Assign multiple IP addresses to virtual machines using the Azure portal

An Azure Virtual Machine (VM) has one or more network interfaces (NIC) attached to it. Any NIC can have one or more static or dynamic public and private IP addresses assigned to it. Assigning multiple IP addresses to a VM enables the following capabilities:

  • Hosting multiple websites or services with different IP addresses and SSL certificates on a single server.
  • Serve as a network virtual appliance, such as a firewall or load balancer.
  • The ability to add any of the private IP addresses for any of the NICs to an Azure Load Balancer back-end pool. In the past, only the primary IP address for the primary NIC could be added to a back-end pool. To learn more about how to load balance multiple IP configurations, read the Load balancing multiple IP configurations article.

Every NIC attached to a VM has one or more IP configurations associated to it. Each configuration is assigned one static or dynamic private IP address. Each configuration may also have one public IP address resource associated to it. A public IP address resource has either a dynamic or static public IP address assigned to it. To learn more about IP addresses in Azure, read the IP addresses in Azure article.

There is a limit to how many private IP addresses can be assigned to a NIC. There is also a limit to how many public IP addresses that can be used in an Azure subscription. See the Azure limits article for details.

This article explains how to create a virtual machine (VM) through the Azure Resource Manager deployment model using the Azure portal. Multiple IP addresses cannot be assigned to resources created through the classic deployment model. To learn more about Azure deployment models, read the Understand deployment models article.

Scenario

A VM with a single NIC is created and connected to a virtual network. The VM requires three different private IP addresses and two public IP addresses. The IP addresses are assigned to the following IP configurations:

  • IPConfig-1: Assigns a static private IP address and a static public IP address.
  • IPConfig-2: Assigns a static private IP address and a static public IP address.
  • IPConfig-3: Assigns a static private IP address and no public IP address.

    Multiple IP addresses

The IP configurations are associated to the NIC when the NIC is created and the NIC is attached to the VM when the VM is created. The types of IP addresses used for the scenario are for illustration. You can assign whatever IP address and assignment types you require.

Note

Though the steps in this article assigns all IP configurations to a single NIC, you can also assign multiple IP configurations to any NIC in a multi-NIC VM. To learn how to create a VM with multiple NICs, read the Create a VM with multiple NICs article.

Create a VM with multiple IP addresses

If you want to create a VM with multiple IP addresses, or a static private IP address, you must create it using PowerShell or the Azure CLI. Click the PowerShell or CLI options at the top of this article to learn how. You can create a VM with a single dynamic private IP address and (optionally) a single public IP address using the portal by following the steps in the Create a Windows VM or Create a Linux VM articles. After you create the VM, you can change the IP address type from dynamic to static and add additional IP addresses using the portal by following steps in the Add IP addresses to a VM section of this article.

Add IP addresses to a VM

You can add private and public IP addresses to a NIC by completing the steps that follow. The examples in the following sections assume that you already have a VM with the three IP configurations described in the scenario in this article, but it's not required that you do.

Core steps

  1. Browse to the Azure portal at https://portal.azure.com and sign into it, if necessary.
  2. In the portal, click More services > type virtual machines in the filter box, and then click Virtual machines.
  3. In the Virtual machines blade, click the VM you want to add IP addresses to. Click Network interfaces in the virtual machine blade that appears, and then select the network interface you want to add the IP addresses to. In the example shown in the following picture, the NIC named myNIC from the VM named myVM is selected:

    Network interface

  4. In the blade that appears for the NIC you selected, click IP configurations.

Complete the steps in one of the sections that follow, based on the type of IP address you want to add.

Add a private IP address

Complete the following steps to add a new private IP address:

  1. Complete the steps in the Core steps section of this article.
  2. Click Add. In the Add IP configuration blade that appears, create an IP configuration named IPConfig-4 with 10.0.0.7 as a Static private IP address, then click OK.

    Note

    When adding a static IP address, you must specify an unused, valid address on the subnet the NIC is connected to. If the address you select is not available, the portal will show an X for the IP address and you'll need to select a different one.

