Create a Virtual Machine with Multiple NICs in Azure IaaS

6 Jan

Every time I present a session about Microsoft Azure IaaS, the most common question is about Virtual Machines’ capability of getting more than one Virtual Network Interface (vNIC). At TechEd Europe 2014, Microsoft announced support for multiple Network Interfaces (vNICs) in Azure VMs, as well as other additions to Azure Virtual Networks like Network Security Groups.

Moreover, the capability of adding more than one vNIC to a Virtual Machine will enable Virtual Appliances scenarios like Firewalls, Load Balancers etc.

In this blogpost we are going to explore all the necessary steps for creating a Virtual Machine with multiple vNICs in Azure IaaS. So, let’s get started.

How to create a Virtual Machine with multiple NICs

According to our requirements we need to design our Virtual Network with all the required Subnets. The design phase should always precede every implementation. As an example, we can use the following diagram

Multi-NIC-01

In this diagram, a Virtual Network for supporting a common three-tier application is displayed. This Virtual Network has three subnets, Front-End Subnet with network number 172.16.1.0/24, Mid-Tier Subnet with network number 172.16.2.0/24 and Back-End Subnet with network number 172.16.3.0/24. The scope of this blogpost is to create a Virtual Machine with three Network Interfaces, one in each subnet.

Prerequisites and Constraints

Multiple NICs can be added to any Azure Virtual Machine, except Basic Tier SKUs. However, the number of NICs, that can be created for a Virtual Machine, depends on its size and is shown in the following table:

 VM Size (Standard SKUs) NICs (max allowed per VM)
Large (A3) and A6 2
Extra Large (A4) and A7 4
A9 2
D4 4
D13 4

– Multiple NICs can be added only to Virtual Machines belonging to a Virtual Network (VNET). Non-VNET VMs are not supported.

– Every Azure Virtual Machine with Multiple NICs has a “default” NIC and additional ones. Internet traffic and its corresponding VIP is only supported on the “default” NIC. There is only one VIP to the IP of the default NIC.

– A Virtual Machine with Multiple NICs cannot be used as an IP router. The IP packets must be destined to or sourced from one of its IP addresses.

– The order of the NICs from inside the VM will be random, and could also change across Azure infrastructure updates. However, the IP addresses, and the corresponding Ethernet MAC addresses will remain the same. For example, assume Eth1 has IP address 10.1.0.100 and MAC address 00-0D-3A-B0-39-0D; after an Azure infrastructure update and reboot, it could be changed to Eth2, but the IP and MAC pairing will remain the same. When a restart is customer-initiated, the NIC order will remain the same.

Create the required Virtual Network

With the prerequisites and constraints being mentioned, let’s proceed to create the required Virtual Network. As written above, our VNET, with a name of DMZ-VNET, has three subnets: Front-End Subnet (172.16.1.0/24), Mid-Tier Subnet (172.16.2.0/24) and Back-End Subnet (172.16.3.0/24). We can use PowerShell or the management portal to create this VNET and once completed, it will look like this:

Multi-NIC-02Create the Multi-NIC VM

The only way, for the time being, to create a Virtual Machine and add Multiple NICs to it, is via PowerShell. That is why we need the latest version of Azure PowerShell Module, which we can be found at http://azure.microsoft.com.

Multi-NIC-03

Once the module is installed, we can use the following commands to create a new Virtual Machine (DMZ-GW) with three Network Interface Cards, each one connected to desired subnet. For better understanding, we have split the script in sections:

# Create a Storage Account

New-AzureStorageAccount -StorageAccountName dmzsa -Location "West Europe"
New-AzureService -ServiceName "DMZCS" -Location "West Europe"

# Select the Subscription we are going to work with

Set-AzureSubscription -SubscriptionName "MSDN-Kappas" -CurrentStorageAccountName "dmzsa"
Select-AzureSubscription -SubscriptionName "MSDN-Kappas" -Current

# Setting some variables

$location = "West Europe"
$serviceName = "DMZCS"
$vnet = "DMZ-VNET"
$subscriptionName = 'MSDN-Kappas'
$storageAccount = 'dmzsa'

# Select an OS Image

$imageFamily = "Windows Server 2012 R2 Datacenter"
$imageName = Get-AzureVMImage |
                 where { $_.ImageFamily -eq $imageFamily } |
                 sort PublishedDate -Descending |
                 select -ExpandProperty ImageName -First 1 

# Enter required admin credentials

$cred = Get-Credential -Message "Enter admin credentials for the VM(s)" 
$adminUser = $cred.UserName
$pwd = $cred.GetNetworkCredential().Password  
 
# Define Virtual Machine's configuration 

$vm1 = New-AzureVMConfig -ImageName $ImageName -Name "DMZ-GW" -InstanceSize ExtraLarge  |
       Add-AzureProvisioningConfig -Windows -AdminUsername $adminUser -Password $pwd | 

# Configure the "Default NIC"
       
       Set-AzureSubnet -SubnetNames "Front-End" | 
       Set-AzureStaticVNetIP -IPAddress "172.16.1.10" |

# Configure additional NICs
       
       Add-AzureNetworkInterfaceConfig -Name "MidTier NIC" -SubnetName "Mid-Tier" -StaticVNetIPAddress "172.16.2.10"|
       Add-AzureNetworkInterfaceConfig -Name "BackEnd NIC" -SubnetName "Back-End" -StaticVNetIPAddress "172.16.3.10"

# Create the Virtual Machine       

New-AzureVM -ServiceName $serviceName `
            -Location $location `
            -VNetName $vnet `
            -VMs $vm1

Multiple NICs Validation

Once the Virtual Machine is created, we can connect via RDP in order to verify its Multiple NICs existence.

Multi-NIC-04

Multi-NIC-05

As you can see, we have successfully created an Azure Virtual Machine with three NICs, as shown in the following diagram:

Multi-NIC-06

One Reply to “Create a Virtual Machine with Multiple NICs in Azure IaaS”

  1. Pingback: Running pfSense as an Azure IaaS Virtual Machine

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.