I need to have all the macaddress same for all the VMs that come up in a VMSS.
They can be either just changing the registry entry when the VMs come up.
Can someone help me with that? Also would that change have any impact in terms of network/security of VMs in VNET even if they are behind load balancer?
MAC Addresses are designed to uniquely identify a network interface in a computer Network.
Having duplicate MAC Addresses in a computer network would cause the network to malfunction (or at least one of the network interfaces will be kicked out and not able to communicate with the network).
The requirement to have same MAC Addresses is fundamentally wrong and shows intent to abuse either software licences that are bound to MAC Address, or some malicious network activity.
If you state your question more detailed (why the requirement for same MAC Addresses, what is the base architecture of the solution) maybe we will be able to help you.
What you can do to implement this approach is create a separate subnet within you Azure VNet for Licensing and then add a second NIC that is bound to that Subnet, then set the MAC addresses as you see fit there. This allows you to have normal network connectivity on your primary NIC and the Licenses can be on the MACs associated on the secondary NIC. This approach is laid out in this blog post by Francois DelPort: https://www.francoisdelport.com/2015/10/change-the-mac-address-on-your-azure-vm/
Related
I am working on an Azure-based networking solution.
We have a typical hub and spoke VNets topology. The Hub VNet connects to on-prem DC via ExpressRoute and spoke VNets peer to Hub VNet. There is an Azure Firewall in the Hub that filters traffic between Hub-spokes and hub-on-prem segments. GREEN in the diagram
We have a bizarre requirement of adding a new isolated VNet (RED in the diagram) that will have overlapping IPs with the existing network (GREEN). We want to allow workloads in this new VNet to access private apps deployed in Hub or on-prem.
I need help on how to achieve this connectivity.
Note: We don't want to set up any VPN between the new VNet and Hub
As you might appreciate, this is more of a general networking limitation moreso than an Azure limitation. If we want two different networks with overlapping IP addresses to communicate then we would need networking devices in between both networks that perform some form of network address translation so the IP addresses appear to be different to the communicating hosts. Below is an example from the Azure documentation
Logically you have two options here:
Create your own network devices and configure routes between these subnets to transit your virtual appliance that does the translation.
Use the managed service from Azure. In this case, it's the Azure VPN Gateway
I saw your note above for not wanting to use any VPN devices. Having said that, however, generally speaking it is usually a better option from an availability & supportability perspective to leverage the built-in offering vs. hand rolling your own virtual appliance using IP tables or a Windows NAT Router or something similar. Hope this clarifies.
It is not possible to peer Virtual Networks with overlapping IP addresses. This is documented here. You will have to move to a different address space and move/recreate resources under this new address space.
If it helps you can take a look at this Checklist before moving resources.
I hope this belongs here. It's a cloud infra question.
I'm a designing a hyper-scale network setup in Azure where I am testing the limits of what can be done in Azure. It's not by any standards a typical use-case.
So my problem is the following. What happens if you need more than a 10.0.0.0/8 for your entire setup. Some things I am aware before asking this question.
I know this means 16777214 hosts but I am aiming for N private hosts and in turn private N IPs to be available to the system.
I'm not planning on dumping everything on a Vnet but since in Azure you cannot have overlapping cidrs if you plan to peer them. So essentially I've only got the 10.0.0.0/8 as total even if double VLSM it to proper segregate domains. Further explanation: I'm planning on using 10.0.0.0/21 Vnets with varied VLSM subnets depending on the needs.
I do want a central management layer that has access to all networks (that might be the issue). So no overlapping cidrs again if I need to peer everything together.
I come from an AWS background where even if it is hard you can peer overlapping CIDRs through the Transit Gateway with CIDR->NAT and some clever logic. No such luck in Azure from my current research (Please correct me if I'm wrong)
So that led me to ask myself. Azure Vnet (as well as well as AWS) support almost any cidr address including public and it will not route to the VNET so it's not real public ip address. What are the implications of using a public cidr for my Vnets?
The first thing I can think is that those subnets shouldn't be able to reach the actual public ip address range that they were assigned cause local network route tables take precedence. So they might only be useful for isolated from the internet vnets?
And my question is in tldr;
Should you use public ip cidr ranges for your vnet pool in Azure? Yes? No? When? I'd love to hear opinions.
Author's Comment: We still can't get rid of ipv4 problems in 2022 :joy:
I have a VM which have a network adapter called 'Ethernet'.
When I create an image from this VM, any VM that I create from that image have only one network adapter named 'Ethernet 2'.
How can I force it have the same network adapter name?
Thank you very much for your help!
This is expected behavior. Network adapter would also change if your VM is healed (i.e. the underlying hardware fails and your image is re-instantiated on a new one). This will also happen if you scale the VM (change the VM size). Changing the name of the network adapter also would happen sometimes when you shutdown the VM (from the portal, which would also de-allocate resources).
Even if the above mentioned limitations are fixed (today, or in the future). I would not rely on using specific name for the adapter in my application.
Even with the recently added feature to have multiple NICs, as described here, you cannot influence the name of the NIC which the OS uses:
The interface name must be unique for the VM, but does not represent
the names of the NICs inside the VM.
It is important to know that the settings for the NIC you dictate from your Virtual Network setup (DNS, IP Address, Subnet Mask) are guaranteed to be taken by your VM. So why the need for specific network adapter name. Also, keep in mind that you should never manually change the network settings inside an Azure VM.
I have created an Azure virtual network with a specific address space - 10.0.0.0/8. I created a subnet beneath it, 10.10.0.0/16, and added several machines to this subnet, including a PDC and a BDC, which are also acting as DNS servers.
Unfortunately, that is not exactly what I meant to do, I meant to create the address space as 10.10.0.0/16, with the intent of connecting it to some other virtual networks using S2S VPN gateways. The other virtual networks are set up using address spaces configured as: 10.x.0.0/16
To rectify the situation, based on what I could find here and on MSDN, I created a new virtual network in the same region with the correct address space (10.10.0.0/16), then deleted the VMs in the old virtual network (but left the VHDs) and recreated the VMs in the new virtual network using the old VHDs.
This seems to be working as expected. Now I am down to the domain controllers and one other machine. Will there be any issues with following the same process to move a domain controller? I realize the system GUID will be different, but was not sure if this impacts anything relative to AD and the DNS servers.
TIA for you help.
Looks like no impacts from the AD perspectives. From a DNS perspective, Azure assigned IP addresses to the machines in the order that they were restarted, so to avoid confusing DNS, I restarted the VMs in order of increasing IP address.
Needed to make sure SQL Server data volumes were attached before starting the machine, otherwise the database would show as being in a pending recovery state.
Also, apps that depend on MAC address (such as some license servers) did require new license files, as the MAC address changed.
I was trying to change the network numbers address of my Virtual machine on Azure to be in same network rang as another Virtual machine on Azure pool, once I click save on network card, it freezes & became not accessible with Remote Desktop or any other way.
Please Help.
NEVER try to manually change the NIC. The NIC is still owned by the Windows Azure fabric and when you manually make changes, the fabric interprets it as an attempt to bypass its network security measure. You should be able to get access to the VM back by removing and re-adding the VM (when you remove it, be sure not to remove its disks then you can re-provision it from those same disks).
If you're trying to adjust network address spaces (subnets?), you may want to look at using an Azure virtual network to help group VMs together. While this still won't guarantee a fixed internal IP address, it will give you a degree of predictability.