使用 Azure CLI 建立具有加速網路功能的 Linux 虛擬機器Create a Linux virtual machine with Accelerated Networking using Azure CLI

在本教學課程中,您將了解如何使用加速網路建立 Linux 虛擬機器 (VM)。In this tutorial, you learn how to create a Linux virtual machine (VM) with Accelerated Networking. 若要建立使用加速網路的 Windows VM,請參閱建立使用加速網路的 Windows VMTo create a Windows VM with Accelerated Networking, see Create a Windows VM with Accelerated Networking. 加速網路可以對 VM 啟用 Single Root I/O Virtualization (SR-IOV),大幅提升其網路效能。Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, greatly improving its networking performance. 這個高效能路徑會略過資料路徑的主機,進而減少延遲、抖動和 CPU 使用率,供支援的 VM 類型中最嚴苛的網路工作負載使用。This high-performance path bypasses the host from the datapath, reducing latency, jitter, and CPU utilization, for use with the most demanding network workloads on supported VM types. 下圖顯示兩部 VM 之間的通訊,一部具備加速網路而另一步沒有︰The following picture shows communication between two VMs with and without accelerated networking:

比較

如果沒有加速網路,進出 VM 的所有網路流量都必須周遊主機和虛擬交換器。Without accelerated networking, all networking traffic in and out of the VM must traverse the host and the virtual switch. 虛擬交換器對網路流量提供所有原則強制執行,例如網路安全性群組、存取控制清單、隔離性以及其他網路虛擬化服務。The virtual switch provides all policy enforcement, such as network security groups, access control lists, isolation, and other network virtualized services to network traffic. 若要深入了解虛擬交換器,請閱讀 Hyper-V Network Virtualization and Virtual Switch (Hyper-V 網路虛擬化和虛擬交換器) 文章。To learn more about virtual switches, read the Hyper-V network virtualization and virtual switch article.

如果使用加速網路,網路流量就會先送達虛擬機器的網路介面 (NIC),然後轉送到 VM。With accelerated networking, network traffic arrives at the virtual machine's network interface (NIC), and is then forwarded to the VM. 虛擬交換器套用的所有網路原則現在皆已卸載,並在硬體中套用。All network policies that the virtual switch applies are now offloaded and applied in hardware. 在硬體中套用原則會讓 NIC 略過主機和虛擬交換器,同時在主機中維護套用的所有原則,直接將網路流量轉送到 VM。Applying policy in hardware enables the NIC to forward network traffic directly to the VM, bypassing the host and the virtual switch, while maintaining all the policy it applied in the host.

加速網路的優點只適用於已啟用此功能的 VM。The benefits of accelerated networking only apply to the VM that it is enabled on. 為了獲得最佳結果,最好在至少兩部連線到相同 Azure 虛擬網路 (VNet) 的虛擬機器上啟用此功能。For the best results, it is ideal to enable this feature on at least two VMs connected to the same Azure virtual network (VNet). 當透過 VNet 通訊或連線內部部署時,此功能對整體延遲的影響可以降到最低。When communicating across VNets or connecting on-premises, this feature has minimal impact to overall latency.

優點Benefits

  • 較低的延遲 / 較高的每秒封包數目 (pps): 從資料路徑移除虛擬交換器會減少主機中封包在處理原則時所花的時間,並增加 VM 內可處理的封包數目。Lower Latency / Higher packets per second (pps): Removing the virtual switch from the datapath removes the time packets spend in the host for policy processing and increases the number of packets that can be processed inside the VM.
  • 減少抖動︰ 虛擬交換器處理視需要套用的原則數量和正在進行處理的 CPU 工作負載而定。Reduced jitter: Virtual switch processing depends on the amount of policy that needs to be applied and the workload of the CPU that is doing the processing. 將原則強制執行卸載到硬體透過將封包直接傳遞到 VM、移除主機到 VM 的通訊,以及所有軟體插斷和環境切換,而減少變化。Offloading the policy enforcement to the hardware removes that variability by delivering packets directly to the VM, removing the host to VM communication and all software interrupts and context switches.
  • 降低 CPU 使用率︰ 略過主機中的虛擬交換器可減少處理網路流量的 CPU 使用率。Decreased CPU utilization: Bypassing the virtual switch in the host leads to less CPU utilization for processing network traffic.

支援的作業系統Supported operating systems

您可以從 Azure 資源庫直接使用下列發行版本:The following distributions are supported out of the box from the Azure Gallery:

  • Ubuntu 14.04 與 linux-azure 核心Ubuntu 14.04 with the linux-azure kernel
  • Ubuntu 16.04 或更新版本Ubuntu 16.04 or later
  • SLES12 SP3 或更新版本SLES12 SP3 or later
  • RHEL 7.4 或更新版本RHEL 7.4 or later
  • CentOS 7.4 或更新版本CentOS 7.4 or later
  • CoreOS LinuxCoreOS Linux
  • Debian "Stretch" 與反向移植 kernel、Debian "Buster" 或更新版本Debian "Stretch" with backports kernel, Debian "Buster" or later
  • 具有 Red Hat 相容核心的 Oracle Linux 7.4 和更新版本 (RHCK)Oracle Linux 7.4 and later with Red Hat Compatible Kernel (RHCK)
  • UEK 第5版的 Oracle Linux 7.5 和更新版本Oracle Linux 7.5 and later with UEK version 5
  • FreeBSD 10.4、11.1 & 12.0 或更新版本FreeBSD 10.4, 11.1 & 12.0 or later

限制和條件約束Limitations and Constraints

支援的 VM 執行個體Supported VM instances

大多數一般用途和具有 2 個以上 vCPU 的計算最佳化執行個體大小,皆支援加速網路。Accelerated Networking is supported on most general purpose and compute-optimized instance sizes with 2 or more vCPUs. 這些支援的系列為:D/DSv2 和 F/FsThese supported series are: D/DSv2 and F/Fs

在支援超執行緒的執行個體中,加速網路可在具有 4 個以上 vCPU 的 VM 執行個體上進行支援作業。On instances that support hyperthreading, Accelerated Networking is supported on VM instances with 4 or more vCPUs. 支援的系列為: D/Dsv3、D/Dsv4、Dd/Ddv4、Da/Dasv4、E/Esv3、E/Esv4、Ed/Edsv4、Ea/Easv4、Fsv2、Lsv2、Ms/Mms 和 Ms/Mmsv2。Supported series are: D/Dsv3, D/Dsv4, Dd/Ddv4, Da/Dasv4, E/Esv3, E/Esv4, Ed/Edsv4, Ea/Easv4, Fsv2, Lsv2, Ms/Mms and Ms/Mmsv2.

如需 VM 執行個體的詳細資訊,請參閱 Linux VM 大小For more information on VM instances, see Linux VM sizes.

自訂映像Custom Images

如果您使用自訂映射,而且您的映射支援加速網路,請務必具有必要的驅動程式,才能在 Azure 上搭配 Mellanox ConnectX-3 和 ConnectX-4 Lx Nic 使用。If you are using a custom image, and your image supports Accelerated Networking, please make sure to have the required drivers to work with Mellanox ConnectX-3 and ConnectX-4 Lx NICs on Azure.

區域Regions

適用於所有公用 Azure 區域和 Azure 政府雲端。Available in all public Azure regions as well as Azure Government Clouds.

在執行中的 VM 上啟用加速網路Enabling Accelerated Networking on a running VM

支援的 VM 大小若沒啟用加速網路,則只能在停止或解除配置 VM 時啟用此功能。A supported VM size without accelerated networking enabled can only have the feature enabled when it is stopped and deallocated.

透過 Azure Resource Manager 進行部署Deployment through Azure Resource Manager

虛擬機器 (傳統) 無法透過加速網路部署。Virtual machines (classic) cannot be deployed with Accelerated Networking.

