the PAP ownership via a ROA and reverse DNS validation. GCP announces the prefix on the Internet, but it does not advertise it until the prefix is provisioned.
Visit GCP’s official documentation for more information on GCP BYOIP requirements.
c. IBM Cloud BYOIP Requirements.
IBM Cloud, a company that recently acquired Nordcloud in 2020, lets you bring your own IP into the infrastructure provisioned on the IBM Cloud. The IBM Cloud allows BYOIP with a few network patterns to allow interoperability (avoid address conflicts) within the IBM Cloud Network. These patterns are Network Address Translation, GRE (Generic Routing Encapsulation) tunneling, GRE tunneling with IP alias, and Virtual Overlay Networks.
Visit IBM’s Cloud for a full tutorial on IBM Cloud BYOIP and its requirements.
d. Cloudflare BYOIP Requirements.
Cloudflare also supports Bringing Your Own IPs (BYOIP). It announces all your IPs in all their worldwide edge locations. With Cloudflare, you can use your own IPs with their layer 7 products, such as Magic Transit and Spectrum, or use your IPs across their CDN services. Cloudflare requires you to verify that your Internet Routing Registry (IRR) records are updated with the correct prefix and ASN information. In addition, Cloudflare needs the Letter of Authorization (LoA) to announce your prefix.
Visit Cloudflare’s documentation for more information on its requirements.
e. Alibaba Cloud BOYIP Requirements.
Alibaba Cloud supports Bring Your Own IP Addresses (BYOIP) so that you can bring your public IPv4 address range into the Alibaba Cloud account. The cloud provider advertises the IP address range on the Internet. You can also bind the IPs to the Alibaba Cloud services, including Elastic Compute Service (ECS), NAT Gateway, Server Load Balancer (SLB), and Elastic Network Interface (ENI).
Visit Alibaba Cloud documentation to learn more about Alibaba BYOIP requirements.
f. Alibaba Cloud BOYIP Requirements.
The Oracle Cloud service lets you Bring Your Own IP (BYOIP) address space to use it along with the Oracle Cloud infrastructure. You can use your own IPv4 space in your Oracle Cloud security, management, and deployment policies. Oracle validates the imported IP addresses and then proceeds to advertise them. Oracle requires that you prove the ownership of IPv4 space and that this ownership is registered on an RIR. In addition, the IP address range must have a clean reputation to be accepted.
More about Oracle Cloud BYOIP on Oracle Cloud’s documentation.
g. Microsoft Azure.
As of March 2022, Azure does not offer Azure BYOIP. A workaround for BYOIP in Azure is to route traffic via VPN or ExpressRoute.
4. Bring Your Own IP: FAQ.
- What is an IP prefix? It is an IP address range. Routers create routing tables containing reachable prefixes to ensure all data packets are correctly delivered to their destinations across the Internet.
- BYON vs. BYOIP, what are the differences? Although both concepts fall into the Bring Your Own…, they are completely different. Bring Your Own Network (BYON) refers to a concept where users access corporate data from their computers using their personal mobile network or Personal Area Network (PAN). As mentioned in the entire article, BYOIP is the feature provided by cloud providers that allow users to use their IP with the cloud resources.
- Can you lease an IP address and use it with BYOIP cloud providers? Yes, but the IP rental/sales service must be fully compliant with BOYIP on the popular providers. In fact, leasing a fresh IPv6 space and using it on AWS BOYIP will ensure a clean IP address reputation.
- What if my IP address block has been subject to deny-lists or black-lists? Some cloud providers will actually investigate the IP reputation of your IPs; if it is poor or has been associated with malicious behavior, they have the right to reject it.
The idea behind Bring Your Own IP (BYOIP) is to reduce the number of changes in network configurations or operations that use an IP address space when migrating to the cloud. Too many changes in network configurations and their addressing scheme might create a negative ripple effect that is difficult to smooth.
BYOIP not only reduces those cloud migration complexities and hardcoded IP dependencies risks but also maintains your IP reputation whitelists, keeps up with compliance, and allows you full control of your IPs.