Create a Linux virtual machine with Accelerated Networking

Important

Virtual machines must be created with Accelerated Networking enabled. This feature cannot be enabled on existing virtual machines. You can follow the steps below to enable Accelerated Networking:

  1. Delete the virtual machine.
  2. Re-create the virtual machine with Accelerated Networking enabled.

In this tutorial, you learn how to create a Linux virtual machine (VM) with Accelerated Networking. Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, greatly improving its networking performance. This high-performance path bypasses the host from the datapath, reducing latency, jitter, and CPU utilization, for use with the most demanding network workloads on supported VM types. The following picture shows communication between two VMs with and without accelerated networking:

Comparison

Without accelerated networking, all networking traffic in and out of the VM must traverse the host and the virtual switch. The virtual switch provides all policy enforcement, such as network security groups, access control lists, isolation, and other network virtualized services to network traffic. To learn more about virtual switches, read the Hyper-V network virtualization and virtual switch article.

With accelerated networking, network traffic arrives at the VM's network interface (NIC), and is then forwarded to the VM. All network policies that the virtual switch applies are now offloaded and applied in hardware. Applying policy in hardware enables the NIC to forward network traffic directly to the VM, bypassing the host and the virtual switch, while maintaining all the policy it applied in the host.

The benefits of accelerated networking only apply to the VM that it is enabled on. For the best results, it is ideal to enable this feature on at least two VMs connected to the same Azure Virtual Network (VNet). When communicating across VNets or connecting on-premises, this feature has minimal impact to overall latency.

Benefits

  • Lower Latency / Higher packets per second (pps): Removing the virtual switch from the datapath removes the time packets spend in the host for policy processing and increases the number of packets that can be processed inside the VM.
  • Reduced jitter: Virtual switch processing depends on the amount of policy that needs to be applied and the workload of the CPU that is doing the processing. Offloading the policy enforcement to the hardware removes that variability by delivering packets directly to the VM, removing the host to VM communication and all software interrupts and context switches.
  • Decreased CPU utilization: Bypassing the virtual switch in the host leads to less CPU utilization for processing network traffic.

Supported operating systems

  • Ubuntu 16.04: 4.11.0-1013 or greater kernel version
  • SLES SP3: 4.4.92-6.18 or greater kernel version
  • RHEL: 7.4.2017120423 or greater kernel version
  • CentOS: 7.4.20171206 or greater kernel version

Supported VM instances

Accelerated Networking is supported on most general purpose and compute-optimized instance sizes with 4 or more vCPUs. On instances such as D/DSv3 or E/ESv3 that support hyperthreading, Accelerated Networking is supported on VM instances with 8 or more vCPUs. Supported series are: D/DSv2, D/DSv3, E/ESv3, F/Fs/Fsv2, and Ms/Mms.

For more information on VM instances, see Linux VM sizes.

Regions

Available in all public Azure regions with the exception of East Asia. Azure Government Cloud is not yet supported.

Limitations

The following limitations exist when using this capability:

  • Network interface creation: Accelerated networking can only be enabled for a new NIC. It cannot be enabled for an existing NIC.
  • VM creation: A NIC with accelerated networking enabled can only be attached to a VM when the VM is created. The NIC cannot be attached to an existing VM. If adding the VM to an existing availability set, all VMs in the availability set must also have accelerated networking enabled.
  • Deployment through Azure Resource Manager only: Virtual machines (classic) cannot be deployed with Accelerated Networking.

Create a virtual network

Install the latest Azure CLI 2.0 and log in to an Azure account using az login. In the following examples, replace example parameter names with your own values. Example parameter names included myResourceGroup, myNic, and myVm.

Create a resource group with az group create. The following example creates a resource group named myResourceGroup in the centralus location:

az group create --name myResourceGroup --location centralus

You must select a supported Linux region listed in Linux accelerated networking.