建立使用 Azure 加速網路的 Linux VMCreate a Linux VM with Azure Accelerated Networking

建立入口網站Portal creation

雖然本文提供使用 Azure CLI 來建立具有加速網路之虛擬機器的步驟,但您也可以使用 Azure 入口網站來建立具有加速網路的虛擬機器Though this article provides steps to create a virtual machine with accelerated networking using the Azure CLI, you can also create a virtual machine with accelerated networking using the Azure portal. 在入口網站中建立虛擬機器時,在 [ 建立虛擬機器 ] 分頁中,選擇 [ 網路 ] 索引標籤。 在此索引標籤中,有 加速網路 的選項。When creating a virtual machine in the portal, in the Create a virtual machine blade, choose the Networking tab. In this tab, there is an option for Accelerated networking. 如果您已選擇 支援的作業系統VM 大小,此選項會自動填入「開啟」。If you have chosen a supported operating system and VM size, this option will automatically populate to "On." 如果沒有,則會填入加速網路的 [關閉] 選項,並讓使用者有原因無法啟用。If not, it will populate the "Off" option for Accelerated Networking and give the user a reason why it is not be enabled.

  • 注意: 只有支援的作業系統可透過入口網站啟用。Note: Only supported operating systems can be enabled through the portal. 如果您使用自訂映射,而且您的映射支援加速網路,請使用 CLI 或 PowerShell 建立您的 VM。If you are using a custom image, and your image supports Accelerated Networking, please create your VM using CLI or PowerShell.

建立虛擬機器之後,您可以遵循 確認已啟用加速網路的指示,確認已啟用加速網路。After the virtual machine is created, you can confirm Accelerated Networking is enabled by following the instructions in the Confirm that accelerated networking is enabled.

建立 CLICLI creation

建立虛擬網路Create a virtual network

請安裝最新的 Azure CLI,並使用 az login 來登入 Azure 帳戶。Install the latest Azure CLI and log in to an Azure account using az login. 在下列範例中,請以您自己的值取代範例參數名稱。In the following examples, replace example parameter names with your own values. 範例參數名稱包含 myResourceGroupmyNicmyVmExample parameter names included myResourceGroup, myNic, and myVm.

使用 az group create 來建立資源群組。Create a resource group with az group create. 下列範例會在 centralus 位置建立名為 myResourceGroup 的資源群組:The following example creates a resource group named myResourceGroup in the centralus location:

az group create --name myResourceGroup --location centralus

選取 Linux 加速網路中所列出的支援 Linux 區域。Select a supported Linux region listed in Linux accelerated networking.

使用 az network vnet create 建立虛擬網路。Create a virtual network with az network vnet create. 下列範例會建立名為 myVnet 的虛擬網路和子網路:The following example creates a virtual network named myVnet with one subnet:

az network vnet create \
    --resource-group myResourceGroup \
    --name myVnet \
    --address-prefix 192.168.0.0/16 \
    --subnet-name mySubnet \
    --subnet-prefix 192.168.1.0/24

建立網路安全性群組Create a network security group

使用 az network nsg create 建立網路安全性群組。Create a network security group with az network nsg create. 下列範例建立名為 myNetworkSecurityGroup 的網路安全性群組:The following example creates a network security group named myNetworkSecurityGroup:

az network nsg create \
    --resource-group myResourceGroup \
    --name myNetworkSecurityGroup

網路安全性群組包含數個預設規則,其中一種會停用來自網際網路的所有輸入存取。The network security group contains several default rules, one of which disables all inbound access from the Internet. 開啟連接埠以允許 SSH 透過 az network nsg rule create 存取虛擬機器:Open a port to allow SSH access to the virtual machine with az network nsg rule create:

az network nsg rule create \
  --resource-group myResourceGroup \
  --nsg-name myNetworkSecurityGroup \
  --name Allow-SSH-Internet \
  --access Allow \
  --protocol Tcp \
  --direction Inbound \
  --priority 100 \
  --source-address-prefix Internet \
  --source-port-range "*" \
  --destination-address-prefix "*" \
  --destination-port-range 22

