Contact UsGet started

Adding another network interface to a virtual machine

Written by
Updated at October 17, 2024

A virtual machine can have one or more network interfaces. For more information on the maximum number of VM network interfaces, see Quotas and limits in Compute Cloud.

You can add network interfaces to either running or stopped VMs. To maintain network connectivity, we recommend adding network interfaces to stopped VMs.

Adding a network interface to a stopped VM

To add another network interface to your virtual machine:

If you do not have the Yandex Cloud command line interface yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

  1. View the description of the CLI command for adding a network interface to a virtual machine:

    yc compute instance attach-network-interface --help

  2. Get a list of VMs in the default folder:

    yc compute instance list

    Result:

    +----------------------+-----------------+---------------+---------+----------------------+
|          ID          |       NAME      |    ZONE ID    | STATUS  |     DESCRIPTION      |
+----------------------+-----------------+---------------+---------+----------------------+
| fhm0b28lgfp4******** | first-instance  | ru-central1-a | RUNNING | my first vm via CLI  |
| fhm9gk85nj7g******** | second-instance | ru-central1-a | RUNNING | my second vm via CLI |
+----------------------+-----------------+---------------+---------+----------------------+

    Save the ID of the VM you want to add another network interface to.

  3. Stop the selected VM by specifying its ID:

    yc compute instance stop <VM_ID>

  4. Get a list of all subnets in the default folder:

    yc vpc subnet list

    Result:

    +----------------------+-----------------------+----------------------+----------------+---------------+-------------------+
|          ID          |         NAME          |      NETWORK ID      | ROUTE TABLE ID |     ZONE      |       RANGE       |
+----------------------+-----------------------+----------------------+----------------+---------------+-------------------+
| bucqps2lt75g******** | subnet-ru-central1-a1 | c64pv6m0aqq6******** |                | ru-central1-a | [192.168.1.0/24]  |
| e2lrucutusnd******** | subnet-ru-central1-a2 | c64pv6m0aqq6******** |                | ru-central1-a | [192.168.2.0/24]  |
| e2lv9c6aek1d******** | subnet-ru-central1-a3 | c64pv6m0aqq6******** |                | ru-central1-a | [192.168.4.0/24]  |
| bltign9kcffv******** | default-ru-central1-b | c64pv6m0aqq6******** |                | ru-central1-b | [192.168.3.0/24]  |
+----------------------+-----------------------+----------------------+----------------+---------------+-------------------+

    Save the ID of the subnet you want to attach to the VM's network interface being added. The subnet must be in the same availability zone as the VM.

  5. Get a list of all security groups in the default folder:

    yc vpc sg list

    Result:

    +----------------------+---------------------------------+--------------------------------+----------------------+
|          ID          |              NAME               |          DESCRIPTION           |      NETWORK-ID      |
+----------------------+---------------------------------+--------------------------------+----------------------+
| c646ev94tb6k******** | my-sg-group                     |                                | c64pv6m0aqq6******** |
| c64r84tbt32j******** | default-sg-c64pv6m0aqq6******** | Default security group for     | c64pv6m0aqq6******** |
|                      |                                 | network                        |                      |
+----------------------+---------------------------------+--------------------------------+----------------------+

    Save the IDs of the security groups you want to attach to the VM's network interface being added. The security groups must be in the same cloud network as the subnet being attached.

  6. Get a list of used network interface numbers for the selected VM by specifying its ID:

    yc compute instance get <VM_ID>

    Result:

    ...
network_interfaces:
  - index: "0"
    mac_address: d0:0d:b8:**:**:**
    subnet_id: e2lpp96bvvgp********
    primary_v4_address:
      address: 192.168.2.7
      one_to_one_nat:
        ip_version: IPV4
    security_group_ids:
      - enpuatgvejtn********
  - index: "1"
    mac_address: d0:ad:b8:**:**:**
    subnet_id: e2lrucutusnd********
    primary_v4_address: {}
    security_group_ids:
      - enpuatgvejtn********
      - enpg8d2hqh1o********
...

    In the above example, network interfaces numbered 0 and 1 (the index field values) are already used.

  7. Add a new network interface to the selected VM:

    yc compute instance attach-network-interface \
  --id <VM_ID> \
  --subnet-id <subnet_ID> \
  --network-interface-index <network_interface_number> \
  --security-group-id <security_group_ID> \
  --ipv4-address <internal_IP_address> \
  --nat-ip-version ipv4 \
  --nat-address <public_IP_address>

    Where:

    • --id: ID of the selected VM. Instead of an ID, you can use the --name parameter to specify the VM name.

    • --subnet-id: ID of the subnet to connect to the network interface being attached. Instead of an ID, you can use the --subnet-name parameter to specify the subnet name.

    • --network-interface-index: Number of the VM's network interface you are creating. Specify any number between 0 and 15 except the ones already used.

    • --security-group-id: ID of the security group to attach to the network interface you are creating. You can attach up to five security groups to one network interface by listing their IDs separated by commas.

