建立及管理具有多個 NIC 的 Windows 虛擬機器Create and manage a Windows virtual machine that has multiple NICs

Azure 中的虛擬機器 (VM) 可以連結多個虛擬網路介面卡 (NIC)。Virtual machines (VMs) in Azure can have multiple virtual network interface cards (NICs) attached to them. 常見案例是有不同的子網路可用於前端和後端連線。A common scenario is to have different subnets for front-end and back-end connectivity. 您可以將 VM 上的多個 NIC 關聯至多個子網路,但這些子網路必須位於相同虛擬網路 (VNet) 中。You can associate multiple NICs on a VM to multiple subnets, but those subnets must all reside in the same virtual network (vNet). 本文詳述如何建立已連結多個 NIC 的 VM。This article details how to create a VM that has multiple NICs attached to it. 您也了解如何新增或移除現有 VM 中的 NIC。You also learn how to add or remove NICs from an existing VM. 不同的 VM 大小 支援不同數量的 NIC,因此可據以調整您的 VM。Different VM sizes support a varying number of NICs, so size your VM accordingly.

必要條件Prerequisites

在下列範例中,請以您自己的值取代範例參數名稱。In the following examples, replace example parameter names with your own values. 範例參數名稱包含 myResourceGroupmyVnetmyVMExample parameter names include myResourceGroup, myVnet, and myVM.

建立具有多個 NIC 的 VMCreate a VM with multiple NICs

首先,建立資源群組。First, create a resource group. 下列範例會在EastUs位置建立名為myResourceGroup的資源群組:The following example creates a resource group named myResourceGroup in the EastUs location:

New-AzResourceGroup -Name "myResourceGroup" -Location "EastUS"

建立虛擬網路和子網路Create virtual network and subnets

常見的案例是有兩個或多個子網路的虛擬網路。A common scenario is for a virtual network to have two or more subnets. 一個子網路可能用於前端流量,另一個則用於後端流量。One subnet may be for front-end traffic, the other for back-end traffic. 若要連結至這兩個子網路,您可在 VM 上使用多個 NIC。To connect to both subnets, you then use multiple NICs on your VM.

  1. 使用 New-AzVirtualNetworkSubnetConfig 定義兩個虛擬網路子網路。Define two virtual network subnets with New-AzVirtualNetworkSubnetConfig. 下列範例會定義 mySubnetFrontEnd** 和 mySubnetBackEnd** 的子網路:The following example defines the subnets for mySubnetFrontEnd and mySubnetBackEnd:

    $mySubnetFrontEnd = New-AzVirtualNetworkSubnetConfig -Name "mySubnetFrontEnd" `
        -AddressPrefix "192.168.1.0/24"
    $mySubnetBackEnd = New-AzVirtualNetworkSubnetConfig -Name "mySubnetBackEnd" `
        -AddressPrefix "192.168.2.0/24"
    
  2. 使用 New-AzVirtualNetwork 建立虛擬網路和子網路。Create your virtual network and subnets with New-AzVirtualNetwork. 下列範例會建立名為 myVnet** 的虛擬網路:The following example creates a virtual network named myVnet:

    $myVnet = New-AzVirtualNetwork -ResourceGroupName "myResourceGroup" `
        -Location "EastUs" `
        -Name "myVnet" `
        -AddressPrefix "192.168.0.0/16" `
        -Subnet $mySubnetFrontEnd,$mySubnetBackEnd
    

建立多個 NICCreate multiple NICs

使用 New-AzNetworkInterface 建立兩個 NIC。Create two NICs with New-AzNetworkInterface. 將一個 NIC 連結到前端子網路,將另一個 NIC 連結到後端子網路。Attach one NIC to the front-end subnet and one NIC to the back-end subnet. 下列範例會建立名為 myNic1** 和 myNic2** 的兩個 NIC:The following example creates NICs named myNic1 and myNic2:

$frontEnd = $myVnet.Subnets|?{$_.Name -eq 'mySubnetFrontEnd'}
$myNic1 = New-AzNetworkInterface -ResourceGroupName "myResourceGroup" `
    -Name "myNic1" `
    -Location "EastUs" `
    -SubnetId $frontEnd.Id

$backEnd = $myVnet.Subnets|?{$_.Name -eq 'mySubnetBackEnd'}
$myNic2 = New-AzNetworkInterface -ResourceGroupName "myResourceGroup" `
    -Name "myNic2" `
    -Location "EastUs" `
    -SubnetId $backEnd.Id

通常您也會建立網路安全性群組來篩選至 VM 的網路流量,和建立負載平衡器以跨多個 VM 分散流量。Typically you also create a network security group to filter network traffic to the VM and a load balancer to distribute traffic across multiple VMs.

建立虛擬機器Create the virtual machine

現在開始建置您的 VM 組態。Now start to build your VM configuration. 在每個 VM 大小中,您可以新增至 VM 的 NIC 總數是有限制的。Each VM size has a limit for the total number of NICs that you can add to a VM. 如需詳細資訊,請參閱 Windows VM 大小For more information, see Windows VM sizes.

  1. 將您的 VM 認證設定為 $cred 變數,如下所示︰Set your VM credentials to the $cred variable as follows:

    $cred = Get-Credential
    
  2. 使用 New-AzVMConfig 來定義您的 VM。Define your VM with New-AzVMConfig. 下列範例會定義名為 myVM** 的 VM,並使用支援兩個以上 NIC 的 VM 大小 (Standard_DS3_v2**):The following example defines a VM named myVM and uses a VM size that supports more than two NICs (Standard_DS3_v2):

    $vmConfig = New-AzVMConfig -VMName "myVM" -VMSize "Standard_DS3_v2"
    
  3. 使用 Set-AzVMOperatingSystemSet-AzVMSourceImage 建立其餘的 VM 組態。Create the rest of your VM configuration with Set-AzVMOperatingSystem and Set-AzVMSourceImage. 下列範例會建立 Windows Server 2016 VM:The following example creates a Windows Server 2016 VM:

    $vmConfig = Set-AzVMOperatingSystem -VM $vmConfig `
        -Windows `
        -ComputerName "myVM" `
        -Credential $cred `
        -ProvisionVMAgent `
        -EnableAutoUpdate
    $vmConfig = Set-AzVMSourceImage -VM $vmConfig `
        -PublisherName "MicrosoftWindowsServer" `
        -Offer "WindowsServer" `
        -Skus "2016-Datacenter" `
        -Version "latest"
    
  4. 使用 Add-AzVMNetworkInterface 連結您先前建立的兩個 NIC:Attach the two NICs that you previously created with Add-AzVMNetworkInterface:

    $vmConfig = Add-AzVMNetworkInterface -VM $vmConfig -Id $myNic1.Id -Primary
    $vmConfig = Add-AzVMNetworkInterface -VM $vmConfig -Id $myNic2.Id
    
  5. 使用 New-AzVM 建立 VM:Create your VM with New-AzVM:

    New-AzVM -VM $vmConfig -ResourceGroupName "myResourceGroup" -Location "EastUs"
    
  6. 完成針對多個 NIC 設定作業系統中的步驟,以將次要 NIC 的路由新增至作業系統。Add routes for secondary NICs to the OS by completing the steps in Configure the operating system for multiple NICs.

將 NIC 新增至現有的 VMAdd a NIC to an existing VM

若要將虛擬 NIC 新增至現有 VM,請解除配置 VM、新增虛擬 NIC,然後啟動 VM。To add a virtual NIC to an existing VM, you deallocate the VM, add the virtual NIC, then start the VM. 不同的 VM 大小 支援不同數量的 NIC,因此可據以調整您的 VM。Different VM sizes support a varying number of NICs, so size your VM accordingly. 如有需要,您可以調整 VM 的大小If needed, you can resize a VM.

  1. 使用 Stop-AzVM 來解除配置 VM。Deallocate the VM with Stop-AzVM. 下列範例會解除配置 myResourceGroup** 中名為 myVM** 的 VM:The following example deallocates the VM named myVM in myResourceGroup:

    Stop-AzVM -Name "myVM" -ResourceGroupName "myResourceGroup"
    
  2. 使用 Get-AzVm 取得 VM 的現有組態。Get the existing configuration of the VM with Get-AzVm. 下列範例可取得 myResourceGroup** 中名為 myVM** 之 VM 的資訊:The following example gets information for the VM named myVM in myResourceGroup:

    $vm = Get-AzVm -Name "myVM" -ResourceGroupName "myResourceGroup"
    
  3. 下列範例會使用 New-AzNetworkInterface 建立虛擬 NIC,其名稱為 myNic3** 並已連結至 mySubnetBackEnd**。The following example creates a virtual NIC with New-AzNetworkInterface named myNic3 that is attached to mySubnetBackEnd. 接著會使用 Add-AzVMNetworkInterface,將虛擬 NIC 連結至 myResourceGroup** 中名為 myVM** 的 VM:The virtual NIC is then attached to the VM named myVM in myResourceGroup with Add-AzVMNetworkInterface:

    # Get info for the back end subnet
    $myVnet = Get-AzVirtualNetwork -Name "myVnet" -ResourceGroupName "myResourceGroup"
    $backEnd = $myVnet.Subnets|?{$_.Name -eq 'mySubnetBackEnd'}
    
    # Create a virtual NIC
    $myNic3 = New-AzNetworkInterface -ResourceGroupName "myResourceGroup" `
        -Name "myNic3" `
        -Location "EastUs" `
        -SubnetId $backEnd.Id
    
    # Get the ID of the new virtual NIC and add to VM
    $nicId = (Get-AzNetworkInterface -ResourceGroupName "myResourceGroup" -Name "MyNic3").Id
    Add-AzVMNetworkInterface -VM $vm -Id $nicId | Update-AzVm -ResourceGroupName "myResourceGroup"
    

    主要虛擬 NICPrimary virtual NICs

    您必須在具有多個 NIC 的 VM 上將其中一個 NIC 設為主要。One of the NICs on a multi-NIC VM needs to be primary. 如果 VM 上其中一個現有虛擬 NIC 已設定為主要,即可略過此步驟。If one of the existing virtual NICs on the VM is already set as primary, you can skip this step. 下列範例假設有兩個虛擬 NIC 現在出現在 VM 上,而您想要新增第一個 NIC ([0]) 作為主要:The following example assumes that two virtual NICs are now present on a VM and you wish to add the first NIC ([0]) as the primary:

    # List existing NICs on the VM and find which one is primary
    $vm.NetworkProfile.NetworkInterfaces
    
    # Set NIC 0 to be primary
    $vm.NetworkProfile.NetworkInterfaces[0].Primary = $true
    $vm.NetworkProfile.NetworkInterfaces[1].Primary = $false
    
    # Update the VM state in Azure
    Update-AzVM -VM $vm -ResourceGroupName "myResourceGroup"
    
  4. 使用 Start-AzVm 啟動 VM:Start the VM with Start-AzVm:

    Start-AzVM -ResourceGroupName "myResourceGroup" -Name "myVM"
    
  5. 完成針對多個 NIC 設定作業系統中的步驟,以將次要 NIC 的路由新增至作業系統。Add routes for secondary NICs to the OS by completing the steps in Configure the operating system for multiple NICs.

從現有的 VM 移除 NICRemove a NIC from an existing VM

若要從現有的 VM 移除虛擬 NIC,您可以解除配置 VM,移除虛擬 NIC,然後啟動 VM。To remove a virtual NIC from an existing VM, you deallocate the VM, remove the virtual NIC, then start the VM.

  1. 使用 Stop-AzVM 來解除配置 VM。Deallocate the VM with Stop-AzVM. 下列範例會解除配置 myResourceGroup** 中名為 myVM** 的 VM:The following example deallocates the VM named myVM in myResourceGroup:

    Stop-AzVM -Name "myVM" -ResourceGroupName "myResourceGroup"
    
  2. 使用 Get-AzVm 取得 VM 的現有組態。Get the existing configuration of the VM with Get-AzVm. 下列範例可取得 myResourceGroup** 中名為 myVM** 之 VM 的資訊:The following example gets information for the VM named myVM in myResourceGroup:

    $vm = Get-AzVm -Name "myVM" -ResourceGroupName "myResourceGroup"
    
  3. 使用 Get-AzNetworkInterface 取得 NIC 移除相關資訊。Get information about the NIC remove with Get-AzNetworkInterface. 下列範例可取得 myNic3** 相關資訊:The following example gets information about myNic3:

    # List existing NICs on the VM if you need to determine NIC name
    $vm.NetworkProfile.NetworkInterfaces
    
    $nicId = (Get-AzNetworkInterface -ResourceGroupName "myResourceGroup" -Name "myNic3").Id   
    
  4. 使用 Remove-AzVMNetworkInterface 移除 NIC,然後使用 Update-AzVm 更新 VM。Remove the NIC with Remove-AzVMNetworkInterface and then update the VM with Update-AzVm. 下列範例會移除前一個步驟中 $nicId 所取得的 myNic3**:The following example removes myNic3 as obtained by $nicId in the preceding step:

    Remove-AzVMNetworkInterface -VM $vm -NetworkInterfaceIDs $nicId | `
        Update-AzVm -ResourceGroupName "myResourceGroup"
    
  5. 使用 Start-AzVm 啟動 VM:Start the VM with Start-AzVm:

    Start-AzVM -Name "myVM" -ResourceGroupName "myResourceGroup"
    

使用範本建立多個 NICCreate multiple NICs with templates

Azure Resource Manager 範本提供一種方式,可在部署期間建立資源的多個執行個體,例如建立多個 NIC。Azure Resource Manager templates provide a way to create multiple instances of a resource during deployment, such as creating multiple NICs. Resource Manager 範本會使用宣告式 JSON 檔案來定義您的環境。Resource Manager templates use declarative JSON files to define your environment. 如需詳細資訊,請參閱 Azure Resource Manager 概觀For more information, see overview of Azure Resource Manager. 您可以使用 copy 來指定要建立的執行個體數目:You can use copy to specify the number of instances to create:

"copy": {
    "name": "multiplenics",
    "count": "[parameters('count')]"
}

如需詳細資訊,請參閱使用 copy** 建立多個執行個體For more information, see creating multiple instances by using copy.

您也可以使用 copyIndex(),在資源名稱後面附加一個數字。You can also use copyIndex() to append a number to a resource name. 接著可以建立 myNic1**、MyNic2** 等等。You can then create myNic1, MyNic2 and so on. 下列程式碼顯示附加索引值的範例:The following code shows an example of appending the index value:

"name": "[concat('myNic', copyIndex())]", 

您可以閱讀使用 Resource Manager 範本建立多個 NIC的完整範例。You can read a complete example of creating multiple NICs by using Resource Manager templates.

完成針對多個 NIC 設定作業系統中的步驟,以將次要 NIC 的路由新增至作業系統。Add routes for secondary NICs to the OS by completing the steps in Configure the operating system for multiple NICs.

針對多個 NIC 設定客體作業系統Configure guest OS for multiple NICs

Azure 將預設閘道指派給連接至虛擬機器的第一個 (主要) 網路介面。Azure assigns a default gateway to the first (primary) network interface attached to the virtual machine. Azure 不會將預設閘道指派給連接至虛擬機器的其他 (次要) 網路介面。Azure does not assign a default gateway to additional (secondary) network interfaces attached to a virtual machine. 因此,依預設,您無法與次要網路介面中子網路之外的資源進行通訊。Therefore, you are unable to communicate with resources outside the subnet that a secondary network interface is in, by default. 不過,次要網路介面可與其子網路進行通訊,但不同的作業系統有不同的通訊啟用步驟。Secondary network interfaces can, however, communicate with resources outside their subnet, though the steps to enable communication are different for different operating systems.

  1. 從 Windows 命令提示字元中,執行 route print 命令,針對有兩個連接之網路介面的虛擬機器傳回下列的類似輸出:From a Windows command prompt, run the route print command, which returns output similar to the following output for a virtual machine with two attached network interfaces:

    ===========================================================================
    Interface List
    3...00 0d 3a 10 92 ce ......Microsoft Hyper-V Network Adapter #3
    7...00 0d 3a 10 9b 2a ......Microsoft Hyper-V Network Adapter #4
    ===========================================================================
    

    在此範例中,Microsoft Hyper-V Network Adapter #4 (介面 7) 是未被指派預設閘道的次要網路介面。In this example, Microsoft Hyper-V Network Adapter #4 (interface 7) is the secondary network interface that doesn't have a default gateway assigned to it.

  2. 從命令提示字元中執行 ipconfig 命令,查看將哪些 IP 位址指派給次要網路介面。From a command prompt, run the ipconfig command to see which IP address is assigned to the secondary network interface. 在此範例中,192.168.2.4 會指派給介面 7。In this example, 192.168.2.4 is assigned to interface 7. 不會為次要網路介面傳回預設閘道位址。No default gateway address is returned for the secondary network interface.

  3. 若要將次要網路介面之子網路的外部位址之所有流量路由至子網路的閘道,請執行下列命令:To route all traffic destined for addresses outside the subnet of the secondary network interface to the gateway for the subnet, run the following command:

    route add -p 0.0.0.0 MASK 0.0.0.0 192.168.2.1 METRIC 5015 IF 7
    

    子網路的閘道位址是為子網路定義的位址範圍 (以.1 結尾) 的第一個 IP 位址。The gateway address for the subnet is the first IP address (ending in .1) in the address range defined for the subnet. 如果您不想要路由子網路外部的所有流量,您可以改為將個別的路由新增至特定的目的地。If you don't want to route all traffic outside the subnet, you could add individual routes to specific destinations, instead. 例如,如果您只想將從次要網路介面的流量路由到 192.168.3.0 網路,請輸入命令:For example, if you only wanted to route traffic from the secondary network interface to the 192.168.3.0 network, you enter the command:

    route add -p 192.168.3.0 MASK 255.255.255.0 192.168.2.1 METRIC 5015 IF 7
    
  4. 例如,若要確認與 192.168.3.0 網路上的資源成功通訊,請使用介面 7 (192.168.2.4),輸入下列命令來 ping 192.168.3.4:To confirm successful communication with a resource on the 192.168.3.0 network, for example, enter the following command to ping 192.168.3.4 using interface 7 (192.168.2.4):

    ping 192.168.3.4 -S 192.168.2.4
    

    您可能需要開啟 ICMP,方法是通過正在使用下列命令來 ping 之裝置的 Windows 防火牆:You may need to open ICMP through the Windows firewall of the device you're pinging with the following command:

    netsh advfirewall firewall add rule name=Allow-ping protocol=icmpv4 dir=in action=allow
    
  5. 若要確認已在路由表中新增路由,請輸入 route print 命令,它會傳回類似下列文字的輸出:To confirm the added route is in the route table, enter the route print command, which returns output similar to the following text:

    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.4     15
              0.0.0.0          0.0.0.0      192.168.2.1      192.168.2.4   5015
    

    閘道下使用 192.168.1.1 列出的路由,是根據主要網路介面預設會在該處的路由。The route listed with 192.168.1.1 under Gateway, is the route that is there by default for the primary network interface. 閘道下包含 192.168.2.1 的路由是您新增的路由。The route with 192.168.2.1 under Gateway, is the route you added.

後續步驟Next steps

嘗試建立具有多個 NIC 的 VM 時,請檢閱 Windows VM 大小Review Windows VM sizes when you're trying to create a VM that has multiple NICs. 請注意每個 VM 大小所支援的 NIC 數目上限。Pay attention to the maximum number of NICs that each VM size supports.