Configure routing preference for a VM using Azure PowerShell

This article shows you how to configure routing preference for a virtual machine. Internet bound traffic from the VM will be routed via the ISP network when you choose Internet as your routing preference option . The default routing is via the Microsoft global network.

This article shows you how to create a virtual machine with a public IP that is set to route traffic via the ISP network using Azure PowerShell.

Create a resource group

  1. If using the Cloud Shell, skip to step 2. Open a command session and sign into Azure with Connect-AzAccount.

  2. Create a resource group with the New-AzResourceGroup command. The following example creates a resource group in the East US Azure region:

    $rg = New-AzResourceGroup -Name MyResourceGroup -Location EastUS
    

Create a public IP address

To access your virtual machines from the Internet, you need a public IP addresses. Create public IP addresses with New-AzPublicIpAddress. The following example creates a IPv4 public IP address named MyPublicIP routing preference type Internet in the MyResourceGroup resource group in East US region:

$iptagtype="RoutingPreference"
$tagName = "Internet"
$ipTag = New-AzPublicIpTag -IpTagType $iptagtype -Tag $tagName 
# attach the tag
$publicIp = New-AzPublicIpAddress  `
-Name "MyPublicIP" `
-ResourceGroupName $rg.ResourceGroupName `
-Location $rg.Location `
-IpTag $ipTag `
-AllocationMethod Static `
-Sku Standard `
-IpAddressVersion IPv4

Create network resources

Before you deploy a VM, you must create supporting network resources - network security group, virtual network, and virtual NIC.

Create a network security group

Create a network security group with New-AzNetworkSecurityGroup. The following example creates a NSG named myNSG

$nsg = New-AzNetworkSecurityGroup `
-ResourceGroupName $rg.ResourceGroupName `
-Location $rg.Location  `
-Name "myNSG"

Create a virtual network

Create a virtual network with New-AzVirtualNetwork. The following example creates a virtual network named myVNET with mySubNet:

Create a subnet

$subnet = New-AzVirtualNetworkSubnetConfig `
-Name "mySubnet" `
-AddressPrefix "10.0.0.0/24"
# Create a virtual network
$vnet = New-AzVirtualNetwork `
-ResourceGroupName $rg.ResourceGroupName `
-Location $rg.Location  `
-Name "myVNET" `
-AddressPrefix "10.0.0.0/16" `
-Subnet $subnet

Create a NIC

Create virtual NICs with [New-AzNetworkInterface](/powershell/module/az.network/new-aznetworkinterface. The following example creates a virtual NIC.

# Create an IP Config
$ipconfig=New-AzNetworkInterfaceIpConfig `
-Name myIpConfig `
-Subnet $vnet.subnets[0] `
-PrivateIpAddressVersion IPv4 `
-PublicIpAddress  $publicIp

# Create a NIC
$nic = New-AzNetworkInterface `
-Name "mynic" `
-ResourceGroupName $rg.ResourceGroupName `
-Location $rg.Location  `
-NetworkSecurityGroupId $nsg.Id `
-IpConfiguration $ipconfig 

Create a virtual machine

Set an administrator username and password for the VMs with Get-Credential:

 $cred = get-credential -Message "Routing Preference SAMPLE:  Please enter the Administrator credential to log into the VM."

Now you can create the VM with New-AzVM. The following example creates two VMs and the required virtual network components if they do not already exist.

 $vmsize = "Standard_A2"
 $ImagePublisher = "MicrosoftWindowsServer"
 $imageOffer = "WindowsServer"
 $imageSKU = "2019-Datacenter"

 $vmName= "myVM"
 $vmconfig = New-AzVMConfig -VMName $vmName -VMSize $vmsize | Set-AzVMOperatingSystem -Windows -ComputerName $vmName -Credential $cred -ProvisionVMAgent -EnableAutoUpdate | Set-AzVMSourceImage -PublisherName $ImagePublisher -Offer $imageOffer -Skus $imageSKU -Version "latest" | Set-AzVMOSDisk -Name "$vmName.vhd" -CreateOption "FromImage" | Add-AzVMNetworkInterface -Id $nic.Id 
 $VM1 = New-AzVM -ResourceGroupName $rg.ResourceGroupName  -Location $rg.Location  -VM $vmconfig

Allow network traffic to the VM

Before you can connect to the public IP address from the internet, ensure that you have the necessary ports open in any network security group that you might have associated to the network interface, the subnet the network interface is in, or both. You can view the effective security rules for a network interface and its subnet using the Portal, CLI, or PowerShell.

Clean up resources

When no longer needed, you can use the Remove-AzResourceGroup command to remove the resource group, VM, and all related resources.

Remove-AzResourceGroup -Name MyResourceGroup

Next steps