Create a virtual network with az network vnet create. The following example creates a virtual network named myVnet with one subnet:

az network vnet create \
    --resource-group myResourceGroup \
    --name myVnet \
    --address-prefix 192.168.0.0/16 \
    --subnet-name mySubnet \
    --subnet-prefix 192.168.1.0/24

Create a network security group

Create a network security group with az network nsg create. The following example creates a network security group named myNetworkSecurityGroup:

az network nsg create \
    --resource-group myResourceGroup \
    --name myNetworkSecurityGroup

The network security group contains several default rules, one of which disables all inbound access from the Internet. Open a port to allow SSH access to the virtual machine with az network nsg rule create:

az network nsg rule create \
  --resource-group myResourceGroup \
  --nsg-name myNetworkSecurityGroup \
  --name Allow-SSH-Internet \
  --access Allow \
  --protocol Tcp \
  --direction Inbound \
  --priority 100 \
  --source-address-prefix Internet \
  --source-port-range "*" \
  --destination-address-prefix "*" \
  --destination-port-range 22

Create a network interface with accelerated networking

Create a public IP address with az network public-ip create. A public IP address isn't required if you don't plan to access the virtual machine from the Internet, but to complete the steps in this article, it is required.

az network public-ip create \
    --name myPublicIp \
    --resource-group myResourceGroup

Create a network interface with az network nic create with accelerated networking enabled. The following example creates a network interface named myNic in the mySubnet subnet of the myVnet virtual network and associates the myNetworkSecurityGroup network security group to the network interface:

az network nic create \
    --resource-group myResourceGroup \
    --name myNic \
    --vnet-name myVnet \
    --subnet mySubnet \
    --accelerated-networking true \
    --public-ip-address myPublicIp \
    --network-security-group myNetworkSecurityGroup

Create a VM and attach the NIC

When you create the VM, specify the NIC you created with --nics. You must select a size and distribution listed in Linux accelerated networking.

Create a VM with az vm create. The following example creates a VM named myVM with the UbuntuLTS image and a size that supports Accelerated Networking (Standard_DS4_v2):

az vm create \
    --resource-group myResourceGroup \
    --name myVM \
    --image UbuntuLTS \
    --size Standard_DS4_v2 \
    --admin-username azureuser \
    --generate-ssh-keys \
    --nics myNic

For a list of all VM sizes and characteristics, see Linux VM sizes.

Once the VM is created, output similar to the following example output is returned. Take note of the publicIpAddress. This address is used to access the VM in subsequent steps.

{
  "fqdns": "",
  "id": "/subscriptions/<ID>/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachines/myVM",
  "location": "centralus",
  "macAddress": "00-0D-3A-23-9A-49",
  "powerState": "VM running",
  "privateIpAddress": "192.168.0.4",
  "publicIpAddress": "40.68.254.142",
  "resourceGroup": "myResourceGroup"
}

Confirm that accelerated networking is enabled

Use the following command to create an SSH session with the VM. Replace <your-public-ip-address> with the public IP address assigned to the virtual machine you created, and replace azureuser if you used a different value for --admin-username when you created the VM.

ssh azureuser@<your-public-ip-address>

From the Bash shell, enter uname -r and confirm that the kernel version is one of the following versions, or greater:

  • Ubuntu 16.04: 4.11.0-1013
  • SLES SP3: 4.4.92-6.18
  • RHEL: 7.4.2017120423
  • CentOS: 7.4.20171206

Confirm the Mellanox VF device is exposed to the VM with the lspci command. The returned output is similar to the following output:

0000:00:00.0 Host bridge: Intel Corporation 440BX/ZX/DX - 82443BX/ZX/DX Host bridge (AGP disabled) (rev 03)
0000:00:07.0 ISA bridge: Intel Corporation 82371AB/EB/MB PIIX4 ISA (rev 01)
0000:00:07.1 IDE interface: Intel Corporation 82371AB/EB/MB PIIX4 IDE (rev 01)
0000:00:07.3 Bridge: Intel Corporation 82371AB/EB/MB PIIX4 ACPI (rev 02)
0000:00:08.0 VGA compatible controller: Microsoft Corporation Hyper-V virtual VGA
0001:00:02.0 Ethernet controller: Mellanox Technologies MT27500/MT27520 Family [ConnectX-3/ConnectX-3 Pro Virtual Function]

Check for activity on the VF (virtual function) with the ethtool -S eth0 | grep vf_ command. If you receive output similar to the following sample output, accelerated networking is enabled and working.

vf_rx_packets: 992956
vf_rx_bytes: 2749784180
vf_tx_packets: 2656684
vf_tx_bytes: 1099443970
vf_tx_dropped: 0

Accelerated Networking is now enabled for your VM.