使用加速網路建立網路介面Create a network interface with accelerated networking

使用 az network public-ip create 建立公用 IP 位址。Create a public IP address with az network public-ip create. 如果您不打算從網際網路存取虛擬機器,那麼您就不需要公用 IP 位址,但如果要完成本文中的步驟,就會需要公用 IP 位址。A public IP address isn't required if you don't plan to access the virtual machine from the Internet, but to complete the steps in this article, it is required.

az network public-ip create \
    --name myPublicIp \
    --resource-group myResourceGroup

使用已啟用的加速網路並透過 az network nic create 建立網路介面。Create a network interface with az network nic create with accelerated networking enabled. 下列範例會在 myVnet 虛擬網路的 mySubnet 子網路中建立名為 myNic 的網路介面,並將 myNetworkSecurityGroup 網路安全性群組與網路介面建立關聯:The following example creates a network interface named myNic in the mySubnet subnet of the myVnet virtual network and associates the myNetworkSecurityGroup network security group to the network interface:

az network nic create \
    --resource-group myResourceGroup \
    --name myNic \
    --vnet-name myVnet \
    --subnet mySubnet \
    --accelerated-networking true \
    --public-ip-address myPublicIp \
    --network-security-group myNetworkSecurityGroup

建立 VM 並連結 NICCreate a VM and attach the NIC

當您建立 VM 時,請指定您使用 --nics 所建立的 NIC。When you create the VM, specify the NIC you created with --nics. 選取列於 Linux 加速網路中的大小和發行版本。Select a size and distribution listed in Linux accelerated networking.

使用 az vm create 建立 VM。Create a VM with az vm create. 下列範例會使用 UbuntuLTS 映像建立名為 myVM 的 VM,以及支援加速網路的大小 (Standard_DS4_v2):The following example creates a VM named myVM with the UbuntuLTS image and a size that supports Accelerated Networking (Standard_DS4_v2):

az vm create \
    --resource-group myResourceGroup \
    --name myVM \
    --image UbuntuLTS \
    --size Standard_DS4_v2 \
    --admin-username azureuser \
    --generate-ssh-keys \
    --nics myNic

如需所有 VM 大小和特性的清單,請參閱 Linux VM 大小For a list of all VM sizes and characteristics, see Linux VM sizes.

建立 VM 後,系統將傳回與下列範例輸出類似的輸出。Once the VM is created, output similar to the following example output is returned. 請記下 publicIpAddressTake note of the publicIpAddress. 在後續步驟中,將會使用此位址來存取 VM。This address is used to access the VM in subsequent steps.

{
  "fqdns": "",
  "id": "/subscriptions/<ID>/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachines/myVM",
  "location": "centralus",
  "macAddress": "00-0D-3A-23-9A-49",
  "powerState": "VM running",
  "privateIpAddress": "192.168.0.4",
  "publicIpAddress": "40.68.254.142",
  "resourceGroup": "myResourceGroup"
}

確認加速網路已確實啟用Confirm that accelerated networking is enabled

使用下列命令來對 VM 建立 SSH 工作階段。Use the following command to create an SSH session with the VM. 使用指派至您建立之虛擬機器的公用 IP 位址來取代 <your-public-ip-address>,如果您在建立 VM 時,為 --admin-username 使用不同的值,則請取代 azureuserReplace <your-public-ip-address> with the public IP address assigned to the virtual machine you created, and replace azureuser if you used a different value for --admin-username when you created the VM.

ssh azureuser@<your-public-ip-address>

從 Bash 殼層中,輸入 uname -r,並確認核心版本是下列其中一個版本或更高版本:From the Bash shell, enter uname -r and confirm that the kernel version is one of the following versions, or greater:

  • Ubuntu 16.04: 4.11.0-1013Ubuntu 16.04: 4.11.0-1013
  • SLES SP3: 4.4.92-6.18SLES SP3: 4.4.92-6.18
  • RHEL: 7.4.2017120423RHEL: 7.4.2017120423
  • CentOS: 7.4.20171206CentOS: 7.4.20171206

