Configure IPv6 endpoints in virtual network script sample using Standard Load Balancer(preview)
This article shows you how to deploy a dual stack (IPv4 + IPv6) application in Azure that includes a dual stack virtual network with a dual stack subnet, a Standard Load Balancer with dual (IPv4 + IPv6) front-end configurations, VMs with NICs that have a dual IP configuration, dual network security group rules ,and dual public IPs.
If you don't have an Azure subscription, create an Azure free account before you begin.
Prerequisites
Use the Bash environment in Azure Cloud Shell. For more information, see Azure Cloud Shell Quickstart - Bash.
If you prefer to run CLI reference commands locally, install the Azure CLI. If you're running on Windows or macOS, consider running Azure CLI in a Docker container. For more information, see How to run the Azure CLI in a Docker container.
If you're using a local installation, sign in to the Azure CLI by using the az login command. To finish the authentication process, follow the steps displayed in your terminal. For other sign-in options, see Sign in with the Azure CLI.
When you're prompted, install the Azure CLI extension on first use. For more information about extensions, see Use extensions with the Azure CLI.
Run az version to find the version and dependent libraries that are installed. To upgrade to the latest version, run az upgrade.
Sample script
Launch Azure Cloud Shell
The Azure Cloud Shell is a free interactive shell that you can use to run the steps in this article. It has common Azure tools preinstalled and configured to use with your account.
To open the Cloud Shell, just select Try it from the upper right corner of a code block. You can also launch Cloud Shell in a separate browser tab by going to https://shell.azure.com.
When Cloud Shell opens, verify that Bash is selected for your environment. Subsequent sessions will use Azure CLI in a Bash environment, Select Copy to copy the blocks of code, paste it into the Cloud Shell, and press Enter to run it.
Sign in to Azure
Cloud Shell is automatically authenticated under the initial account signed-in with. Use the following script to sign in using a different subscription, replacing <Subscription ID> with your Azure Subscription ID. If you don't have an Azure subscription, create an Azure free account before you begin.
subscription="<subscriptionId>" # add subscription here
az account set -s $subscription # ...or use 'az login'
For more information, see set active subscription or log in interactively
Run the script
# Use IPv6 for vNet with standard SKU
# IMPORTANT
# To use the IPv6 for Azure virtual network feature,
# you must configure your subscription only once as follows:
#
# az feature register --name AllowIPv6VirtualNetwork --namespace Microsoft.Network
# az feature register --name AllowIPv6CAOnStandardLB --namespace Microsoft.Network
#
# It takes up to 30 minutes for feature registration to complete.
# You can check your registration status by running the following Azure CLI command:
#
# az feature show --name AllowIPv6VirtualNetwork --namespace Microsoft.Network
# az feature show --name AllowIPv6CAOnStandardLB --namespace Microsoft.Network
#
# After the registration is complete, run the following command:
#
# az provider register --namespace Microsoft.Network
# Variable block
let "randomIdentifier=$RANDOM*$RANDOM"
location="East US"
resourceGroup="msdocs-virtual-network-rg-$randomIdentifier"
tag="virtual-network-cli-sample-ipv6-dual-stack-standard-load-balancer"
ipV4PublicIp="msdocs-ipV4-public-ip-address-$randomIdentifier"
ipV6PublicIp="msdocs-ipV6-public-ip-address-$randomIdentifier"
zone="1"
ipV4RemoteAccessVm0="msdocs-ipV4-pubic-ip-for-vm0-remote-access-$randomIdentifier"
ipV4RemoteAccessVm1="msdocs-ipV4-pubic-ip-for-vm1-remote-access-$randomIdentifier"
sku="STANDARD"
allocationMethod="static"
loadBalancer="msdocs-load-balancer-$randomIdentifier"
lbFrontEndV4="msdocs-frontend-ip--$randomIdentifier"
lbPublicIpV4="msdocs-public-ip-$randomIdentifier"
lbBackEndPoolV4="msdocs-backend-pool-$randomIdentifier"
loadBalancerFrontEnd_v6="msdocs-load-balancer-frontend-ip-v6-$randomIdentifier"
loadBalancerBackEndPool_v6="msdocs-load-balancer-backend-pool-v6-$randomIdentifier"
loadBalancerRule_v4="msdocs-lb-rule-v4-$randomIdentifier"
loadBalancerRule_v6="msdocs-lb-rule-v6-$randomIdentifier"
availabilitySet="msdocs-availability-set-$randomIdentifier"
nsg="msdocs-network-security-group-$randomIdentifier"
vNet="msdocs-virtual-network-$randomIdentifier"
vNetAddressPrefixes="10.0.0.0/16 fd00:db8:deca::/48"
subnet="msdocs-single-dual-stack-subnet-$randomIdentifier"
subnetAddressPrefixes="10.0.0.0/16 fd00:db8:deca:deed::/64"
nic0="msdocs-nic0-$randomIdentifier"
nic1="msdocs-nic1-$randomIdentifier"
nic0ConfigIpV6="msdocs-ipV6-config-nic0-$randomIdentifier"
nic1ConfigIpV6="msdocs-ipV6-config-nic1-$randomIdentifier"
vm0="docvm0$randomIdentifier"
vm1="docvm1$randomIdentifier"
image="MicrosoftWindowsServer:WindowsServer:2016-Datacenter:latest"
vmSize="Standard_A2"
login="azureuser"
password="Pa$$w0rD-$randomIdentifier"
echo "Using resource group $resourceGroup with login: $login, password: $password..."
# Create a resource group
echo "Creating $resourceGroup in $location..."
az group create --name $resourceGroup --location "$location" --tags $tag
# Create an IPV4 IP address
echo "Creating $ipV4PublicIp"
az network public-ip create --name $ipV4PublicIp --resource-group $resourceGroup --location "$location" --sku $sku --allocation-method $allocationMethod --version IPv4 --zone $zone
# Create an IPV6 IP address
echo "Creating $ipV6PublicIp"
az network public-ip create --name $ipV6PublicIp --resource-group $resourceGroup --location "$location" --sku $sku --allocation-method $allocationMethod --version IPv6 --zone $zone
# Create public IP addresses for remote access to VMs
echo "Creating $ipV4RemoteAccessVm0 and $ipV4RemoteAccessVm1"
az network public-ip create --name $ipV4RemoteAccessVm0 --resource-group $resourceGroup --location "$location" --sku $sku --allocation-method $allocationMethod --version IPv4 --zone $zone
az network public-ip create --name $ipV4RemoteAccessVm1 --resource-group $resourceGroup --location "$location" --sku $sku --allocation-method $allocationMethod --version IPv4 --zone $zone
# Create load balancer
echo "Creating $loadBalancer"
az network lb create --name $loadBalancer --resource-group $resourceGroup --sku $sku --location "$location" --frontend-ip-name $lbFrontEndV4 --public-ip-address $lbPublicIpV4 --backend-pool-name $lbBackEndPoolV4
# Create IPv6 front-end
echo "Creating $ipV6PublicIp"
az network lb frontend-ip create --lb-name $loadBalancer --name $loadBalancerFrontEnd_v6 --resource-group $resourceGroup --public-ip-address $ipV6PublicIp
# Configure IPv6 back-end address pool
echo "Creating $loadBalancerBackEndPool_v6"
az network lb address-pool create --lb-name $loadBalancer --name $loadBalancerBackEndPool_v6 --resource-group $resourceGroup
# Create a load balancer rules
echo "Creating $loadBalancerRule_v4"
az network lb rule create --lb-name $loadBalancer --name $loadBalancerRule_v4 --resource-group $resourceGroup --frontend-ip-name $lbFrontEndV4 --protocol Tcp --frontend-port 80 --backend-port 80 --backend-pool-name $lbBackEndPoolV4
az network lb rule create --lb-name $loadBalancer --name $loadBalancerRule_v6 --resource-group $resourceGroup --frontend-ip-name $loadBalancerFrontEnd_v6 --protocol Tcp --frontend-port 80 --backend-port 80 --backend-pool-name $loadBalancerBackEndPool_v6
# Create an availability set
echo "Creating $availabilitySet"
az vm availability-set create --name $availabilitySet --resource-group $resourceGroup --location "$location" --platform-fault-domain-count 2 --platform-update-domain-count 2
# Create network security group
echo "Creating $nsg"
az network nsg create --name $nsg --resource-group $resourceGroup --location "$location"
# Create inbound rule for port 3389
echo "Creating inbound rule in $nsg for port 3389"
az network nsg rule create --name allowRdpIn --nsg-name $nsg --resource-group $resourceGroup --priority 100 --description "Allow Remote Desktop In" --access Allow --protocol "*" --direction Inbound --source-address-prefixes "*" --source-port-ranges 3389 --destination-address-prefixes "*" --destination-port-ranges 3389
# Create inbound rule for port 80
echo "Creating inbound rule in $nsg for port 80"
az network nsg rule create --name allowRdpIn --nsg-name $nsg --resource-group $resourceGroup --priority 200 --description "Allow HTTP In" --access Allow --protocol "*" --direction Inbound --source-address-prefixes "*" --source-port-ranges 80 --destination-address-prefixes "*" --destination-port-ranges 80
# Create outbound rule
echo "Creating outbound rule in $nsg to allow all"
az network nsg rule create --name allowAllOut --nsg-name $nsg --resource-group $resourceGroup --priority 300 --description "Allow All Out" --access Allow --protocol "*" --direction Outbound --source-address-prefixes "*" --source-port-ranges "*" --destination-address-prefixes "*" --destination-port-ranges "*"
# Create the virtual network with IPv4 and IPv6 addresses
echo "Creating $vNet"
az network vnet create --name $vNet --resource-group $resourceGroup --location "$location" --address-prefixes $vNetAddressPrefixes
# Create a single dual stack subnet with IPv4 and IPv6 addresses
echo "Creating $subnet"
az network vnet subnet create --name $subnet --resource-group $resourceGroup --vnet-name $vNet --address-prefixes $subnetAddressPrefixes --network-security-group $nsg
# Create NICs
echo "Creating $nic0 and $nic1"
