Quickstart: Create a virtual network using the Azure CLI

A virtual network enables Azure resources, like virtual machines (VMs), to communicate privately with each other, and with the internet.

In this quickstart, you learn how to create a virtual network. After creating a virtual network, you deploy two VMs into the virtual network. You then connect to the VMs from the internet, and communicate privately over the new virtual network.

If you don't have an Azure subscription, create a free account before you begin.

Prerequisites

  • Use the Bash environment in Azure Cloud Shell.

    Launch Cloud Shell in a new window

  • If you prefer, install the Azure CLI to run CLI reference commands.

    • If you're using a local installation, sign in to the Azure CLI by using the az login command. To finish the authentication process, follow the steps displayed in your terminal. For additional sign-in options, see Sign in with the Azure CLI.

    • When you're prompted, install Azure CLI extensions on first use. For more information about extensions, see Use extensions with the Azure CLI.

    • Run az version to find the version and dependent libraries that are installed. To upgrade to the latest version, run az upgrade.

  • This quickstart requires version 2.0.28 or later of the Azure CLI. If using Azure Cloud Shell, the latest version is already installed.

Create a resource group and a virtual network

Before you can create a virtual network, you have to create a resource group to host the virtual network. Create a resource group with az group create. This example creates a resource group named CreateVNetQS-rg in the Eastus location:

az group create \
    --name CreateVNetQS-rg \
    --location eastus

Create a virtual network with az network vnet create. This example creates a default virtual network named myVNet with one subnet named default:

az network vnet create \
  --name myVNet \
  --resource-group CreateVNetQS-rg \
  --subnet-name default

Create virtual machines

Create two VMs in the virtual network.

Create the first VM

Create a VM with az vm create.

If SSH keys don't already exist in a default key location, the command creates them. To use a specific set of keys, use the --ssh-key-value option.

The --no-wait option creates the VM in the background. You can continue to the next step.

This example creates a VM named myVM1:

az vm create \
  --resource-group CreateVNetQS-rg \
  --name myVM1 \
  --image UbuntuLTS \
  --generate-ssh-keys \
  --public-ip-address myPublicIP-myVM1 \
  --no-wait

Create the second VM

You used the --no-wait option in the previous step. You can go ahead and create the second VM named myVM2.

az vm create \
  --resource-group CreateVNetQS-rg \
  --name myVM2 \
  --image UbuntuLTS \
  --public-ip-address myPublicIP-myVM2 \
  --generate-ssh-keys

Note

Azure provides an default outbound access IP for Azure Virtual Machines which aren't assigned a public IP address, or are in the backend pool of an internal Basic Azure Load Balancer. The default outbound access IP mechanism provides an outbound IP address that isn't configurable.

For more information about default outbound access, see Default outbound access in Azure

The default outbound access IP is disabled when a public IP address is assigned to the virtual machine, or the virtual machine is placed in the backend pool of a Standard Load Balancer with or without outbound rules. If a Azure Virtual Network NAT gateway resource is assigned to the subnet of the virtual machine, the default outbound access IP is disabled.

Virtual machines created by Virtual Machine Scale sets in Flexible Orchestration mode don't have default outbound access.

For more information about outbound connections in Azure, see Using Source Network Address Translation (SNAT) for outbound connections.

Azure CLI output message

The VMs take a few minutes to create. After Azure creates the VMs, the Azure CLI returns output like this:

{
  "fqdns": "",
  "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/CreateVNetQS-rg/providers/Microsoft.Compute/virtualMachines/myVM2",
  "location": "eastus",
  "macAddress": "00-0D-3A-23-9A-49",
  "powerState": "VM running",
  "privateIpAddress": "10.0.0.5",
  "publicIpAddress": "40.68.254.142",
  "resourceGroup": "CreateVNetQS-rg"
  "zones": ""
}

VM public IP

To get the public IP address myVM2, use az network public-ip show:

az network public-ip show \
  --resource-group CreateVNetQS-rg  \
  --name myPublicIP-myVM2 \
  --query ipAddress \
  --output tsv

Connect to a VM from the internet

In this command, replace <publicIpAddress> with the public IP address of your myVM2 VM:

ssh <publicIpAddress>

Communicate between VMs

To confirm private communication between the myVM2 and myVM1 VMs, enter this command:

ping myVM1 -c 4

You'll receive four replies from 10.0.0.4.

Exit the SSH session with the myVM2 VM.

Clean up resources

When no longer needed, you can use az group delete to remove the resource group and all the resources it has:

az group delete \
    --name CreateVNetQS-rg \
    --yes

Next steps

In this quickstart:

  • You created a default virtual network and two VMs.
  • You connected to one VM from the internet and communicated privately between the two VMs.

Private communication between VMs is unrestricted in a virtual network.

Advance to the next article to learn more about configuring different types of VM network communications: