Tag Archives: Azure Networking

How to re-enable Network Interface in Azure VM?

In Hyper-V or VMware virtualization environment, Enable/Disable NIC in a VM is not a big deal. Even if you do not have NIC or valid IP configure, administrators still can connect to VM as it does have “Console” access. Few weeks ago, I received an email from one of my regular blog readers. He accidently disabled NIC in azure vm and he lost RDP access to it. since there is no console access like other on-premises virtualization solution, of cause he was panicking. In this blog post I am going to share what you can do to re-enable your Azure VM NIC in such scenario. 

In my demo setup, I have an active azure VM running with 10.5.2.33 private IP address. 

ip1

I logged in to VM as administrator and disable the NIC.

Now I need to regain the RDP access to server. in order to do that, log in to Azure Portal as Global Administrator and click on Cloud Shell button in right hand top corner. 

ip2

When window load up makes sure you are using PowerShell option. 

ip3

Now we need to find out the NIC details of the VM that we having issues with. We can do this using,

Get-AzureRmNetworkInterface -ResourceGroupName "REBELADMIN-DEMO" 

In this command, -ResourceGroupName represent the resource group that VM belongs to. In my demo setup I only have one VM under that resource group.  but if you have more VMs it can be hard to find the relevant info. In that case I recommend to use portal itself to view this info.

In here, note down the network interface name, IP address and allocation method you using. 

ip4

Now, we need to assign a new IP address to the same nic from same subnet. It can be done using,

$Nic = Get-AzureRmNetworkInterface -ResourceGroupName "REBELADMIN-DEMO" -Name "rebeladmin-vm1123"

$Nic.IpConfigurations[0].PrivateIpAddress = "10.5.2.34"

$Nic.IpConfigurations[0].PrivateIpAllocationMethod = "Static"

$Nic.Tag = @{Name = "Name"; Value = "Value"}

Set-AzureRmNetworkInterface -NetworkInterface $Nic

In above commands, rebeladmin-vm1123 represent the network interface name. 10.5.2.34 is the new ip address for the network interface. PrivateIpAllocationMethod define the ip allocation method. Set-AzureRmNetworkInterface cmdlet sets the network interface configuration. 

ip5

Great!! Now I got my RDP access back with new IP address.

ip6

But it is not the original IP it had, now we can change it back with,

$Nic2 = Get-AzureRmNetworkInterface -ResourceGroupName "REBELADMIN-DEMO" -Name "rebeladmin-vm1123"

$Nic2.IpConfigurations[0].PrivateIpAddress = "10.5.2.33"

$Nic2.IpConfigurations[0].PrivateIpAllocationMethod = "Static"

$Nic2.Tag = @{Name = "Name"; Value = "Value"}

Set-AzureRmNetworkInterface -NetworkInterface $Nic2

ip7

Once it is applied, I can access server via RDP and now it has same private IP address it had.

ip8

If you using dynamic IP allocation method, you need to make it static, then change the ip and go back to dynamic mode. 

This marks the end of this blog post. If you have any questions feel free to contact me on rebeladm@live.com also follow me on twitter @rebeladm to get updates about new blog posts.

Step-by-Step guide to create VM with Azure Accelerated networking

In my previous post I have explained what is Azure Accelerated networking and how it works. If you didn’t read it yet, you can do it using http://www.rebeladmin.com/2018/01/azure-accelerated-networking/ . In this post I am going to show how we can create VM with AN and verify its actions. 

There are few limitations we need to aware before we use Azure Accelerated networking. 

1. Can’t use with existing VMs – In order to use AN feature, Virtual machines must be created with Accelerated Networking enabled. This feature cannot enable in existing VMs. 

2. A NIC with AN cannot attached to an existing VM –  A NIC with AN enabled only can attached during the VM creation process. It is not possible to attach it to existing VM. 

3. Azure Resource Manager only – This feature only can use with AR. It can’t use in classic portal. 

In my demo I am going to create new VM in new resource group with Azure Accelerated networking enable. Please note this feature can only enable using Azure CLI and Azure PowerShell.