az network nic create --name $nic0 --resource-group $resourceGroup --network-security-group $nsg --vnet-name $vNet --subnet $subnet --private-ip-address-version IPv4 --lb-address-pools $lbBackEndPoolV4 --lb-name $loadBalancer --public-ip-address $ipV4RemoteAccessVm1
az network nic create --name $nic1 --resource-group $resourceGroup --network-security-group $nsg --vnet-name $vNet --subnet $subnet --private-ip-address-version IPv4 --lb-address-pools $lbBackEndPoolV4 --lb-name $loadBalancer --public-ip-address $ipV4RemoteAccessVm0
# Create IPV6 configurations for each NIC
echo "Creating $nic0ConfigIpV6 and $nic1ConfigIpV6"
az network nic ip-config create --name $nic0ConfigIpV6 --nic-name $nic0 --resource-group $resourceGroup --vnet-name $vNet --subnet $subnet --private-ip-address-version IPv6 --lb-address-pools $loadBalancerBackEndPool_v6 --lb-name $loadBalancer
az network nic ip-config create --name $nic1ConfigIpV6 --nic-name $nic1 --resource-group $resourceGroup --vnet-name $vNet --subnet $subnet --private-ip-address-version IPv6 --lb-address-pools $loadBalancerBackEndPool_v6 --lb-name $loadBalancer
# Create virtual machines
# When prompted, provide a complex password for the admin account for each Windows virtual machine
Creating "$vm0 and $vm1"
az vm create --name $vm0 --resource-group $resourceGroup --nics $nic0 --size $vmSize --availability-set $availabilitySet --image $image --public-ip-sku $sku --admin-user $login --admin-password $password
az vm create --name $vm1 --resource-group $resourceGroup --nics $nic1 --size $vmSize --availability-set $availabilitySet --image $image --public-ip-sku $sku --admin-user $login --admin-password $password
Tip
You can view the IPv6 dual stack virtual network in Azure portal on the virtual network page. The dual stack virtual network shows the two NICs with both IPv4 and IPv6 configurations in the dual stack subnet.
Clean up deployment
Use the following command to remove the resource group and all resources associated with it using the az group delete command - unless you have an ongoing need for these resources. Some of these resources may take a while to create, as well as to delete.
az group delete --name $resourceGroup
Sample reference
This script uses the following commands to create a resource group, virtual machine, availability set, load balancer, and all related resources. Each command in the table links to command specific documentation.
| Command | Notes |
|---|---|
| az group create | Creates a resource group in which all resources are stored. |
| az network vnet create | Creates an Azure virtual network and subnet. |
| az network public-ip create | Creates a public IP address with a static IP address and an associated DNS name. |
| az network lb create | Creates an Azure load balancer. |
| az network lb probe create | Creates a load balancer probe. A load balancer probe is used to monitor each VM in the load balancer set. If any VM becomes inaccessible, traffic is not routed to the VM. |
| az network lb rule create | Creates a load balancer rule. In this sample, a rule is created for port 80. As HTTP traffic arrives at the load balancer, it is routed to port 80 one of the VMs in the LB set. |
| az network lb inbound-nat-rule create | Creates load balancer Network Address Translation (NAT) rule. NAT rules map a port of the load balancer to a port on a VM. In this sample, a NAT rule is created for SSH traffic to each VM in the load balancer set. |
| az network nsg create | Creates a network security group (NSG), which is a security boundary between the internet and the virtual machine. |
| az network nsg rule create | Creates an NSG rule to allow inbound traffic. In this sample, port 22 is opened for SSH traffic. |
| az network nic create | Creates a virtual network card and attaches it to the virtual network, subnet, and NSG. |
| az vm availability-set create | Creates an availability set. Availability sets ensure application uptime by spreading the virtual machines across physical resources such that if failure occurs, the entire set isn't affected. |
| az vm create | Creates the virtual machine and connects it to the network card, virtual network, subnet, and NSG. This command also specifies the virtual machine image to be used and administrative credentials. |
| az group delete | Deletes a resource group including all nested resources. |
Next steps
For more information on the Azure CLI, see Azure CLI documentation.
Additional Azure Networking CLI script samples can be found in the Azure Networking documentation.
Povratne informacije
Pošalјite i prikažite povratne informacije za