Quickstart: Create a virtual network using the Azure CLI

A virtual network enables Azure resources, like virtual machines (VMs), to communicate privately with each other, and with the internet.

In this quickstart, you learn how to create a virtual network. After creating a virtual network, you deploy two VMs into the virtual network. You then connect to the VMs from the internet, and communicate privately over the new virtual network.

If you don't have an Azure subscription, create an Azure free account before you begin.

Prerequisites

You can use either the Azure Cloud Shell or a local Azure CLI.

  • This quickstart requires version 2.0.28 or later of the Azure CLI. If using Azure Cloud Shell, the latest version is already installed.

Create a resource group and a virtual network

Before you can create a virtual network, you have to create a resource group to host the virtual network. Create a resource group with az group create. This example creates a resource group named CreateVNetQS-rg in the Eastus location:

az group create \
    --name CreateVNetQS-rg \
    --location eastus

Create a virtual network with az network vnet create. This example creates a default virtual network named myVNet with one subnet named default:

az network vnet create \
  --name myVNet \
  --resource-group CreateVNetQS-rg \
  --subnet-name default

Create virtual machines

Create two VMs in the virtual network.

Create the first VM

Create a VM with az vm create.

If SSH keys don't already exist in a default key location, the command creates them. To use a specific set of keys, use the --ssh-key-value option.

The --no-wait option creates the VM in the background. You can continue to the next step.

This example creates a VM named myVM1:

az vm create \
  --resource-group CreateVNetQS-rg \
  --name myVM1 \
  --image UbuntuLTS \
  --generate-ssh-keys \
  --public-ip-address myPublicIP-myVM1 \
  --no-wait

Create the second VM

You used the --no-wait option in the previous step. You can go ahead and create the second VM named myVM2.

az vm create \
  --resource-group CreateVNetQS-rg \
  --name myVM2 \
  --image UbuntuLTS \
  --public-ip-address myPublicIP-myVM2 \
  --generate-ssh-keys

Note

Azure provides a default outbound access IP for VMs that either aren't assigned a public IP address or are in the back-end pool of an internal basic Azure load balancer. The default outbound access IP mechanism provides an outbound IP address that isn't configurable.

For more information, see Default outbound access in Azure.

The default outbound access IP is disabled when either a public IP address is assigned to the VM or the VM is placed in the back-end pool of a standard load balancer, with or without outbound rules. If an Azure Virtual Network network address translation (NAT) gateway resource is assigned to the subnet of the virtual machine, the default outbound access IP is disabled.

VMs that are created by virtual machine scale sets in flexible orchestration mode don't have default outbound access.

For more information about outbound connections in Azure, see Use source network address translation (SNAT) for outbound connections.

Azure CLI output message

The VMs take a few minutes to create. After Azure creates the VMs, the Azure CLI returns output like this:

{
  "fqdns": "",
  "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/CreateVNetQS-rg/providers/Microsoft.Compute/virtualMachines/myVM2",
  "location": "eastus",
  "macAddress": "00-0D-3A-23-9A-49",
  "powerState": "VM running",
  "privateIpAddress": "10.0.0.5",
  "publicIpAddress": "40.68.254.142",
  "resourceGroup": "CreateVNetQS-rg"
  "zones": ""
}

VM public IP

To get the public IP address myVM2, use az network public-ip show:

az network public-ip show \
  --resource-group CreateVNetQS-rg  \
  --name myPublicIP-myVM2 \
  --query ipAddress \
  --output tsv

Connect to a VM from the internet

In this command, replace <publicIpAddress> with the public IP address of your myVM2 VM:

ssh <publicIpAddress>

Communicate between VMs

To confirm private communication between the myVM2 and myVM1 VMs, enter ping myVM1 -c 4.

You'll receive a reply message like this:


azureuser@myVM2:~$ ping myVM1 -c 4
PING myVM1.h0o2foz2r0tefncddcnfqm2lid.bx.internal.cloudapp.net (10.0.0.4) 56(84) bytes of data.
64 bytes from myvm1.internal.cloudapp.net (10.0.0.4): icmp_seq=1 ttl=64 time=2.77 ms
64 bytes from myvm1.internal.cloudapp.net (10.0.0.4): icmp_seq=2 ttl=64 time=1.95 ms
64 bytes from myvm1.internal.cloudapp.net (10.0.0.4): icmp_seq=3 ttl=64 time=2.19 ms
64 bytes from myvm1.internal.cloudapp.net (10.0.0.4): icmp_seq=4 ttl=64 time=1.85 ms

--- myVM1.h0o2foz2r0tefncddcnfqm2lid.bx.internal.cloudapp.net ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 1.859/2.195/2.770/0.357 ms

Exit the SSH session with the myVM2 VM.

Clean up resources

When no longer needed, you can use az group delete to remove the resource group and all the resources it has:

az group delete \
    --name CreateVNetQS-rg \
    --yes

Next steps

In this quickstart:

  • You created a default virtual network and two VMs.
  • You connected to one VM from the internet and communicated privately between the two VMs.

Private communication between VMs is unrestricted in a virtual network.

Advance to the next article to learn more about configuring different types of VM network communications: