如何在 Azure 中建立有多個網路介面卡的 Linux 虛擬機器How to create a Linux virtual machine in Azure with multiple network interface cards

此文章詳述如何使用 Azure CLI 建立具有多個 NIC 的 VM。This article details how to create a VM with multiple NICs with the Azure CLI.

建立支援資源Create supporting resources

請安裝最新的 Azure CLI,並使用 az login 來登入 Azure 帳戶。Install the latest Azure CLI and log in to an Azure account using az login.

在下列範例中,請以您自己的值取代範例參數名稱。In the following examples, replace example parameter names with your own values. 範例參數名稱包含 myResourceGroup**、mystorageaccount** 和 myVM**。Example parameter names included myResourceGroup, mystorageaccount, and myVM.

首先,使用 az group create 建立資源群組。First, create a resource group with az group create. 下列範例會在 eastus 位置建立名為 myResourceGroup 的資源群組:The following example creates a resource group named myResourceGroup in the eastus location:

az group create --name myResourceGroup --location eastus

使用 az network vnet create 建立虛擬網路。Create the virtual network with az network vnet create. 下列範例會建立名為 myVnet** 的虛擬網路和名為 mySubnetFrontEnd** 的子網路:The following example creates a virtual network named myVnet and subnet named mySubnetFrontEnd:

az network vnet create \
    --resource-group myResourceGroup \
    --name myVnet \
    --address-prefix 10.0.0.0/16 \
    --subnet-name mySubnetFrontEnd \
    --subnet-prefix 10.0.1.0/24

使用 az network vnet subnet create 建立後端流量的子網路。Create a subnet for the back-end traffic with az network vnet subnet create. 下列範例會建立名為 mySubnetBackEnd** 的子網路:The following example creates a subnet named mySubnetBackEnd:

az network vnet subnet create \
    --resource-group myResourceGroup \
    --vnet-name myVnet \
    --name mySubnetBackEnd \
    --address-prefix 10.0.2.0/24

使用 az network nsg create 建立網路安全性群組。Create a network security group with az network nsg create. 下列範例建立名為 myNetworkSecurityGroup 的網路安全性群組:The following example creates a network security group named myNetworkSecurityGroup:

az network nsg create \
    --resource-group myResourceGroup \
    --name myNetworkSecurityGroup

建立及設定多個 NICCreate and configure multiple NICs

使用 az network nic create 建立兩個 NIC。Create two NICs with az network nic create. 下列範例會建立兩個連接網路安全性群組的 NIC (名為 myNic1** 和 myNic2**),以及一個連接到各個子網路的 NIC:The following example creates two NICs, named myNic1 and myNic2, connected the network security group, with one NIC connecting to each subnet:

az network nic create \
    --resource-group myResourceGroup \
    --name myNic1 \
    --vnet-name myVnet \
    --subnet mySubnetFrontEnd \
    --network-security-group myNetworkSecurityGroup
az network nic create \
    --resource-group myResourceGroup \
    --name myNic2 \
    --vnet-name myVnet \
    --subnet mySubnetBackEnd \
    --network-security-group myNetworkSecurityGroup

建立 VM 並附加 NICCreate a VM and attach the NICs

當您建立 VM 時,指定您使用 --nics 建立的 NIC。When you create the VM, specify the NICs you created with --nics. 當您選取 VM 大小時也需多加注意。You also need to take care when you select the VM size. 您可以新增至 VM 的 NIC 總數是有限制的。There are limits for the total number of NICs that you can add to a VM. 深入了解 Linux VM 大小Read more about Linux VM sizes.

使用 az vm create 建立 VM。Create a VM with az vm create. 下列範例會建立名為 myVM 的 VM。The following example creates a VM named myVM:

az vm create \
    --resource-group myResourceGroup \
    --name myVM \
    --image UbuntuLTS \
    --size Standard_DS3_v2 \
    --admin-username azureuser \
    --generate-ssh-keys \
    --nics myNic1 myNic2

完成針對多個 NIC 設定客體作業系統中的步驟,將路由資料表新增至客體作業系統。Add routing tables to the guest OS by completing the steps in Configure the guest OS for multiple NICs.

將 NIC 新增至 VMAdd a NIC to a VM

先前的步驟建立了一個有多個 NIC 的 VM。The previous steps created a VM with multiple NICs. 您也可以使用 Azure CLI 將 NIC 新增至現有的 VM。You can also add NICs to an existing VM with the Azure CLI. 不同的 VM 大小 支援不同數量的 NIC,因此可據以調整您的 VM。Different VM sizes support a varying number of NICs, so size your VM accordingly. 如有需要,您可以調整 VM 的大小If needed, you can resize a VM.

