Quickstart: Create a virtual network using the Azure CLI
A virtual network enables Azure resources, like virtual machines (VMs), to communicate privately with each other, and with the internet.
In this quickstart, you learn how to create a virtual network. After creating a virtual network, you deploy two VMs into the virtual network. You then connect to the VMs from the internet, and communicate privately over the new virtual network.
If you don't have an Azure subscription, create an Azure free account before you begin.
Prerequisites
Use the Bash environment in Azure Cloud Shell. For more information, see Quickstart for Bash in Azure Cloud Shell.
If you prefer to run CLI reference commands locally, install the Azure CLI. If you're running on Windows or macOS, consider running Azure CLI in a Docker container. For more information, see How to run the Azure CLI in a Docker container.
If you're using a local installation, sign in to the Azure CLI by using the az login command. To finish the authentication process, follow the steps displayed in your terminal. For other sign-in options, see Sign in with the Azure CLI.
When you're prompted, install the Azure CLI extension on first use. For more information about extensions, see Use extensions with the Azure CLI.
Run az version to find the version and dependent libraries that are installed. To upgrade to the latest version, run az upgrade.
- This quickstart requires version 2.0.28 or later of the Azure CLI. If using Azure Cloud Shell, the latest version is already installed.
Create a resource group
Before you can create a virtual network, you have to create a resource group to host the virtual network. Create a resource group with az group create. This example creates a resource group named CreateVNetQS-rg in the Eastus location:
az group create \
--name CreateVNetQS-rg \
--location eastus
Create a virtual network
Create a virtual network with az network vnet create. This example creates a default virtual network named myVNet with one subnet named default .
az network vnet create \
--name myVNet \
--resource-group CreateVNetQS-rg \
--subnet-name default
Create virtual machines
Create two VMs in the virtual network.
Create the first VM
Create a VM with az vm create.
If SSH keys don't already exist in a default key location, the command creates them. To use a specific set of keys, use the --ssh-key-value option.
The --no-wait option creates the VM in the background. You can continue to the next step.
This example creates a VM named myVM1:
az vm create \
--resource-group CreateVNetQS-rg \
--name myVM1 \
--image UbuntuLTS \
--generate-ssh-keys \
--public-ip-address myPublicIP-myVM1 \
--no-wait
Create the second VM
You used the --no-wait option in the previous step. You can go ahead and create the second VM named myVM2.
az vm create \
--resource-group CreateVNetQS-rg \
--name myVM2 \
--image UbuntuLTS \
--public-ip-address myPublicIP-myVM2 \
--generate-ssh-keys
Note
Azure provides a default outbound access IP for VMs that either aren't assigned a public IP address or are in the back-end pool of an internal basic Azure load balancer. The default outbound access IP mechanism provides an outbound IP address that isn't configurable.
The default outbound access IP is disabled when a public IP address is assigned to the VM, the VM is placed in the back-end pool of a standard load balancer, with or without outbound rules, or if an Azure Virtual Network NAT gateway resource is assigned to the subnet of the VM.
VMs that are created by virtual machine scale sets in flexible orchestration mode don't have default outbound access.
For more information about outbound connections in Azure, see Default outbound access in Azure and Use source network address translation (SNAT) for outbound connections.
Azure CLI output message
The VMs take a few minutes to create. After Azure creates the VMs, the Azure CLI returns output like this:
{
"fqdns": "",
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/CreateVNetQS-rg/providers/Microsoft.Compute/virtualMachines/myVM2",
"location": "eastus",
"macAddress": "00-0D-3A-23-9A-49",
"powerState": "VM running",
"privateIpAddress": "10.0.0.5",
"publicIpAddress": "40.68.254.142",
"resourceGroup": "CreateVNetQS-rg"
"zones": ""
}
VM public IP
To get the public IP address myVM2, use az network public-ip show:
az network public-ip show \
--resource-group CreateVNetQS-rg \
--name myPublicIP-myVM2 \
--query ipAddress \
--output tsv
Connect to a VM from the internet
In this command, replace <publicIpAddress> with the public IP address of your myVM2 VM:
ssh <publicIpAddress>
Communicate between VMs
To confirm private communication between the myVM2 and myVM1 VMs, enter ping myVM1 -c 4.
You'll receive a reply message like this:
azureuser@myVM2:~$ ping myVM1 -c 4
PING myVM1.h0o2foz2r0tefncddcnfqm2lid.bx.internal.cloudapp.net (10.0.0.4) 56(84) bytes of data.
64 bytes from myvm1.internal.cloudapp.net (10.0.0.4): icmp_seq=1 ttl=64 time=2.77 ms
64 bytes from myvm1.internal.cloudapp.net (10.0.0.4): icmp_seq=2 ttl=64 time=1.95 ms
64 bytes from myvm1.internal.cloudapp.net (10.0.0.4): icmp_seq=3 ttl=64 time=2.19 ms
64 bytes from myvm1.internal.cloudapp.net (10.0.0.4): icmp_seq=4 ttl=64 time=1.85 ms
--- myVM1.h0o2foz2r0tefncddcnfqm2lid.bx.internal.cloudapp.net ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 1.859/2.195/2.770/0.357 ms
Exit the SSH session with the myVM2 VM.
Clean up resources
When no longer needed, you can use az group delete to remove the resource group and all the resources it has:
az group delete \
--name CreateVNetQS-rg \
--yes
Next steps
In this quickstart:
- You created a default virtual network and two VMs.
- You connected to one VM from the internet and communicated privately between the two VMs.
Private communication between VMs is unrestricted in a virtual network.
Advance to the next article to learn more about configuring different types of VM network communications:
Feedback
Submit and view feedback for