When creating a new Azure virtual machine using the Azure portal, you can create and assign a static public IP address to it, but what if you need it to have more than one? In this article, we'll use PowerShell commands in the Azure portal's Cloud Shell to add multiple public IP addresses to a virtual machine.
Lets start with the architecture of how IP addresses work with Azure Virtual Machines. An Azure virtual machine is more than one resource - as well as the virtual machine you have disk storage, a network interface (NIC), a virtual network and (hopefully) a network security group. Creating a virtual machine through the Azure portal allows you to add one network interface, one dynamic private IP address and one dynamic or static public IP address.
But, virtual machines also support having static private IP addresses, multiple private IP addresses, multiple public IP addresses and multiple NICs. This could be useful if you want to split public-facing (or "front end") traffic from internal traffic to other Azure or on-premises resources (known as "back end" traffic).
Today we'll keep it simple and stick with a single NIC, but add multiple IP addresses to it.
If you want to add multiple NICs to your VM, you can follow the 5 steps to add a NIC to an existing VM.
We add new IP configurations to the appropriate NIC.
Each IP configuration can have one of the following combinations
EXCEPT if your virtual machine is in an Availability zone, then only Standard SKU public IP addresses are supported, which means your public IP address can only be static.
Note: If you delete an IP configuration from your virtual machine and it contains a public IP address, it won't automatically delete the public IP address resource (as you may wish to reallocate it). If the public IP address is no longer needed, make sure you delete the public IP address resource too (after it has been disassociated from the VM by the removal of the IP configuration).
Run these commands in PowerShell or the Cloud Shell:
Get-AzNetworkInterface | Format-Table Name, ResourceGroupName, Location
$NicName = "MyNIC" $RgName = "MyResourceGroup" $Location = "westus"
$MyNIC = Get-AzNetworkInterface -Name $NicName -ResourceGroupName $RgName
The output of step 4 will look similar to this:
so the MyVNet and MySubnet values are what you need from this.
Now you have a choice to make - you can add a public IP address to an existing IP configuration which already has private IP address (dynamic or static), OR you can add a public IP address as a new, additional IP configuration.
If you add it to a new IP config, you also have to add a new private IP address at the same time, as all public IP addresses must have a corresponding private IP address.
$myPublicIp3 = New-AzPublicIpAddress ` -Name "myPublicIp3" ` -ResourceGroupName $RgName ` -Location $Location ` -AllocationMethod Static
Add-AzNetworkInterfaceIpConfig ` -Name IPConfig-4 ` -NetworkInterface $myNIC ` -Subnet $Subnet ` -PrivateIpAddress 10.0.0.7 ` -PublicIpAddress $myPublicIp3
Set-AzNetworkInterface -NetworkInterface $MyNIC
And we can confirm it's now listed by checking the portal or running the following command:
$MyNIC.IpConfigurations | Format-Table Name, PrivateIPAddress, PublicIPAddress, Primary
You'll also see it in the Azure portal:
The golden rule is usually to never manage Azure VM public IP addressing in the guest operating system. But because we've added a new static, private IP address to the Azure configuration, we need to manually tell the guest operating system that there is now a new, secondary private IP address it needs to be listening on.
So for Windows Server, log into the operating system, run ipconfig to see your current network settings (primary IP address, subnet mask, default gateway and Azure DNS server 18.104.22.168) then run ncpa.cpl and add these to the IP address settings for your NIC:
Then under Advanced, add your secondary private IP address:
Note: When you close these network settings, you will temporary lose your connection, then it should re-establish itself. This also works if your RDP port is NOT open to the internet and the remote access into your guest OS is done with Azure Bastion.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.