使用 az network nic create 建立另一個 NIC。Create another NIC with az network nic create. 下列範例會建立一個名為 myNic3** 的 NIC,此 NIC會連線到後端子網路與在先前步驟中建立的網路安全性群組:The following example creates a NIC named myNic3 connected to the back-end subnet and network security group created in the previous steps:

az network nic create \
    --resource-group myResourceGroup \
    --name myNic3 \
    --vnet-name myVnet \
    --subnet mySubnetBackEnd \
    --network-security-group myNetworkSecurityGroup

若要將 NIC 新增至現有的 VM,請先使用 az vm deallocate 解除配置 VM。To add a NIC to an existing VM, first deallocate the VM with az vm deallocate. 下列範例會解除配置名為 myVM** 的 VM:The following example deallocates the VM named myVM:

az vm deallocate --resource-group myResourceGroup --name myVM

使用 az vm nic add 新增 NIC。Add the NIC with az vm nic add. 下列範例將 myNic3** 新增至 myVM**:The following example adds myNic3 to myVM:

az vm nic add \
    --resource-group myResourceGroup \
    --vm-name myVM \
    --nics myNic3

使用 az vm start 啟用 VM:Start the VM with az vm start:

az vm start --resource-group myResourceGroup --name myVM

完成針對多個 NIC 設定客體作業系統中的步驟,將路由資料表新增至客體作業系統。Add routing tables to the guest OS by completing the steps in Configure the guest OS for multiple NICs.

從 VM 中移除 NICRemove a NIC from a VM

若要將 NIC 從現有的 VM 中移除,請先使用 az vm deallocate 解除配置 VM。To remove a NIC from an existing VM, first deallocate the VM with az vm deallocate. 下列範例會解除配置名為 myVM** 的 VM:The following example deallocates the VM named myVM:

az vm deallocate --resource-group myResourceGroup --name myVM

使用 az vm nic remove 移除 NIC。Remove the NIC with az vm nic remove. 下列範例會將 myNic3** 從 myVM** 中移除:The following example removes myNic3 from myVM:

az vm nic remove \
    --resource-group myResourceGroup \
    --vm-name myVM \
    --nics myNic3

使用 az vm start 啟用 VM:Start the VM with az vm start:

az vm start --resource-group myResourceGroup --name myVM

使用 Resource Manager 範本建立多個 NICCreate multiple NICs using Resource Manager templates

Azure Resource Manager 範本會使用宣告式 JSON 檔案來定義您的環境。Azure Resource Manager templates use declarative JSON files to define your environment. 您可以閱讀 Azure Resource Manager 概觀You can read an overview of Azure Resource Manager. Resource Manager 範本提供一種方式,可在部署期間建立資源的多個執行個體,例如建立多個 NIC。Resource Manager templates provide a way to create multiple instances of a resource during deployment, such as creating multiple NICs. 您使用 copy 來指定要建立的執行個體數目:You use copy to specify the number of instances to create:

"copy": {
    "name": "multiplenics"
    "count": "[parameters('count')]"
}

深入了解使用 copy 建立多個執行個體Read more about creating multiple instances using copy.

您也可以使用將 copyIndex() 數位附加至資源名稱,讓您建立 myNic1 、等等 myNic2 。以下顯示附加索引值的範例:You can also use a copyIndex() to then append a number to a resource name, which allows you to create myNic1, myNic2, etc. The following shows an example of appending the index value:

"name": "[concat('myNic', copyIndex())]", 

您可以閱讀 使用 Resource Manager 範本建立多個 NIC的完整範例。You can read a complete example of creating multiple NICs using Resource Manager templates.

完成針對多個 NIC 設定客體作業系統中的步驟,將路由資料表新增至客體作業系統。Add routing tables to the guest OS by completing the steps in Configure the guest OS for multiple NICs.

針對多個 NIC 設定客體作業系統Configure guest OS for multiple NICs

先前的步驟已建立虛擬網路和子網路、連結 NIC,然後建立 VM。The previous steps created a virtual network and subnet, attached NICs, then created a VM. 並未建立公用 IP 位址以及允許 SSH 流量的網路安全性群組規則。A public IP address and network security group rules that allow SSH traffic were not created. 若要針對多個 NIC 設定客體作業系統,您需要允許遠端連線,並且在 VM 本機執行命令。To configure the guest OS for multiple NICs, you need to allow remote connections and run commands locally on the VM.

