Networking, Azure, and Linux

by pierre 28. January 2013 03:09

I get a *lot* of questions on how to setup networking in Windows Azure Virtual Machines, so here's a quick braindump. You'll need to install the azure command line tool, instructions are available on the debian-cloud wiki

You don't need a virtual network

That's the most important thing you have to understand. A virtual network sounds very nice when you see it for the first time, but it's mainly designed for VPN connectivity. As long as you don't need to bridge your on-premise network with Azure VMs, forget about it.

Isolated VMs

Azure VMs only get private, non-routable IPs. The communication with the outside world goes through a load balancer. The load balancer owns public IPs, your machines don't.

If you create 2 standalone VMs, like :

azure vm create mydnsname [a bunch of options] --ssh
azure vm create myotherdnsname [a bunch of options] --ssh

You'll get 2 machines that only see each other through the load balancer. This is usually not what you want.

VM Farm

What you're looking for is a farm of machines, with a few visible from the outside world, and open connectivity between machines. Take for example this setup:

    Web Frontend VM (let's call it web1)
    Database VM (let's call it data1)

In this case you want web1 to see data1, and the other way around, but you only want web1 exposed to the outside world.
Here is how you do it:

azure vm create mydnsname [some options] -n web1
azure vm create mydnsname [some options] -n data1 -c mydnsname

That mydnsname is called the Service name. When you create a new VM, you can join it to an existing service, hence ensuring it will see every other machine deployed in the same service.

The load balancer

If you want to open a port to a given machine, the syntax is

azure vm endpoint create machinename lbport machineport

If you want to create a load-balanced endpoint to a set of machines, the syntax is

azure vm endpoint create -b endpointname machine1name lbport machine1port
azure vm endpoint create -b endpointname machine2name lbport machine2port

And so on.

How do my machines see each other ?

Standalone VM : use their public dns name and the port you set up in the load balancer if needed.

VM Farm : use the machine name from the inside network, every VM will resolve that correctly. Use the public DNS name from the outside world.

ssh gotchas

If you don't specify --ssh when creating a Linux VM, ssh won't be enabled on the machine.
If you specify --ssh but no port, this will work on standalone VMs. When creating a farm, make sure you specify --ssh portnumber with a different portnumber for every machine.
I know it's a bit dumb, we should enable ssh without exposing it to the outside world, delete the endpoint after creating the machine if that's what you want.



2/12/2014 11:23:52 AM #


Pingback from

Tested & Working Hostgator Coupon Codes For  2014 | Latest Official Hostgator Coupon Codes | Save more than $599 + 25% OFF + 1 Month FREE. | Reply

Add comment

(Will show your Gravatar icon)

  Country flag

  • Comment
  • Preview