From 68b7ce322e9d16436669f198a3c78bafb8e7003a Mon Sep 17 00:00:00 2001 From: SteveWinward <2002602+SteveWinward@users.noreply.github.com> Date: Sat, 27 Apr 2024 16:10:08 -0400 Subject: [PATCH] ipv6 updates to synapse link docs --- .../power-platform-azure-synapse/README.md | 204 +++++++++++------ .../files/CIDRtoIpRange.ps1 | 216 +++++++++++++++++- 2 files changed, 340 insertions(+), 80 deletions(-) diff --git a/whitepapers/power-platform-azure-synapse/README.md b/whitepapers/power-platform-azure-synapse/README.md index 08562897..721a1f24 100644 --- a/whitepapers/power-platform-azure-synapse/README.md +++ b/whitepapers/power-platform-azure-synapse/README.md @@ -64,75 +64,99 @@ When you go to create a new Azure Synapse Link, it will tell you your environmen Next, if you are in the US Gov Virginia region, look for the ```PowerPlatformInfra.USGovVirginia``` service tag. +> [!IMPORTANT] +> The below snippet is meant to be an example of what service tag to look for. These IP ranges do get updated and the best source of truth is to get these from here => [Azure IP Ranges and Service Tags for Azure for Government](https://www.microsoft.com/download/details.aspx?id=57063) + ````json { - "name": "PowerPlatformInfra.USGovVirginia", - "id": "PowerPlatformInfra.USGovVirginia", - "properties": { - "changeNumber": 1, - "region": "usgovvirginia", - "regionId": 42, - "platform": "Azure", - "systemService": "PowerPlatformInfra", - "addressPrefixes": [ - "52.127.52.124/30", - "52.127.53.0/26", - "52.127.53.64/27", - "52.127.53.96/29", - "52.127.53.112/28", - "52.127.53.128/25", - "52.127.54.0/28", - "52.127.55.136/29", - "52.127.55.144/29", - "52.227.216.40/32", - "52.227.228.164/32", - "52.227.232.14/32", - "52.227.232.88/32", - "52.227.232.254/32" - ], - "networkFeatures": [ - "API", - "NSG", - "FW" - ] - } -}, + "name": "PowerPlatformInfra.USGovVirginia", + "id": "PowerPlatformInfra.USGovVirginia", + "properties": { + "changeNumber": 5, + "region": "usgovvirginia", + "regionId": 42, + "platform": "Azure", + "systemService": "PowerPlatformInfra", + "addressPrefixes": [ + "20.141.167.160/29", + "20.158.8.248/32", + "20.159.0.16/28", + "20.159.0.32/28", + "20.159.0.64/26", + "52.127.52.124/30", + "52.127.53.0/26", + "52.127.53.64/27", + "52.127.53.96/29", + "52.127.53.112/28", + "52.127.53.128/25", + "52.127.54.0/28", + "52.127.55.136/29", + "52.127.55.144/29", + "52.227.216.40/32", + "52.227.228.164/32", + "52.227.232.14/32", + "52.227.232.88/32", + "52.227.232.254/32", + "52.245.211.174/32", + "52.245.239.198/32", + "2001:489a:2102:1080::/58", + "2001:489a:2102:1480::/58" + ], + "networkFeatures": [ + "API", + "NSG", + "FW" + ] + } + } ```` If you are in US Gov Texas, look for the ```PowerPlatformInfra.USGovTexas``` service tag. +> [!IMPORTANT] +> The below snippet is meant to be an example of what service tag to look for. These IP ranges do get updated and the best source of truth is to get these from here => [Azure IP Ranges and Service Tags for Azure for Government](https://www.microsoft.com/download/details.aspx?id=57063) + ````json { - "name": "PowerPlatformInfra.USGovTexas", - "id": "PowerPlatformInfra.USGovTexas", - "properties": { - "changeNumber": 1, - "region": "usgovtexas", - "regionId": 41, - "platform": "Azure", - "systemService": "PowerPlatformInfra", - "addressPrefixes": [ - "20.140.59.12/30", - "20.140.59.16/28", - "20.140.59.32/28", - "20.140.59.48/29", - "20.140.59.64/26", - "20.140.59.128/25", - "20.140.60.0/27", - "20.140.144.96/28", - "52.243.155.223/32", - "52.243.156.135/32", - "52.243.159.108/32", - "52.243.159.166/32", - "52.243.159.168/32" - ], - "networkFeatures": [ - "API", - "NSG", - "FW" - ] + "name": "PowerPlatformInfra.USGovTexas", + "id": "PowerPlatformInfra.USGovTexas", + "properties": { + "changeNumber": 5, + "region": "usgovtexas", + "regionId": 41, + "platform": "Azure", + "systemService": "PowerPlatformInfra", + "addressPrefixes": [ + "20.140.59.12/30", + "20.140.59.16/28", + "20.140.59.32/28", + "20.140.59.48/29", + "20.140.59.64/26", + "20.140.59.128/25", + "20.140.60.0/27", + "20.140.144.96/28", + "52.126.178.146/32", + "52.126.191.93/32", + "52.243.155.223/32", + "52.243.156.135/32", + "52.243.159.108/32", + "52.243.159.166/32", + "52.243.159.168/32", + "52.243.242.48/28", + "52.243.242.160/28", + "52.243.242.184/29", + "52.243.242.192/26", + "52.245.170.221/32", + "2001:489a:2102:1000::/58", + "2001:489a:2102:1400::/58" + ], + "networkFeatures": [ + "API", + "NSG", + "FW" + ] + } } -} ```` Azure Synapse requires a start and end IP address and does not use CIDR. To easily convert CIDR ranges to start and stop IP addresses, you can use the PowerShell script referenced below, @@ -147,9 +171,17 @@ An example of using the ```CIDRtoIpRange.ps1``` script is below, The sample output from this command are below, +> [!IMPORTANT] +> The below snippet is meant to be an example of what service tag to look for. These IP ranges do get updated and the best source of truth is to get these from here => [Azure IP Ranges and Service Tags for Azure for Government](https://www.microsoft.com/download/details.aspx?id=57063) + ```` IP Ranges for PowerPlatformInfra.USGovVirginia below => +20.141.167.161 : 20.141.167.167 +20.158.8.248 : 20.158.8.248 +20.159.0.17 : 20.159.0.31 +20.159.0.33 : 20.159.0.47 +20.159.0.65 : 20.159.0.127 52.127.52.125 : 52.127.52.127 52.127.53.1 : 52.127.53.63 52.127.53.65 : 52.127.53.95 @@ -164,6 +196,11 @@ IP Ranges for PowerPlatformInfra.USGovVirginia below => 52.227.232.14 : 52.227.232.14 52.227.232.88 : 52.227.232.88 52.227.232.254 : 52.227.232.254 +52.245.211.174 : 52.245.211.174 +52.245.239.198 : 52.245.239.198 +2001:489a:2102:1080:0000:0000:0000:0000 : 2001:489a:2102:10bf:ffff:ffff:ffff:ffff +2001:489a:2102:1480:0000:0000:0000:0000 : 2001:489a:2102:14bf:ffff:ffff:ffff:ffff + Sample Storage Account PowerShell Script => ```` @@ -171,6 +208,11 @@ Sample Storage Account PowerShell Script => $storageAccountName = "INSERT_STORAGE_ACCOUNT_HERE" $resourceGroupName = "INSERT_RESOURCE_GROUP_HERE" +Add-AzStorageAccountNetworkRule -ResourceGroupName $resourceGroupName -Name $storageAccountName -IPAddressOrRange 20.141.167.160/29 +Add-AzStorageAccountNetworkRule -ResourceGroupName $resourceGroupName -Name $storageAccountName -IPAddressOrRange 20.158.8.248 +Add-AzStorageAccountNetworkRule -ResourceGroupName $resourceGroupName -Name $storageAccountName -IPAddressOrRange 20.159.0.16/28 +Add-AzStorageAccountNetworkRule -ResourceGroupName $resourceGroupName -Name $storageAccountName -IPAddressOrRange 20.159.0.32/28 +Add-AzStorageAccountNetworkRule -ResourceGroupName $resourceGroupName -Name $storageAccountName -IPAddressOrRange 20.159.0.64/26 Add-AzStorageAccountNetworkRule -ResourceGroupName $resourceGroupName -Name $storageAccountName -IPAddressOrRange 52.127.52.124/30 Add-AzStorageAccountNetworkRule -ResourceGroupName $resourceGroupName -Name $storageAccountName -IPAddressOrRange 52.127.53.0/26 Add-AzStorageAccountNetworkRule -ResourceGroupName $resourceGroupName -Name $storageAccountName -IPAddressOrRange 52.127.53.64/27 @@ -185,6 +227,11 @@ Add-AzStorageAccountNetworkRule -ResourceGroupName $resourceGroupName -Name $sto Add-AzStorageAccountNetworkRule -ResourceGroupName $resourceGroupName -Name $storageAccountName -IPAddressOrRange 52.227.232.14 Add-AzStorageAccountNetworkRule -ResourceGroupName $resourceGroupName -Name $storageAccountName -IPAddressOrRange 52.227.232.88 Add-AzStorageAccountNetworkRule -ResourceGroupName $resourceGroupName -Name $storageAccountName -IPAddressOrRange 52.227.232.254 +Add-AzStorageAccountNetworkRule -ResourceGroupName $resourceGroupName -Name $storageAccountName -IPAddressOrRange 52.245.211.174 +Add-AzStorageAccountNetworkRule -ResourceGroupName $resourceGroupName -Name $storageAccountName -IPAddressOrRange 52.245.239.198 +Add-AzStorageAccountNetworkRule -ResourceGroupName $resourceGroupName -Name $storageAccountName -IPAddressOrRange 2001:489a:2102:1080::/58 +Add-AzStorageAccountNetworkRule -ResourceGroupName $resourceGroupName -Name $storageAccountName -IPAddressOrRange 2001:489a:2102:1480::/58 + ```` ```` Sample Azure Synapse PowerShell Script => @@ -192,20 +239,29 @@ Sample Azure Synapse PowerShell Script => ````powershell $synapseWorkspaceName = "INSET_SYNAPSE_WORKSPACE_HERE" -New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-1 -StartIpAddress "52.127.52.125" -EndIpAddress "52.127.52.127" -New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-2 -StartIpAddress "52.127.53.1" -EndIpAddress "52.127.53.63" -New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-3 -StartIpAddress "52.127.53.65" -EndIpAddress "52.127.53.95" -New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-4 -StartIpAddress "52.127.53.97" -EndIpAddress "52.127.53.103" -New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-5 -StartIpAddress "52.127.53.113" -EndIpAddress "52.127.53.127" -New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-6 -StartIpAddress "52.127.53.129" -EndIpAddress "52.127.53.255" -New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-7 -StartIpAddress "52.127.54.1" -EndIpAddress "52.127.54.15" -New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-8 -StartIpAddress "52.127.55.137" -EndIpAddress "52.127.55.143" -New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-9 -StartIpAddress "52.127.55.145" -EndIpAddress "52.127.55.151" -New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-10 -StartIpAddress "52.227.216.40" -EndIpAddress "52.227.216.40" -New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-11 -StartIpAddress "52.227.228.164" -EndIpAddress "52.227.228.164" -New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-12 -StartIpAddress "52.227.232.14" -EndIpAddress "52.227.232.14" -New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-13 -StartIpAddress "52.227.232.88" -EndIpAddress "52.227.232.88" -New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-14 -StartIpAddress "52.227.232.254" -EndIpAddress "52.227.232.254" +New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-1 -StartIpAddress "20.141.167.161" -EndIpAddress "20.141.167.167" +New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-2 -StartIpAddress "20.158.8.248" -EndIpAddress "20.158.8.248" +New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-3 -StartIpAddress "20.159.0.17" -EndIpAddress "20.159.0.31" +New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-4 -StartIpAddress "20.159.0.33" -EndIpAddress "20.159.0.47" +New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-5 -StartIpAddress "20.159.0.65" -EndIpAddress "20.159.0.127" +New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-6 -StartIpAddress "52.127.52.125" -EndIpAddress "52.127.52.127" +New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-7 -StartIpAddress "52.127.53.1" -EndIpAddress "52.127.53.63" +New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-8 -StartIpAddress "52.127.53.65" -EndIpAddress "52.127.53.95" +New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-9 -StartIpAddress "52.127.53.97" -EndIpAddress "52.127.53.103" +New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-10 -StartIpAddress "52.127.53.113" -EndIpAddress "52.127.53.127" +New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-11 -StartIpAddress "52.127.53.129" -EndIpAddress "52.127.53.255" +New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-12 -StartIpAddress "52.127.54.1" -EndIpAddress "52.127.54.15" +New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-13 -StartIpAddress "52.127.55.137" -EndIpAddress "52.127.55.143" +New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-14 -StartIpAddress "52.127.55.145" -EndIpAddress "52.127.55.151" +New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-15 -StartIpAddress "52.227.216.40" -EndIpAddress "52.227.216.40" +New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-16 -StartIpAddress "52.227.228.164" -EndIpAddress "52.227.228.164" +New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-17 -StartIpAddress "52.227.232.14" -EndIpAddress "52.227.232.14" +New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-18 -StartIpAddress "52.227.232.88" -EndIpAddress "52.227.232.88" +New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-19 -StartIpAddress "52.227.232.254" -EndIpAddress "52.227.232.254" +New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-20 -StartIpAddress "52.245.211.174" -EndIpAddress "52.245.211.174" +New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-21 -StartIpAddress "52.245.239.198" -EndIpAddress "52.245.239.198" +New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-22 -StartIpAddress "2001:489a:2102:1080:0000:0000:0000:0000" -EndIpAddress "2001:489a:2102:10bf:ffff:ffff:ffff:ffff" +New-AzSynapseFirewallRule -WorkspaceName $synapseWorkspaceName -Name PowerPlatformInfra.USGovVirginia-23 -StartIpAddress "2001:489a:2102:1480:0000:0000:0000:0000" -EndIpAddress "2001:489a:2102:14bf:ffff:ffff:ffff:ffff" ```` diff --git a/whitepapers/power-platform-azure-synapse/files/CIDRtoIpRange.ps1 b/whitepapers/power-platform-azure-synapse/files/CIDRtoIpRange.ps1 index b7d05135..446d7421 100644 --- a/whitepapers/power-platform-azure-synapse/files/CIDRtoIpRange.ps1 +++ b/whitepapers/power-platform-azure-synapse/files/CIDRtoIpRange.ps1 @@ -56,6 +56,150 @@ Function Get-IPV4NetworkEndIP ($strNetwork) Return $EndIP } +# Determine if an IP Address is IPv4 +Function IsIPv4 ($strIpAddress) +{ + $ip = [IpAddress]$strIpAddress + + Return $ip.AddressFamily -eq "InterNetwork" +} +# Determine if an IP Address is IPv4 +Function IsIPv6 ($strIpAddress) +{ + $ip = [IpAddress]$strIpAddress + + Return $ip.AddressFamily -eq "InterNetworkV6" +} + +#https://www.powershellgallery.com/packages/PoshFunctions/2.2.3/Content/Functions%5CExpand-IPv6.ps1 + +function Expand-IPV6 { +<# +.SYNOPSIS + Takes an abbreviated IPv6 string and expands it fully +.DESCRIPTION + Takes an abbreviated IPv6 string and expands it fully +.PARAMETER IPv6 + A string parameter that represents an IPv6 address. Aliased to 'Address' +.PARAMETER IncludeInput + Switch that will display the input parameter along with the result +.EXAMPLE + Expand-IPV6 'fe98::726d:daad:2afc:5393%18' + + Would return: + FE98:0000:0000:0000:726D:DAAD:2AFC:0000 +.EXAMPLE + Expand-IPV6 'fe98::726d:daad:2afc:5393' + + Would return: + FE98:0000:0000:0000:726D:DAAD:2AFC:5393 +.EXAMPLE + Expand-IPV6 -IPv6 '::1' + + Would return: + 0000:0000:0000:0000:0000:0000:0000:0001 +.EXAMPLE + '::1', 'fe98::726d:daad:2afc:5393' | Expand-IPV6 -IncludeInput + + OriginalIPv6 ExpandedIPv6 + ------------ ------------ + ::1 0000:0000:0000:0000:0000:0000:0000:0001 + fe98::726d:daad:2afc:5393 FE98:0000:0000:0000:726D:DAAD:2AFC:5393 +.NOTES + Source: https://badflyer.com/powershell-ipv4-to-ipv6/ + + Changes: + - added comment help + - minor formatting changes + - change IPv6 to string array + - added IncludeInput parameter +#> + + [CmdletBinding()] + [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments','')] + param + ( + [Parameter(Mandatory, Position = 0, ValueFromPipeline, ValueFromPipelineByPropertyName)] + [Alias('Address')] + [string[]] $IPv6, + + [switch] $IncludeInput + ) + + begin { + Write-Verbose -Message "Starting [$($MyInvocation.Mycommand)]" + } + + process { + foreach ($curIPv6 in $IPv6) { + $count = 0 + $loc = -1 + # Count the number of colons, and keep track of the double colon + for ($i = 0; $i -lt $curIPv6.Length; $i++) { + if ($curIPv6[$i] -eq ':') { + $count++ + if (($i - 1) -ge 0 -and $curIPv6[$i - 1] -eq ':') { + $loc = $i + } + } + } + # If we didnt find a double colon and the count isn't 7, then throw an exception + if ($loc -lt 0 -and $count -ne 7) { + throw 'Invalid IPv6 Address' + } + # Add in any missing colons if we had a double + $cleaned = $curIPv6 + if ($count -lt 7) { + $cleaned = $curIPv6.Substring(0, $loc) + (':' * (7 - $count)) + $curIPv6.Substring($loc) + } + # Parse current values in fill in new IP with hex numbers padded to 4 digits + $result = @() + foreach ($splt in $cleaned -split ':') { + $val = 0 + $r = [int]::TryParse($splt, [System.Globalization.NumberStyles]::HexNumber, [System.Globalization.CultureInfo]::InvariantCulture, [ref]$val) + $result += ('{0:X4}' -f $val) + } + $result = $result -join ':' + if ($IncludeInput) { + New-Object -TypeName psobject -Property ([ordered] @{ + OriginalIPv6 = $curIPv6 + ExpandedIPv6 = $result + }) + } else { + Write-Output -InputObject $result + } + } + } + + end { + Write-Verbose -Message "Ending [$($MyInvocation.Mycommand)]" + } +} + +# https://stackoverflow.com/questions/75533520/how-to-convert-ip-number-to-ipv6-using-powershell/75535232#75535232 +function Convert-NumberToIPv6 +{ + param( + [Parameter(Mandatory=$true)][bigInt]$ipv6Decimal + ) + + $ipv6Bytes = $ipv6Decimal.ToByteArray() + # pad to 16 bytes + [Array]::Resize([ref]$ipv6Bytes, 