Here I am going to use Azure CLI. More info about Azure CLI can be found in my blog post http://www.rebeladmin.com/2017/08/step-step-guide-start-azure-cli-2-0/ 

1. As first step I am going to create new resource group called ANTest in westus region. 

az group create --name ANTest --location westus

an1

2. Then we need to create virtual network. In demo I am creating virtual network called ANTestVNet with address space 10.10.0.0/16

az network vnet create --name ANTestVNet --resource-group ANTest --location westus --address-prefix 10.10.0.0/16

an2

3. Next step is to create a subnet under selected address space. In my demo I am creating 10.10.20.0/24 subnet with name ANTestsub1

az network vnet subnet create --address-prefix 10.10.20.0/24 --name ANTestsub1 --resource-group ANTest --vnet-name ANTestVNet

an3

4. I like to access this vm from internet so I need a public ip attached to it. 

az network public-ip create --name ANTestpubip1 --resource-group ANTest --location westus --allocation-method dynamic

in above I am using dynamically assigned ip rather than static public ip.

an4

5. Now we have everything ready to create NIC. This is the most important part of the job. So the command I am using for it is,

az network nic create --resource-group ANTest --name ANTestNic1 --vnet-name ANTestVNet --subnet ANTestsub1 --accelerated-networking true --public-ip-address ANTestpubip1

in above ANTestNic1 is the NIC name. –accelerated-networking true is the command to enable AN feature. 

an5

6. Next step is to create VM with this new NIC attached. Please note there are only some OS and VM templates support this AN feature. So, make sure you select the correct size. if you use unsupported template, you can’t change enable AN by just changing the template. In my demo I am creating windows server 2016 server with Standard_DS4_v2 vm template.

az vm create --resource-group ANTest --location westus --nics ANTestNic1 --name REBELVM101 --image win2016datacenter --size Standard_DS4_v2 --admin-username rebeladmin --admin-password L0nd0n3322$

an6

once it is completed we can log in to VM and verify. Once this feature enabled you will be able to see Mellanox ConnectX-3 Virtual Function Ethernet Adapter in device manager.

an7

Let’s see how it affecting performance. I do have 2 VM created using old method and I am transferring a folder with 10Gb data between them. So, let’s see how the performance looks like. 

an8

an9

And when I do transfer same file between 2 VM with AN enabled I get following performance. 

an10

an11

It’s pretty amazing ha??? 

This marks the end of this blog post. Hope this was useful. If you have any questions feel free to contact me on rebeladm@live.com also follow me on twitter @rebeladm to get updates about new blog posts.

Azure Accelerated Networking

Early January Microsoft announced general availability of Azure Accelerated Networking (AN). It is now available for all the regions. This will improve the VM’s performance as its offloading software-define networking from CPU to FPGA-based SmartNICs. To make it more interesting, it can provide up to 30Gbps networking throughput without any additional charge. 

How it works? 

If you worked with Hyper-V clusters, System Center virtualization manager (SCVMM) you may probably aware how virtual switches works. It works as a middle man between virtual machines and physical network to provide greater control over “Communication”. It allows to move workloads between physical hosts, control traffic and isolation using policies, flexible hardware upgrades etc. Azure also uses virtual switches similar to hyper-v. 

accelerated-networking
Image source: https://docs.microsoft.com/en-us/azure/virtual-network/media/create-vm-accelerated-networking/accelerated-networking.png 
 
You also can read more about it using this link
 
As you can see in the above image without accelerate networking, traffic always need to pass through the virtual switch and physical hosts before it reaches the physical switch. When Accelerated networking in place, network traffic is directly handled by physical switch by bypassing host and the virtual switch. All the policies you used with virtual switches now can offload to hardware. As it removes the dependency of host to process the packet, we will be able to see lower latency. If there is no AN, Virtual switch process all the policies applying to network traffic. Since it is software based of cause it is need to handle by CPU. But the performance of it depend on the CPU utilization and number of policies. With AN, policies will no longer rely on CPU and it handle by the dedicated hardware. This will reduce jitter. 
 
Limitations 
 
There are few limitations applying to this feature. 
 
1. Can’t use with existing VMs – In order to use AN features, Virtual machines must be created with Accelerated Networking enabled. This feature cannot enable in existing VMs. 
2. A NIC with AN cannot attached to an existing VM –  A NIC with AN enabled only can attached during the VM creation process. It is not possible to attach it to existing VM. 
3. Azure Resource Manager only – This feature only can use with ARM. It can’t use in classic portal. 
 
Supported VM Instances 
 
Azure Accelerated Networking is supported on D/DSv2, D/DSv3, E/ESv3, F/Fs/Fsv2, and Ms/Mms Azure VM series. 

Supported Operating Systems
 
Azure Accelerated Networking is supported on both Linux and Windows operating systems such as, 
 
Windows Server 2016
Windows Server 2012R2
Ubuntu 16.04
Red Hat Enterprise Linux 7.4
CentOS 7.4
SUSE Linux Enterprise Server 12 SP3
 
This marks the end of this blog post. Hope this was useful. In next post I will demonstrate how to create VM with AN feature. If you have any questions feel free to contact me on rebeladm@live.com also follow me on twitter @rebeladm to get updates about new blog posts.