Network security rule lost efficiency after VM recreation
haiqianz
41
Reputation points
I have a Network Interface with 2 inbound rules.
- Allow ssh from my working station to the NIC on port 22. (AllowSSHRule) -------- Priority 100
- Deny all inbound connection from any cidr on any port to any cidr on any port. (DenyAllInboundRule) ---------- Priority 1000
Then I create a virtual machine with the NIC attached. Everything works well. I can successfully ssh into the machine. But I fails to ssh into the machine after I delete the old machine and created a new one. I verified that's because the DenyAllInboundRule was preventing the connection.
The way to reproduce. (It's not guaranteed that this can be reproduced everytime. It's kind of flaky behavior)
- Create VM and wait for creation to complete. Succeed to ssh into VM.
- Delete old VM and wait for deletion to complete
- Create new VM with the old NIC, old data disk, old SSH key, etc...
- Wait for new VM creation to complete and try to ssh into VM. -------- Failed to ssh.
- Delete the DenyAllInboundRule and try to ssh into VM. ----------- Succeeded to ssh.
I think there might be a possible reason:
- When deleting the old VM, the NIC somehow was not fully attached to the VM. (Although I verified that the NIC was attached to the VM through Azure protal and
az vm instance view
)
Sign in to answer