若要允許 Web 流量,請使用 az network nsg rule create 建立網路安全性群組規則,如下所示:To allow SSH traffic, create a network security group rule with az network nsg rule create as follows:

az network nsg rule create \
    --resource-group myResourceGroup \
    --nsg-name myNetworkSecurityGroup \
    --name allow_ssh \
    --priority 101 \
    --destination-port-ranges 22

使用 az network public-ip create 建立公用 IP 位址,並使用 az network nic ip-config update 將它指派給第一個 NIC:Create a public IP address with az network public-ip create and assign it to the first NIC with az network nic ip-config update:

az network public-ip create --resource-group myResourceGroup --name myPublicIP

az network nic ip-config update \
    --resource-group myResourceGroup \
    --nic-name myNic1 \
    --name ipconfig1 \
    --public-ip myPublicIP

若要檢視 VM 的公用 IP 位址,請使用 az vm show,如下所示:To view the public IP address of the VM, use az vm show as follows::

az vm show --resource-group myResourceGroup --name myVM -d --query publicIps -o tsv

現在透過 SSH 連線至 VM 的公用 IP 位址。Now SSH to the public IP address of your VM. 上一個步驟中提供的預設使用者名稱為 azureuser**。The default username provided in a previous step was azureuser. 提供您自己的使用者名稱和公用 IP 位址:Provide your own username and public IP address:

ssh azureuser@137.117.58.232

若要對次要網路介面進行雙向傳送,您必須手動將持續性路由新增至每個次要網路介面的作業系統。To send to or from a secondary network interface, you have to manually add persistent routes to the operating system for each secondary network interface. 在本文中,eth1** 是次要介面。In this article, eth1 is the secondary interface. 將持續性路由新增至作業系統的指示,會因散發套件而有所不同。Instructions for adding persistent routes to the operating system vary by distro. 如需相關指示,請參閱您的散發套件文件。See documentation for your distro for instructions.

將路由新增至作業系統時,無論網路介面位於哪個子網路,閘道位址均為 .1When adding the route to the operating system, the gateway address is .1 for whichever subnet the network interface is in. 例如,如果網路介面獲派 10.0.2.4** 地址,則您為路由指定的閘道為 10.0.2.1**。For example, if the network interface is assigned the address 10.0.2.4, the gateway you specify for the route is 10.0.2.1. 您可以為路由的目的地定義特定網路;或是如果希望介面的所有流量通過指定的閘道,請指定目的地為 0.0.0.0**。You can define a specific network for the route's destination, or specify a destination of 0.0.0.0, if you want all traffic for the interface to go through the specified gateway. 每個子網路的閘道均由虛擬網路管理。The gateway for each subnet is managed by the virtual network.

新增次要介面的路由後,請使用 route -n 確認路由位於您的路由表中。Once you've added the route for a secondary interface, verify that the route is in your route table with route -n. 下列範例輸出適用於本文中將兩個網路介面新增至 VM 的路由表:The following example output is for the route table that has the two network interfaces added to the VM in this article:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.1.1        0.0.0.0         UG    0      0        0 eth0
0.0.0.0         10.0.2.1        0.0.0.0         UG    0      0        0 eth1
10.0.1.0        0.0.0.0         255.255.255.0   U     0      0        0 eth0
10.0.2.0        0.0.0.0         255.255.255.0   U     0      0        0 eth1
168.63.129.16   10.0.1.1        255.255.255.255 UGH   0      0        0 eth0
169.254.169.254 10.0.1.1        255.255.255.255 UGH   0      0        0 eth0

請在重新開機後再次檢查您的路由表,透過重新啟動確認您新增的路由持續存在。Confirm that the route you added persists across reboots by checking your route table again after a reboot. 若要測試連線能力,您可以輸入下列命令,其中 eth1** 是次要網路介面的名稱:To test connectivity, you can enter the following command, for example, where eth1 is the name of a secondary network interface:

ping bing.com -c 4 -I eth1

後續步驟Next steps

當您嘗試建立一個有多個 NIC 的 VM 時,請檢閱 Linux VM 大小Review Linux VM sizes when trying to creating a VM with multiple NICs. 注意每個 VM 大小所支援的 NIC 數目上限。Pay attention to the maximum number of NICs each VM size supports.

若要進一步保護您的 VM,請使用 Just-In-Time 虛擬機器存取。To further secure your VMs, use just in time VM access. 這項功能會視需要開啟 SSH 流量的網路安全性群組規則,並持續一段定義的期間。This feature opens network security group rules for SSH traffic when needed, and for a defined period of time. 如需詳細資訊,請參閱使用 Just-In-Time 管理虛擬機器存取For more information, see Manage virtual machine access using just in time.