When creating a new Azure virtual machine using the Azure portal, you can create and assign a static public IP address to it, but what if you need it to have more than one? In this article, we'll use PowerShell commands in the Azure portal's Cloud Shell to add multiple public IP addresses to a virtual machine.
Overview of IP address configuration on Azure Virtual Machines
Lets start with the architecture of how IP addresses work with Azure Virtual Machines. An Azure virtual machine is more than one resource - as well as the virtual machine you have disk storage, a network interface (NIC), a virtual network and (hopefully) a network security group. Creating a virtual machine through the Azure portal allows you to add one network interface, one dynamic private IP address and one dynamic or static public IP address.
But, virtual machines also support having static private IP addresses, multiple private IP addresses, multiple public IP addresses and multiple NICs. This could be useful if you want to split public-facing (or "front end") traffic from internal traffic to other Azure or on-premises resources (known as "back end" traffic).
Today we'll keep it simple and stick with a single NIC, but add multiple IP addresses to it.
If you want to add multiple NICs to your VM, you can follow the 5 steps to add a NIC to an existing VM.
We add new IP configurations to the appropriate NIC.
IP configurations
Each IP configuration can have one of the following combinations
- Static private IP address, no public IP address
- Dynamic private IP address, no public IP address
- Static private IP address, dynamic public IP address
- Static private IP address, static public IP address
- Dynamic private IP address, dynamic public IP address
- Dynamic private IP address, static public IP address
EXCEPT if your virtual machine is in an Availability zone, then only Standard SKU public IP addresses are supported, which means your public IP address can only be static.
Note: If you delete an IP configuration from your virtual machine and it contains a public IP address, it won't automatically delete the public IP address resource (as you may wish to reallocate it). If the public IP address is no longer needed, make sure you delete the public IP address resource too (after it has been disassociated from the VM by the removal of the IP configuration).
Run these commands in PowerShell or the Cloud Shell:
Step 1: Fetch the details of your NIC
Get-AzNetworkInterface | Format-Table Name, ResourceGroupName, Location
Step 2: Create variables to store the values of the name of your NIC, its resource group name and its location (replacing the values in " " with your own details).
$NicName = "MyNIC"
$RgName = "MyResourceGroup"
$Location = "westus"
Step 3: Create a variable that fetches and stores information about your NIC:
$MyNIC = Get-AzNetworkInterface -Name $NicName -ResourceGroupName $RgName
Step 4: Query the details of the $MyNIC variable to note the VNet and Subnet your NIC is connected to:
$MyNIC.IpConfigurations
The output of step 4 will look similar to this:
"Id": "/subscriptions/[Id]/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/MyVNet/subnets/MySubnet"
so the MyVNet and MySubnet values are what you need from this.
Now you have a choice to make - you can add a public IP address to an existing IP configuration which already has private IP address (dynamic or static), OR you can add a public IP address as a new, additional IP configuration.
If you add it to a new IP config, you also have to add a new private IP address at the same time, as all public IP addresses must have a corresponding private IP address.
Step 5: Create a new public IP address resource:
$myPublicIp3 = New-AzPublicIpAddress `
-Name "myPublicIp3" `
-ResourceGroupName $RgName `
-Location $Location `
-AllocationMethod Static
Step 6: Create a new IP configuration, including the public IP address and specifying a static private IP address:
Add-AzNetworkInterfaceIpConfig `
-Name IPConfig-4 `
-NetworkInterface $myNIC `
-Subnet $Subnet `
-PrivateIpAddress 10.0.0.7 `
-PublicIpAddress $myPublicIp3
Step 7: Bind (or set) this new IP configuration to your NIC:
Set-AzNetworkInterface -NetworkInterface $MyNIC
And we can confirm it's now listed by checking the portal or running the following command:
$MyNIC.IpConfigurations | Format-Table Name, PrivateIPAddress, PublicIPAddress, Primary
You'll also see it in the Azure portal:
Step 8: Add the IP address to the Guest OS
Wait, what?
The golden rule is usually to never manage Azure VM public IP addressing in the guest operating system. But because we've added a new static, private IP address to the Azure configuration, we need to manually tell the guest operating system that there is now a new, secondary private IP address it needs to be listening on.
So for Windows Server, log into the operating system, run ipconfig to see your current network settings (primary IP address, subnet mask, default gateway and Azure DNS server 163.63.129.16) then run ncpa.cpl and add these to the IP address settings for your NIC:
Then under Advanced, add your secondary private IP address:
Note: When you close these network settings, you will temporary lose your connection, then it should re-establish itself. This also works if your RDP port is NOT open to the internet and the remote access into your guest OS is done with Azure Bastion.
Learn more
Azure Virtual Network concepts and best practices
Public IP addresses in Microsoft Azure
Create a VM with multiple IP addresses
Design an IP addressing schema for your Azure deployment - MS Learn