Skip to content

Commit

Permalink
ipv6 updates to synapse link docs
Browse files Browse the repository at this point in the history
  • Loading branch information
@SteveWinward
SteveWinward committed Apr 27, 2024
1 parent efc5ce8 commit 68b7ce3
Show file tree
Hide file tree
Showing 2 changed files with 340 additions and 80 deletions.
204 changes: 130 additions & 74 deletions whitepapers/power-platform-azure-synapse/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,75 +64,99 @@ When you go to create a new Azure Synapse Link, it will tell you your environmen

Next, if you are in the US Gov Virginia region, look for the ```PowerPlatformInfra.USGovVirginia``` service tag.

> [!IMPORTANT]
> The below snippet is meant to be an example of what service tag to look for. These IP ranges do get updated and the best source of truth is to get these from here => [Azure IP Ranges and Service Tags for Azure for Government](https://www.microsoft.com/download/details.aspx?id=57063)
````json
{
"name": "PowerPlatformInfra.USGovVirginia",
"id": "PowerPlatformInfra.USGovVirginia",
"properties": {
"changeNumber": 1,
"region": "usgovvirginia",
"regionId": 42,
"platform": "Azure",
"systemService": "PowerPlatformInfra",
"addressPrefixes": [
"52.127.52.124/30",
"52.127.53.0/26",
"52.127.53.64/27",
"52.127.53.96/29",
"52.127.53.112/28",
"52.127.53.128/25",
"52.127.54.0/28",
"52.127.55.136/29",
"52.127.55.144/29",
"52.227.216.40/32",
"52.227.228.164/32",
"52.227.232.14/32",
"52.227.232.88/32",
"52.227.232.254/32"
],
"networkFeatures": [
"API",
"NSG",
"FW"
]
}
},
"name": "PowerPlatformInfra.USGovVirginia",
"id": "PowerPlatformInfra.USGovVirginia",
"properties": {
"changeNumber": 5,
"region": "usgovvirginia",
"regionId": 42,
"platform": "Azure",
"systemService": "PowerPlatformInfra",
"addressPrefixes": [
"20.141.167.160/29",
"20.158.8.248/32",
"20.159.0.16/28",
"20.159.0.32/28",
"20.159.0.64/26",
"52.127.52.124/30",
"52.127.53.0/26",
"52.127.53.64/27",
"52.127.53.96/29",
"52.127.53.112/28",
"52.127.53.128/25",
"52.127.54.0/28",
"52.127.55.136/29",
"52.127.55.144/29",
"52.227.216.40/32",
"52.227.228.164/32",
"52.227.232.14/32",
"52.227.232.88/32",
"52.227.232.254/32",
"52.245.211.174/32",
"52.245.239.198/32",
"2001:489a:2102:1080::/58",
"2001:489a:2102:1480::/58"
],
"networkFeatures": [
"API",
"NSG",
"FW"
]
}
}
````

If you are in US Gov Texas, look for the ```PowerPlatformInfra.USGovTexas``` service tag.

> [!IMPORTANT]
> The below snippet is meant to be an example of what service tag to look for. These IP ranges do get updated and the best source of truth is to get these from here => [Azure IP Ranges and Service Tags for Azure for Government](https://www.microsoft.com/download/details.aspx?id=57063)
````json
{
"name": "PowerPlatformInfra.USGovTexas",
"id": "PowerPlatformInfra.USGovTexas",
"properties": {
"changeNumber": 1,
"region": "usgovtexas",
"regionId": 41,
"platform": "Azure",
"systemService": "PowerPlatformInfra",
"addressPrefixes": [
"20.140.59.12/30",
"20.140.59.16/28",
"20.140.59.32/28",
"20.140.59.48/29",
"20.140.59.64/26",
"20.140.59.128/25",
"20.140.60.0/27",
"20.140.144.96/28",
"52.243.155.223/32",
"52.243.156.135/32",
"52.243.159.108/32",
"52.243.159.166/32",
"52.243.159.168/32"
],
"networkFeatures": [
"API",
"NSG",
"FW"
]
"name": "PowerPlatformInfra.USGovTexas",
"id": "PowerPlatformInfra.USGovTexas",
"properties": {
"changeNumber": 5,
"region": "usgovtexas",
"regionId": 41,
"platform": "Azure",
"systemService": "PowerPlatformInfra",
"addressPrefixes": [
"20.140.59.12/30",
"20.140.59.16/28",
"20.140.59.32/28",
"20.140.59.48/29",
"20.140.59.64/26",
"20.140.59.128/25",
"20.140.60.0/27",
"20.140.144.96/28",
"52.126.178.146/32",
"52.126.191.93/32",
"52.243.155.223/32",
"52.243.156.135/32",
"52.243.159.108/32",
"52.243.159.166/32",
"52.243.159.168/32",
"52.243.242.48/28",
"52.243.242.160/28",
"52.243.242.184/29",
"52.243.242.192/26",
"52.245.170.221/32",
"2001:489a:2102:1000::/58",
"2001:489a:2102:1400::/58"
],
"networkFeatures": [
"API",
"NSG",
"FW"
]
}
}
}
````

