Use Azure CLI to create a Windows or Linux VM with Accelerated Networking

Caution

This article references CentOS, a Linux distribution that is nearing End Of Life (EOL) status. Please consider your use and planning accordingly.

This article describes how to create a Linux or Windows virtual machine (VM) with Accelerated Networking (AccelNet) enabled by using the Azure CLI command-line interface. The article also discusses how to enable and manage Accelerated Networking on existing VMs.

You can also create a VM with Accelerated Networking enabled by using the Azure portal. For more information about using the Azure portal to manage Accelerated Networking on VMs, see Manage Accelerated Networking through the portal.

To use Azure PowerShell to create a Windows VM with Accelerated Networking enabled, see Use Azure PowerShell to create a Linux VM with Accelerated Networking.

Prerequisites

Create a VM with Accelerated Networking

In the following examples, you can replace the example parameters such as <myResourceGroup>, <myNic>, and <myVm> with your own values.

Create a virtual network

  1. Use az group create to create a resource group to contain the resources. Be sure to select a supported Windows or Linux region as listed in Windows and Linux Accelerated Networking.

    az group create --name <myResourceGroup> --location <myAzureRegion>
    
  2. Use az network vnet create to create a virtual network with one subnet in the resource group:

    az network vnet create \
      --resource-group <myResourceGroup> \
      --name <myVnet> \
      --address-prefix 192.168.0.0/16 \
      --subnet-name <mySubnet> \
      --subnet-prefix 192.168.1.0/24
    

Create a network security group

  1. Use az network nsg create to create a network security group (NSG).

    az network nsg create \
      --resource-group <myResourceGroup> \
      --name <myNsg>
    
  2. The NSG contains several default rules, one of which disables all inbound access from the internet. Use az network nsg rule create to open a port to allow remote desktop protocol (RDP) or secure shell (SSH) access to the VM.

    az network nsg rule create \
      --resource-group <myResourceGroup> \
      --nsg-name <myNsg> \
      --name Allow-RDP-Internet \
      --access Allow \
      --protocol Tcp \
      --direction Inbound \
      --priority 100 \
      --source-address-prefix Internet \
      --source-port-range "*" \
      --destination-address-prefix "*" \
      --destination-port-range 3389
    

Create a network interface with Accelerated Networking

  1. Use az network public-ip create to create a public IP address. The VM doesn't need a public IP address if you don't access it from the internet, but you need the public IP to complete the steps for this article.

    az network public-ip create \
      --name <myPublicIp> \
      --resource-group <myResourceGroup>
    
  2. Use az network nic create to create a network interface (NIC) with Accelerated Networking enabled. The following example creates a NIC in the subnet of the virtual network, and associates the NSG to the NIC.

    az network nic create \
     --resource-group <myResourceGroup> \
      --name <myNic> \
      --vnet-name <myVnet> \
      --subnet <mySubnet> \
      --accelerated-networking true \
      --public-ip-address <myPublicIp> \
      --network-security-group <myNsg>
    

Create a VM and attach the NIC

Use az vm create to create the VM, and use the --nics option to attach the NIC you created. Make sure to select a VM size and distribution that's listed in Windows and Linux Accelerated Networking. For a list of all VM sizes and characteristics, see Sizes for virtual machines in Azure.

The following example creates a Windows Server 2019 Datacenter VM with a size that supports Accelerated Networking, Standard_DS4_v2.

az vm create \
  --resource-group <myResourceGroup> \
  --name <myVm> \
  --image Win2019Datacenter \
  --size Standard_DS4_v2 \
  --admin-username <myAdminUser> \
  --admin-password <myAdminPassword> \
  --nics <myNic>

After the VM is created, you get output similar to the following example. For a Linux machine, take note of the publicIpAddress, which you enter to access the VM in the next step.

{
  "fqdns": "",
  "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachines/myVm",
  "location": "centralus",
  "macAddress": "00-0D-3A-23-9A-49",
  "powerState": "VM running",
  "privateIpAddress": "192.168.0.4",
  "publicIpAddress": "40.68.254.142",
  "resourceGroup": "myResourceGroup"
}

Confirm that accelerated networking is enabled

Once you create the VM in Azure, connect to the VM and confirm that the Ethernet controller is installed in Windows.

  1. In the Azure portal, search for and select virtual machines.

  2. On the Virtual machines page, select your new VM.

  3. On the VM's Overview page, select Connect.

  4. On the Connect screen, select Native RDP.

  5. On the Native RDP screen, select Download RDP file.

  6. Open the downloaded RDP file, and then sign in with the credentials you entered when you created the VM.

  7. On the remote VM, right-click Start and select Device Manager.

  8. In the Device Manager window, expand the Network adapters node.

  9. Confirm that the Mellanox ConnectX-4 Lx Virtual Ethernet Adapter appears, as shown in the following image:

    Mellanox ConnectX-3 Virtual Function Ethernet Adapter, new network adapter for accelerated networking, Device Manager

    The presence of the adapter confirms that Accelerated Networking is enabled for your VM.

Note

If the Mellanox adapter fails to start, open an administrator command prompt on the remote VM and enter the following command:

netsh int tcp set global rss = enabled

Handle dynamic binding and revocation of virtual function

Binding to the synthetic NIC that's exposed in the VM is a mandatory requirement for all applications that take advantage of Accelerated Networking. If an application runs directly over the VF NIC, it doesn't receive all packets that are destined to the VM, because some packets show up over the synthetic interface.

You must run an application over the synthetic NIC to guarantee that the application receives all packets that are destined to it. Binding to the synthetic NIC also ensures that the application keeps running even if the VF is revoked during host servicing.

For more information about application binding requirements, see How Accelerated Networking works in Linux and FreeBSD VMs.