  3. Once you click OK, the blade will close and you'll see the new IP configuration listed. Click OK to close the Add IP configuration blade.

  4. You can click Add to add additional IP configurations, or close all open blades to finish adding IP addresses.
  5. Add the private IP addresses to the VM operating system by completing the steps for your operating system in the Add IP addresses to a VM operating system section of this article.

Add a public IP address

A public IP address is added by associating a public IP address resource to either a new IP configuration or an existing IP configuration.

Note

Public IP addresses have a nominal fee. To learn more about IP address pricing, read the IP address pricing page. There is a limit to the number of public IP addresses that can be used in a subscription. To learn more about the limits, read the Azure limits article.

Create a public IP address resource

A public IP address is one setting for a public IP address resource. If you have a public IP address resource that is not currently associated to an IP configuration that you want to associate to an IP configuration, skip the following steps and complete the steps in one of the sections that follow, as you require. If you don't have an available public IP address resource, complete the following steps to create one:

  1. Browse to the Azure portal at https://portal.azure.com and sign into it, if necessary.
  2. In the portal, click New > Networking > Public IP address.
  3. In the Create public IP address blade that appears, enter a Name, select an IP address assignment type, a Subscription, a Resource group, and a Location, then click Create, as shown in the following picture:

    Create a public IP address resource

  4. Complete the steps in one of the sections that follow to associate the public IP address resource to an IP configuration.

Associate the public IP address resource to a new IP configuration

  1. Complete the steps in the Core steps section of this article.
  2. Click Add. In the Add IP configuration blade that appears, create an IP configuration named IPConfig-4. Enable the Public IP address and select an existing, available public IP address resource from the Choose public IP address blade that appears.

    Once you've selected the public IP address resource, click OK and the blade will close. If you don't have an existing public IP address, you can create one by completing the steps in the Create a public IP address resource section of this article.

  3. Review the new IP configuration. Even though a private IP address wasn't explicitly assigned, one was automatically assigned to the IP configuration, because all IP configurations must have a private IP address.

  4. You can click Add to add additional IP configurations, or close all open blades to finish adding IP addresses.
  5. Add the private IP address to the VM operating system by completing the steps for your operating system in the Add IP addresses to a VM operating system section of this article. Do not add the public IP address to the operating system.

Associate the public IP address resource to an existing IP configuration

  1. Complete the steps in the Core steps section of this article.
  2. Click the IP configuration you want to add the public IP address resource to.
  3. In the IPConfig blade that appears, click IP address.
  4. In the Choose public IP address blade that appears, select a public IP address.
  5. Click Save and the blades will close. If you don't have an existing public IP address, you can create one by completing the steps in the Create a public IP address resource section of this article.
  6. Review the new IP configuration.
  7. You can click Add to add additional IP configurations, or close all open blades to finish adding IP addresses. Do not add the public IP address to the operating system.

Add IP addresses to a VM operating system

Connect and login to a VM you created with multiple private IP addresses. You must manually add all the private IP addresses (including the primary) that you added to the VM. Complete the following steps for your VM operating system:

Windows

  1. From a command prompt, type ipconfig /all. You only see the Primary private IP address (through DHCP).
  2. Type ncpa.cpl in the command prompt to open the Network connections window.
  3. Open the properties for the appropriate adapter: Local Area Connection.
  4. Double-click Internet Protocol version 4 (IPv4).
  5. Select Use the following IP address and enter the following values:

    • IP address: Enter the Primary private IP address
    • Subnet mask: Set based on your subnet. For example, if the subnet is a /24 subnet then the subnet mask is 255.255.255.0.
    • Default gateway: The first IP address in the subnet. If your subnet is 10.0.0.0/24, then the gateway IP address is 10.0.0.1.
    • Click Use the following DNS server addresses and enter the following values:
      • Preferred DNS server: If you are not using your own DNS server, enter 168.63.129.16. If you are using your own DNS server, enter the IP address for your server.
    • Click the Advanced button and add additional IP addresses. Add each of the secondary private IP addresses listed in step 8 to the NIC with the same subnet specified for the primary IP address.

