Dedicated IP addresses
Last updated 2023-09-28
Fastly’s Dedicated Internet Protocol (IP) addresses provide you with a pool of IPv4 and IPv6 addresses, maintained and managed by us, across Fastly’s global Edge Cloud. They can be used to support TLS certificate management for non-SNI clients, to support custom cipher suites or IP-to-service pinning, or to help manage zero-rated billing endpoints or security allowlisting.
Purchase of Fastly's Platform TLS product requires you to also have purchased Dedicated IP addresses.
Fastly-managed certificates require clients to support TLS v1.2 and Server Name Indication (SNI) by default. When there is not an SNI match, a fallback certificate is used. Dedicated IP addresses can be used to host fallback certificates for non-SNI client support. Using the Fastly API, you can place your self-managed or Fastly-managed certificates at a dedicated set of IP addresses in the event there is no SNI match.
Additionally, for self-managed certificates only, you can also indicate a default ECDSA and RSA certificate. When no SNI match is found, Fastly will first check if the client supports ECDSA. If it does, we will send the fallback ECDSA certificate. If there is no SNI match and the client does not support ECDSA, we send the RSA fallback certificate.
Use your DNS records to associate the set of dedicated IP addresses to use to direct incoming traffic to the Fastly edge network. There are three possible network routing options (sometimes referred to as network maps or domain maps) that allow you to choose which sub-regions of the Fastly network to use.
Read Fastly's TLS offerings for a more detailed description of the supported TLS options at Fastly.
Fastly supports a number of standard cipher suites. Should you require more personalized control, Fastly supports the creation of custom cipher suites by providing you with dedicated IP addresses that support these custom sets.
IP-to-service pinning uses dedicated IP addresses to map customer services to specific endpoint IP addresses and direct an end user’s request to a specific service based on the requested endpoint IP address.
Zero-rated IP addresses (ZRIPs) allow you to use dedicated IP addresses within Fastly’s global Edge Cloud to identify traffic for special treatment. For example, if you need to waive billing charges going to or from specific web pages, ZRIPs can help you to identify traffic for zero billing.
Security allowlisting uses dedicated IP addresses to control the set of Fastly global IP addresses seen by third parties. You can incorporate dedicated IPs into access control lists (ACLs) to tighten security between a customer and a third party.