Azure Synapse requires a start and end IP address and does not use CIDR. To easily convert CIDR ranges to start and stop IP addresses, you can use the PowerShell script referenced below,
Expand All @@ -147,9 +171,17 @@ An example of using the ```CIDRtoIpRange.ps1``` script is below,

The sample output from this command are below,

> [!IMPORTANT]
> The below snippet is meant to be an example of what service tag to look for. These IP ranges do get updated and the best source of truth is to get these from here => [Azure IP Ranges and Service Tags for Azure for Government](https://www.microsoft.com/download/details.aspx?id=57063)
````
IP Ranges for PowerPlatformInfra.USGovVirginia below =>
20.141.167.161 : 20.141.167.167
20.158.8.248 : 20.158.8.248
20.159.0.17 : 20.159.0.31
20.159.0.33 : 20.159.0.47
20.159.0.65 : 20.159.0.127
52.127.52.125 : 52.127.52.127
52.127.53.1 : 52.127.53.63
52.127.53.65 : 52.127.53.95
Expand All @@ -164,13 +196,23 @@ IP Ranges for PowerPlatformInfra.USGovVirginia below =>
52.227.232.14 : 52.227.232.14
52.227.232.88 : 52.227.232.88
52.227.232.254 : 52.227.232.254
52.245.211.174 : 52.245.211.174
52.245.239.198 : 52.245.239.198
2001:489a:2102:1080:0000:0000:0000:0000 : 2001:489a:2102:10bf:ffff:ffff:ffff:ffff
2001:489a:2102:1480:0000:0000:0000:0000 : 2001:489a:2102:14bf:ffff:ffff:ffff:ffff
Sample Storage Account PowerShell Script =>
````
````powershell
$storageAccountName = "INSERT_STORAGE_ACCOUNT_HERE"
$resourceGroupName = "INSERT_RESOURCE_GROUP_HERE"
Add-AzStorageAccountNetworkRule -ResourceGroupName $resourceGroupName -Name $storageAccountName -IPAddressOrRange 20.141.167.160/29
Add-AzStorageAccountNetworkRule -ResourceGroupName $resourceGroupName -Name $storageAccountName -IPAddressOrRange 20.158.8.248
Add-AzStorageAccountNetworkRule -ResourceGroupName $resourceGroupName -Name $storageAccountName -IPAddressOrRange 20.159.0.16/28
Add-AzStorageAccountNetworkRule -ResourceGroupName $resourceGroupName -Name $storageAccountName -IPAddressOrRange 20.159.0.32/28
Add-AzStorageAccountNetworkRule -ResourceGroupName $resourceGroupName -Name $storageAccountName -IPAddressOrRange 20.159.0.64/26
Add-AzStorageAccountNetworkRule -ResourceGroupName $resourceGroupName -Name $storageAccountName -IPAddressOrRange 52.127.52.124/30
Add-AzStorageAccountNetworkRule -ResourceGroupName $resourceGroupName -Name $storageAccountName -IPAddressOrRange 52.127.53.0/26
Add-AzStorageAccountNetworkRule -ResourceGroupName $resourceGroupName -Name $storageAccountName -IPAddressOrRange 52.127.53.64/27
Expand All @@ -185,27 +227,41 @@ Add-AzStorageAccountNetworkRule -ResourceGroupName $resourceGroupName -Name $sto
Add-AzStorageAccountNetworkRule -ResourceGroupName $resourceGroupName -Name $storageAccountName -IPAddressOrRange 52.227.232.14
Add-AzStorageAccountNetworkRule -ResourceGroupName $resourceGroupName -Name $storageAccountName -IPAddressOrRange 52.227.232.88
Add-AzStorageAccountNetworkRule -ResourceGroupName $resourceGroupName -Name $storageAccountName -IPAddressOrRange 52.227.232.254
Add-AzStorageAccountNetworkRule -ResourceGroupName $resourceGroupName -Name $storageAccountName -IPAddressOrRange 52.245.211.174
Add-AzStorageAccountNetworkRule -ResourceGroupName $resourceGroupName -Name $storageAccountName -IPAddressOrRange 52.245.239.198
Add-AzStorageAccountNetworkRule -ResourceGroupName $resourceGroupName -Name $storageAccountName -IPAddressOrRange 2001:489a:2102:1080::/58
Add-AzStorageAccountNetworkRule -ResourceGroupName $resourceGroupName -Name $storageAccountName -IPAddressOrRange 2001:489a:2102:1480::/58
````
````
Sample Azure Synapse PowerShell Script =>
````
````powershell
$synapseWorkspaceName = "INSET_SYNAPSE_WORKSPACE_HERE"
New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-1 -StartIpAddress "52.127.52.125" -EndIpAddress "52.127.52.127"
New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-2 -StartIpAddress "52.127.53.1" -EndIpAddress "52.127.53.63"
New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-3 -StartIpAddress "52.127.53.65" -EndIpAddress "52.127.53.95"
New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-4 -StartIpAddress "52.127.53.97" -EndIpAddress "52.127.53.103"
New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-5 -StartIpAddress "52.127.53.113" -EndIpAddress "52.127.53.127"
New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-6 -StartIpAddress "52.127.53.129" -EndIpAddress "52.127.53.255"
New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-7 -StartIpAddress "52.127.54.1" -EndIpAddress "52.127.54.15"
New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-8 -StartIpAddress "52.127.55.137" -EndIpAddress "52.127.55.143"
New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-9 -StartIpAddress "52.127.55.145" -EndIpAddress "52.127.55.151"
New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-10 -StartIpAddress "52.227.216.40" -EndIpAddress "52.227.216.40"
New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-11 -StartIpAddress "52.227.228.164" -EndIpAddress "52.227.228.164"
New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-12 -StartIpAddress "52.227.232.14" -EndIpAddress "52.227.232.14"
New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-13 -StartIpAddress "52.227.232.88" -EndIpAddress "52.227.232.88"
New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-14 -StartIpAddress "52.227.232.254" -EndIpAddress "52.227.232.254"
New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-1 -StartIpAddress "20.141.167.161" -EndIpAddress "20.141.167.167"
New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-2 -StartIpAddress "20.158.8.248" -EndIpAddress "20.158.8.248"
New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-3 -StartIpAddress "20.159.0.17" -EndIpAddress "20.159.0.31"
New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-4 -StartIpAddress "20.159.0.33" -EndIpAddress "20.159.0.47"
New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-5 -StartIpAddress "20.159.0.65" -EndIpAddress "20.159.0.127"
New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-6 -StartIpAddress "52.127.52.125" -EndIpAddress "52.127.52.127"
New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-7 -StartIpAddress "52.127.53.1" -EndIpAddress "52.127.53.63"
New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-8 -StartIpAddress "52.127.53.65" -EndIpAddress "52.127.53.95"
New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-9 -StartIpAddress "52.127.53.97" -EndIpAddress "52.127.53.103"
New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-10 -StartIpAddress "52.127.53.113" -EndIpAddress "52.127.53.127"
New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-11 -StartIpAddress "52.127.53.129" -EndIpAddress "52.127.53.255"
New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-12 -StartIpAddress "52.127.54.1" -EndIpAddress "52.127.54.15"
New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-13 -StartIpAddress "52.127.55.137" -EndIpAddress "52.127.55.143"
New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-14 -StartIpAddress "52.127.55.145" -EndIpAddress "52.127.55.151"
New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-15 -StartIpAddress "52.227.216.40" -EndIpAddress "52.227.216.40"
New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-16 -StartIpAddress "52.227.228.164" -EndIpAddress "52.227.228.164"
New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-17 -StartIpAddress "52.227.232.14" -EndIpAddress "52.227.232.14"
New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-18 -StartIpAddress "52.227.232.88" -EndIpAddress "52.227.232.88"
New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-19 -StartIpAddress "52.227.232.254" -EndIpAddress "52.227.232.254"
New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-20 -StartIpAddress "52.245.211.174" -EndIpAddress "52.245.211.174"
New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-21 -StartIpAddress "52.245.239.198" -EndIpAddress "52.245.239.198"
New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-22 -StartIpAddress "2001:489a:2102:1080:0000:0000:0000:0000" -EndIpAddress "2001:489a:2102:10bf:ffff:ffff:ffff:ffff"
New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-23 -StartIpAddress "2001:489a:2102:1480:0000:0000:0000:0000" -EndIpAddress "2001:489a:2102:14bf:ffff:ffff:ffff:ffff"
````

Expand Down
Loading

0 comments on commit 68b7ce3

Please sign in to comment.