      Warning

      If you do not follow the steps above correctly, you may lose connectivity to your VM. Ensure the information entered for step 5 is accurate before proceeding.

    • Click OK to close out the TCP/IP settings and then OK again to close the adapter settings. Your RDP connection is re-established.

  6. From a command prompt, type ipconfig /all. All IP addresses you added are shown and DHCP is turned off.

Validation (Windows)

To ensure you are able to connect to the internet from your secondary IP configuration via the public IP associated it, once you have added it correctly using steps above, use the following command:

ping -S 10.0.0.5 hotmail.com

Note

For secondary IP configurations, you can only ping to the Internet if the configuration has a public IP address associated with it. For primary IP configurations, a public IP address is not required to ping to the Internet.

Linux (Ubuntu)

  1. Open a terminal window.
  2. Make sure you are the root user. If you are not, enter the following command:

    sudo -i
    
  3. Update the configuration file of the network interface (assuming ‘eth0’).

    • Keep the existing line item for dhcp. The primary IP address remains configured as it was previously.
    • Add a configuration for an additional static IP address with the following commands:

      cd /etc/network/interfaces.d/
      ls
      

      You should see a .cfg file.

  4. Open the file. You should see the following lines at the end of the file:

    auto eth0
    iface eth0 inet dhcp
    
  5. Add the following lines after the lines that exist in this file:

    iface eth0 inet static
    address <your private IP address here>
    netmask <your subnet mask>
    
  6. Save the file by using the following command:

    :wq
    
  7. Reset the network interface with the following command:

    sudo ifdown eth0 && sudo ifup eth0
    

    Important

    Run both ifdown and ifup in the same line if using a remote connection.

  8. Verify the IP address is added to the network interface with the following command:

    ip addr list eth0
    

    You should see the IP address you added as part of the list.

Linux (Redhat, CentOS, and others)

  1. Open a terminal window.
  2. Make sure you are the root user. If you are not, enter the following command:

    sudo -i
    
  3. Enter your password and follow instructions as prompted. Once you are the root user, navigate to the network scripts folder with the following command:

    cd /etc/sysconfig/network-scripts
    
  4. List the related ifcfg files using the following command:

    ls ifcfg-*
    

    You should see ifcfg-eth0 as one of the files.

  5. To add an IP address, create a configuration file for it as shown below. Note that one file must be created for each IP configuration.

    touch ifcfg-eth0:0
    
  6. Open the ifcfg-eth0:0 file with the following command:

    vi ifcfg-eth0:0
    
  7. Add content to the file, eth0:0 in this case, with the following command. Be sure to update information based on your IP address.

    DEVICE=eth0:0
    BOOTPROTO=static
    ONBOOT=yes
    IPADDR=192.168.101.101
    NETMASK=255.255.255.0
    
  8. Save the file with the following command:

    :wq
    
  9. Restart the network services and make sure the changes are successful by running the following commands:

    /etc/init.d/network restart
    ifconfig
    

    You should see the IP address you added, eth0:0, in the list returned.

Validation (Linux)

To ensure you are able to connect to the internet from your secondary IP configuration via the public IP associated it, use the following command:

ping -I 10.0.0.5 hotmail.com

Note

For secondary IP configurations, you can only ping to the Internet if the configuration has a public IP address associated with it. For primary IP configurations, a public IP address is not required to ping to the Internet.

For Linux VMs, when trying to validate outbound connectivity from a secondary NIC, you may need to add appropriate routes. There are many ways to do this. Please see appropriate documentation for your Linux distribution. The following is one method to accomplish this:

echo 150 custom >> /etc/iproute2/rt_tables 

ip rule add from 10.0.0.5 lookup custom
ip route add default via 10.0.0.1 dev eth2 table custom
  • Be sure to replace:
    • 10.0.0.5 with the private IP address that has a public IP address associated to it
    • 10.0.0.1 to your default gateway
    • eth2 to the name of your secondary NIC