16) + + # reverse the bytes + [Array]::Reverse($ipv6Bytes) + + # provide a scope identifier to prevent "cannot find overload error" + $ipAddress = New-Object Net.IPAddress($ipv6Bytes, 0) + $ipAddress +} + +Function GetNetworkAddress($strIpAddressRange) +{ + Return ($strIpAddressRange.split("/"))[0] +} + $myJson = Get-Content $IPAddressJsonFilePath -Raw | ConvertFrom-Json $ranges = $myJson.values | where {$_.id -eq $ServiceTagName} @@ -67,14 +211,41 @@ $count = 1 foreach($range in $ranges.properties.addressPrefixes) { - $start = Get-IPV4NetworkStartIP($range) - $end = Get-IPV4NetworkEndIP($range) + $networkAddress = GetNetworkAddress($range) + + If (IsIPv4($networkAddress) -eq $True) + { + $start = Get-IPV4NetworkStartIP($range) + $end = Get-IPV4NetworkEndIP($range) + + Write-Output ($start.IPAddressToString + " : " + $end.IPAddressToString) + } + elseif (IsIPv6($networkAddress) -eq $True) + { + $startIp = ($range -split '/')[0] - Write-Output ($start.IPAddressToString + " : " + $end.IPAddressToString) + $startIpAddress = [System.Net.IPAddress]::Parse($startIP) + $startIpBytes = [System.Net.IPAddress]::Parse($startIP).GetAddressBytes() + [System.Array]::Reverse($startIpBytes) + $startIpAsInt = [bigint]$startIpBytes + + # CIDR Range + $cidrRange = [bigint]([math]::pow(2, (128 - ($range -split '/')[1]))) + + [bigint]$endIpAsInt = $startIpAsInt + $cidrRange - 1 + + $endIpAddress = Convert-NumberToIPv6 $endIpAsInt + + $expandedStartIpAddress = (Expand-IPV6 $startIpAddress.IPAddressToString).ToLower() + $expandedEndIpAddress = (Expand-IPV6 $endIpAddress.IPAddressToString).ToLower() + + Write-Output ($expandedStartIpAddress + " : " + $expandedEndIpAddress) + } $count = $count + 1 } + write-Output "" write-Output "Sample Storage Account PowerShell Script =>" write-Output "" @@ -83,7 +254,16 @@ write-Output "`$resourceGroupName = `"INSET_NAME_HERE`"" foreach($range in $ranges.properties.addressPrefixes) { - $newRange = $range -replace "/32" + $networkAddress = GetNetworkAddress($range) + + If (IsIPv4($networkAddress) -eq $True) + { + $newRange = $range -replace "/32" + } + elseif (IsIPv6($networkAddress) -eq $True) + { + $newRange = $range -replace "/128" + } Write-Output ("Add-AzStorageAccountNetworkRule -ResourceGroupName `$resourceGroupName -Name `$storageAccountName -IPAddressOrRange " + $newRange) } @@ -97,8 +277,32 @@ $count = 1 foreach($range in $ranges.properties.addressPrefixes) { - $start = Get-IPV4NetworkStartIP($range) - $end = Get-IPV4NetworkEndIP($range) + $networkAddress = GetNetworkAddress($range) + + If (IsIPv4($networkAddress) -eq $True) + { + $start = Get-IPV4NetworkStartIP($range) + $end = Get-IPV4NetworkEndIP($range) + } + elseif (IsIPv6($networkAddress) -eq $True) + { + $startIp = ($range -split '/')[0] + + $startIpAddress = [System.Net.IPAddress]::Parse($startIP) + $startIpBytes = [System.Net.IPAddress]::Parse($startIP).GetAddressBytes() + [System.Array]::Reverse($startIpBytes) + $startIpAsInt = [bigint]$startIpBytes + + # CIDR Range + $cidrRange = [bigint]([math]::pow(2, (128 - ($range -split '/')[1]))) + + [bigint]$endIpAsInt = $startIpAsInt + $cidrRange - 1 + + $endIpAddress = Convert-NumberToIPv6 $endIpAsInt + + $start = (Expand-IPV6 $startIpAddress.IPAddressToString).ToLower() + $end = (Expand-IPV6 $endIpAddress.IPAddressToString).ToLower() + } $name = ($ServiceTagName + "-" + $count)