Azure Virtual machines & network interface cards (NICs)

Notes compiled from official Azure documentation -

When you create an Azure virtual machine (VM), you must create a virtual network (VNet) or use an existing VNet

When creating a virtual machine using the Azure portal, the portal creates a network interface with default settings for you. 

A network interface enables an Azure Virtual Machine to communicate with internet, Azure, and on-premises resources.

Before creating a network interface, you must have an existing virtual network in the same location and subscription you create a network interface in.

You assign IP addresses to a VM using a network interface.

Once a network interface is created, you cannot change the virtual network it is assigned to. You can change the subnet the network interface is assigned to after it's created.

The virtual machine you add the network interface to must also exist in the same location and subscription as the network interface. The virtual machine you attach a network interface to and the virtual network you connect it to must exist in the same subscription.

A network interface can exist in the same, or different resource group, than the virtual machine you attach it to, or the virtual network you connect it to.

Azure assigns a MAC address to the network interface only after the network interface is attached to a virtual machine and the virtual machine is started the first time.

NICs in Azure VMs cannot forward traffic or act as Layer 3 (IP) gateways.

You can delete a network interface as long as it's not attached to a virtual machine. If it is attached to a virtual machine, you must first place the virtual machine in the stopped (deallocated) state, then detach the network interface from the virtual machine, before you can delete the network interface.

Virtual machines (VMs) in Azure can have multiple virtual network interface cards (NICs) attached to them.

There is no additional charge for NICs, although the number of NICs is tied to VM SKUs.

Multiple NICs allow a VM to connect to different subnets and send or receive traffic over the most appropriate interface.

A subnet is a range of IP addresses in the VNet. You can divide a VNet into multiple subnets for organization and security. Each NIC in a VM is connected to one subnet in one VNet. NICs connected to subnets (same or different) within a VNet can communicate with each other without any extra configuration.

A common scenario is for a virtual network to have two or more subnets. One subnet may be for front-end traffic, the other for back-end traffic. To connect to both subnets, you then use multiple NICs on your VM.

Network security groups enable you to filter network traffic in and out of a network interface. You can apply zero or one network security group to a network interface. Zero or one network security group can also be applied to the subnet the network interface is assigned to.

You can associate different NSGs to a NIC (or VM, depending on the deployment model) and the subnet that a NIC or VM is bound to.

One of the NICs on a multi-NIC VM needs to be primary.

The ability to add multiple NICs to VMs allows more flexibility in managing network traffic. For example, you might want to isolate data from management traffic, or utilize a virtual network appliance that requires two or more NICs.

Many network virtual appliances require multiple NICs.

Comments