In order to ensure that your custom image or applications correctly support the dynamic binding and revocation of virtual functions, the functionality can be tested on any Windows Hyper-V server. Use a local Windows Server running Hyper-V in the following configuration:

  • Ensure you have a physical network adapter that supports SR-IOV.
  • An external virtual switch is created on top of this SR-IOV adapter with "Enable single-root I/O virtualization (SR-IOV)" checked.
  • A virtual machine running your operating system image or application is created/deployed.
  • The network adapters for this virtual machine, under Hardware Acceleration, have "Enable SR-IOV" selected.

Once you've verified your virtual machine and application are leveraging a network adapter using SR-IOV, you can modify the following example commands to toggle SR-IOV off/on in order to revoke and add the virtual function which will simulate what happens during Azure host servicing:

# Get the virtual network adapter to test
$vmNic = Get-VMNetworkAdapter -VMName "myvm" | where {$_.MacAddress -eq "001122334455"}

# Enable SR-IOV on a virtual network adapter
Set-VMNetworkAdapter $vmNic -IovWeight 100 -IovQueuePairsRequested 1

# Disable SR-IOV on a virtual network adapter
Set-VMNetworkAdapter $vmNic -IovWeight 0

Manage Accelerated Networking on existing VMs

It's possible to enable Accelerated Networking on an existing VM. The VM must meet the following requirements to support Accelerated Networking:

  • A supported size for Accelerated Networking.

  • A supported Azure Marketplace image and kernel version for Linux.

  • Stopped or deallocated before you can enable Accelerated Networking on any NIC. This requirement applies to all individual VMs or VMs in an availability set or Azure Virtual Machine Scale Sets.

Enable Accelerated Networking on individual VMs or VMs in availability sets

  1. First, stop and deallocate the VM, or all the VMs in the availability set.

    az vm deallocate \
      --resource-group <myResourceGroup> \
      --name <myVm>
    

    If you created your VM individually without an availability set, you must stop or deallocate only the individual VM to enable Accelerated Networking. If you created your VM with an availability set, you must stop or deallocate all VMs in the set before you can enable Accelerated Networking on any of the NICs.

  2. Once the VM is stopped, enable Accelerated Networking on the NIC of your VM.

    az network nic update \
      --name <myNic> \
      --resource-group <myResourceGroup> \
      --accelerated-networking true
    
  3. Restart your VM, or all the VMs in the availability set, and confirm that Accelerated Networking is enabled.

    az vm start --resource-group <myResourceGroup> \
      --name <myVm>
    

Enable Accelerated Networking on Virtual Machine Scale Sets

Azure Virtual Machine Scale Sets is slightly different, but follows the same workflow.

  1. First, stop the VMs:

    az vmss deallocate \
      --name <myVmss> \
      --resource-group <myResourceGroup>
    
  2. Once the VMs are stopped, update the Accelerated Networking property under the network interface.

    az vmss update --name <myVmss> \
      --resource-group <myResourceGroup> \
      --set virtualMachineProfile.networkProfile.networkInterfaceConfigurations[0].enableAcceleratedNetworking=true
    
  3. Virtual Machine Scale Sets has an upgrade policy that applies updates by using automatic, rolling, or manual settings. The following instructions set the policy to automatic so Virtual Machine Scale Sets picks up the changes immediately after restart.

    az vmss update \
      --name <myVmss> \
      --resource-group <myResourceGroup> \
      --set upgradePolicy.mode="automatic"
    
  4. Finally, restart Virtual Machine Scale Sets.

    az vmss start \
      --name <myVmss> \
      --resource-group <myResourceGroup>
    

Once you restart and the upgrades finish, the VF appears inside VMs that use a supported OS and VM size.

Resize existing VMs with Accelerated Networking

You can resize VMs with Accelerated Networking enabled only to sizes that also support Accelerated Networking. You can't resize a VM with Accelerated Networking to a VM instance that doesn't support Accelerated Networking by using the resize operation. Instead, use the following process to resize these VMs:

  1. Stop and deallocate the VM or all the VMs in the availability set or Virtual Machine Scale Sets.

  2. Disable Accelerated Networking on the NIC of the VM or all the VMs in the availability set or Virtual Machine Scale Sets.

  3. Move the VM or VMs to a new size that doesn't support Accelerated Networking, and restart them.

Manage Accelerated Networking through the portal

When you create a VM in the Azure portal, you can select the Enable accelerated networking checkbox on the Networking tab of the Create a virtual machine screen.

If the VM uses a supported operating system and VM size for Accelerated Networking, the Enable accelerated networking checkbox on the Networking tab of the Create a virtual machine screen is automatically selected. If Accelerated Networking isn't supported, the checkbox isn't selected, and a message explains the reason.

Note

  • You can enable Accelerated Networking during portal VM creation only for Azure Marketplace supported operating systems. To create and enable Accelerated Networking for a VM with a custom OS image, you must use Azure CLI or PowerShell.

  • The Accelerated Networking setting in the portal shows the user-selected state. Accelerated Networking allows choosing Disabled in the portal even if the VM size requires Accelerated Networking. VM sizes that require Accelerated Networking enable Accelerated Networking at runtime regardless of the user setting in the portal.

To enable or disable Accelerated Networking for an existing VM through the Azure portal:

  1. From the Azure portal page for the VM, select Networking from the left menu.

  2. On the Networking page, select the Network Interface.

  3. At the top of the NIC Overview page, select Edit accelerated networking.

  4. Select Automatic, Enabled, or Disabled, and then select Save.

To confirm whether Accelerated Networking is enabled for an existing VM:

  1. From the portal page for the VM, select Networking from the left menu.

  2. On the Networking page, select the Network Interface.

  3. On the network interface Overview page, under Essentials, note whether Accelerated networking is set to Enabled or Disabled.

Next steps