確認 Mellanox VF 裝置已使用 lspci 命令向 VM 公開。Confirm the Mellanox VF device is exposed to the VM with the lspci command. 傳回的輸出大致如下列所示:The returned output is similar to the following output:

0000:00:00.0 Host bridge: Intel Corporation 440BX/ZX/DX - 82443BX/ZX/DX Host bridge (AGP disabled) (rev 03)
0000:00:07.0 ISA bridge: Intel Corporation 82371AB/EB/MB PIIX4 ISA (rev 01)
0000:00:07.1 IDE interface: Intel Corporation 82371AB/EB/MB PIIX4 IDE (rev 01)
0000:00:07.3 Bridge: Intel Corporation 82371AB/EB/MB PIIX4 ACPI (rev 02)
0000:00:08.0 VGA compatible controller: Microsoft Corporation Hyper-V virtual VGA
0001:00:02.0 Ethernet controller: Mellanox Technologies MT27500/MT27520 Family [ConnectX-3/ConnectX-3 Pro Virtual Function]

使用 ethtool -S eth0 | grep vf_ 命令檢查 VF (虛擬函式) 上的活動。Check for activity on the VF (virtual function) with the ethtool -S eth0 | grep vf_ command. 如果您收到如下列範例輸出的輸出,則加速網路將會啟用並運作。If you receive output similar to the following sample output, accelerated networking is enabled and working.

vf_rx_packets: 992956
vf_rx_bytes: 2749784180
vf_tx_packets: 2656684
vf_tx_bytes: 1099443970
vf_tx_dropped: 0

現在已啟用您 VM 的加速網路。Accelerated Networking is now enabled for your VM.

處理虛擬函式的動態繫結和撤銷Handle dynamic binding and revocation of virtual function

應用程式必須透過在 VM 中公開的綜合 NIC 來執行。Applications must run over the synthetic NIC that is exposed in VM. 如果應用程式直接透過 VF NIC 執行,則它不會接收目的地為 VM 的 所有 封包,因為某些封包會透過綜合介面顯示。If the application runs directly over the VF NIC, it doesn't receive all packets that are destined to the VM, since some packets show up over the synthetic interface. 如果您透過綜合 NIC 來執行應用程式,它會保證應用程式會接收以該應用程式為目的地的 所有 封包。If you run an application over the synthetic NIC, it guarantees that the application receives all packets that are destined to it. 它也可確保應用程式會繼續執行,即使是在服務主機時撤銷 VF 也一樣。It also makes sure that the application keeps running, even if the VF is revoked when the host is being serviced. 系結至綜合 NIC 的應用程式是利用 加速網路 的所有應用程式的 必要 需求。Applications binding to the synthetic NIC is a mandatory requirement for all applications taking advantage of Accelerated Networking.

在現有的 VM 上啟用加速網路Enable Accelerated Networking on existing VMs

如果您已建立不含加速網路的 VM,那麼在現有 VM 上啟用此功能是可能的。If you have created a VM without Accelerated Networking, it is possible to enable this feature on an existing VM. VM 必須符合前面也說明過的下列必要條件,才能支援加速網路:The VM must support Accelerated Networking by meeting the following prerequisites that are also outlined above:

  • VM 必須是支援加速網路的大小The VM must be a supported size for Accelerated Networking
  • VM 必須是支援的 Azure 資源庫映像 (及 Linux 的核心版本)The VM must be a supported Azure Gallery image (and kernel version for Linux)
  • 可用性設定組中的所有 VM 或 VMSS 必須先停止/解除配置,然後才能在任何 NIC 上啟用加速網路All VMs in an availability set or VMSS must be stopped/deallocated before enabling Accelerated Networking on any NIC

個別 VM 與可用性設定組中的多個 VMIndividual VMs & VMs in an availability set

首先要停止/解除配置 VM 或可用性設定組中的所有 VM:First stop/deallocate the VM or, if an Availability Set, all the VMs in the Set:

az vm deallocate \
    --resource-group myResourceGroup \
    --name myVM

請務必注意,如果您的 VM 是個別建立,沒有使用可用性設定組,則您只需要停止/解除配置該個別 VM,即可啟用加速網路。Important, please note, if your VM was created individually, without an availability set, you only need to stop/deallocate the individual VM to enable Accelerated Networking. 如果您的 VM 是使用可用性設定組建立的,則包含在可用性設定組中的所有 VM 皆必須先停止/解除配置之後,才能在任何 NIC 上啟用加速網路。If your VM was created with an availability set, all VMs contained in the availability set will need to be stopped/deallocated before enabling Accelerated Networking on any of the NICs.

停止之後,在您 VM 的 NIC 上啟用加速網路:Once stopped, enable Accelerated Networking on the NIC of your VM:

az network nic update \
    --name myNic \
    --resource-group myResourceGroup \
    --accelerated-networking true

重新啟動您 VM 或可用性設定組中的所有 VM,然後確認加速網路已啟用:Restart your VM or, if in an Availability Set, all the VMs in the Set and confirm that Accelerated Networking is enabled:

az vm start --resource-group myResourceGroup \
    --name myVM

VMSSVMSS

VMSS 稍有不同,但會遵循相同的工作流程。VMSS is slightly different but follows the same workflow. 首先,停止 VM:First, stop the VMs:

az vmss deallocate \
    --name myvmss \
    --resource-group myrg

停止 VM 後,更新網路介面下的加速網路屬性:Once the VMs are stopped, update the Accelerated Networking property under the network interface:

az vmss update --name myvmss \
    --resource-group myrg \
    --set virtualMachineProfile.networkProfile.networkInterfaceConfigurations[0].enableAcceleratedNetworking=true

請注意,VMSS 會升級 VM,其使用三種不同的設定 (自動、輪流及手動) 來套用更新。Please note, a VMSS has VM upgrades that apply updates using three different settings, automatic, rolling and manual. 將這些指示中的原則設為自動,以便 VMSS 在重新啟動之後,立即採用變更。In these instructions the policy is set to automatic so that the VMSS will pick up the changes immediately after restarting. 將其設定為自動,讓所做的變更可立即採用:To set it to automatic so that the changes are immediately picked up:

az vmss update \
    --name myvmss \
    --resource-group myrg \
    --set upgradePolicy.mode="automatic"

最後,重新啟動 VMSS:Finally, restart the VMSS:

az vmss start \
    --name myvmss \
    --resource-group myrg

重新啟動後,等候升級完成,但是一旦完成後,VF 會出現在 VM 內。Once you restart, wait for the upgrades to finish but once completed, the VF will appear inside the VM. (請確定您是使用支援的 OS 和 VM 大小。)(Please make sure you are using a supported OS and VM size.)

調整使用加速網路的現有 VM 大小Resizing existing VMs with Accelerated Networking

針對已啟用加速網路的 VM,您只能將其大小調整為其他支援加速網路的 VM。VMs with Accelerated Networking enabled can only be resized to VMs that support Accelerated Networking.

您無法使用調整作業將已啟用加速網路的 VM 大小,調整為不支援加速網路的 VM 執行個體。A VM with Accelerated Networking enabled cannot be resized to a VM instance that does not support Accelerated Networking using the resize operation. 相反的,若要為這些 VM 的其中一個調整大小,請執行下列動作:Instead, to resize one of these VMs:

  • 停止/解除配置 VM 或可用性設定組/VMSS 中的所有 VM。Stop/Deallocate the VM or if in an availability set/VMSS, stop/deallocate all the VMs in the set/VMSS.
  • 必須在 VM 或可用性設定組/VMSS 中所有 VM 的 NIC 上停用加速網路。Accelerated Networking must be disabled on the NIC of the VM or if in an availability set/VMSS, all VMs in the set/VMSS.
  • 一旦停用加速網路之後,VM/可用性設定組/VMSS 就可以移到不支援加速網路的新大小,並重新啟動。Once Accelerated Networking is disabled, the VM/availability set/VMSS can be moved to a new size that does not support Accelerated Networking and restarted.