    • --ipv4-address: Internal IP address to assign to the network interface. The address must come from the address range of the subnet you are connecting to the interface. Set the value to auto to automatically assign an internal IP address from the pool of IP addresses available in the subnet.

    • --nat-ip-version ipv4: Specify this parameter if you need to assign a public IP address to the network interface you are creating. If you do not specify the --nat-address parameter, a dynamic public IP address from the pool of available Yandex Cloud IP addresses will be assigned to your network interface.

      If the network interface does not need a public IP address, remove the --nat-ip-version parameter.

    • --nat-address: Previously reserved static public IP address. You can set this parameter only if the --nat-ip-version parameter is set. The IP address must be reserved in the same availability zone where the VM is located.

    Result:

    ...
network_interfaces:
  - index: "0"
    mac_address: d0:0d:b8:**:**:**
    subnet_id: e2lpp96bvvgp********
    primary_v4_address:
      address: 192.168.2.7
      one_to_one_nat:
        ip_version: IPV4
    security_group_ids:
      - enpuatgvejtn********
  - index: "1"
    mac_address: d0:ad:b8:**:**:**
    subnet_id: e2lrucutusnd********
    primary_v4_address:
      address: 192.168.4.20
    security_group_ids:
      - enpuatgvejtn********
      - enpg8d2hqh1o********
  - index: "2"
    mac_address: d0:2d:b8:**:**:**
    subnet_id: e2lv9c6aek1d********
    primary_v4_address: {}
    security_group_ids:
      - enpuatgvejtn********
      - enpg8d2hqh1o********
...

  8. To assign IP addresses to the new interface, start the VM by specifying its ID:

    yc compute instance start <VM_ID>

Use the attachNetworkInterface REST API method for the Instance resource or the InstanceService/AttachNetworkInterface gRPC API call.

Now your VM features a new network interface. Make sure it works.

Adding a network interface to a running VM

Note

The feature of adding and removing network interfaces on running VMs is at the Preview stage. To access the feature, contact support.

To add another network interface to your virtual machine:

If you do not have the Yandex Cloud command line interface yet, install and initialize it.

The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name or --folder-id parameter.

  1. View the description of the CLI command for adding a network interface to a virtual machine:

    yc compute instance attach-network-interface --help

  2. Get a list of VMs in the default folder:

    yc compute instance list

    Result:

    +----------------------+-----------------+---------------+---------+----------------------+
|          ID          |       NAME      |    ZONE ID    | STATUS  |     DESCRIPTION      |
+----------------------+-----------------+---------------+---------+----------------------+
| fhm0b28lgfp4******** | first-instance  | ru-central1-a | RUNNING | my first vm via CLI  |
| fhm9gk85nj7g******** | second-instance | ru-central1-a | RUNNING | my second vm via CLI |
+----------------------+-----------------+---------------+---------+----------------------+

    Save the ID of the VM you want to add another network interface to.

  3. Get a list of all subnets in the default folder:

    yc vpc subnet list

    Result:

    +----------------------+-----------------------+----------------------+----------------+---------------+-------------------+
|          ID          |         NAME          |      NETWORK ID      | ROUTE TABLE ID |     ZONE      |       RANGE       |
+----------------------+-----------------------+----------------------+----------------+---------------+-------------------+
| bucqps2lt75g******** | subnet-ru-central1-a1 | c64pv6m0aqq6******** |                | ru-central1-a | [192.168.1.0/24]  |
| e2lrucutusnd******** | subnet-ru-central1-a2 | c64pv6m0aqq6******** |                | ru-central1-a | [192.168.2.0/24]  |
| e2lv9c6aek1d******** | subnet-ru-central1-a3 | c64pv6m0aqq6******** |                | ru-central1-a | [192.168.4.0/24]  |
| bltign9kcffv******** | default-ru-central1-b | c64pv6m0aqq6******** |                | ru-central1-b | [192.168.3.0/24]  |
+----------------------+-----------------------+----------------------+----------------+---------------+-------------------+

    Save the ID of the subnet you want to attach to the VM's network interface being added. The subnet must be in the same availability zone as the VM.

  4. Get a list of all security groups in the default folder:

    yc vpc sg list

    Result:

    +----------------------+---------------------------------+--------------------------------+----------------------+
|          ID          |              NAME               |          DESCRIPTION           |      NETWORK-ID      |
+----------------------+---------------------------------+--------------------------------+----------------------+
| c646ev94tb6k******** | my-sg-group                     |                                | c64pv6m0aqq6******** |
| c64r84tbt32j******** | default-sg-c64pv6m0aqq6******** | Default security group for     | c64pv6m0aqq6******** |
|                      |                                 | network                        |                      |
+----------------------+---------------------------------+--------------------------------+----------------------+

    Save the IDs of the security groups you want to attach to the VM's network interface being added. The security groups must be in the same cloud network as the subnet being attached.

  5. Get a list of used network interface numbers for the selected VM by specifying its ID:

    yc compute instance get <VM_ID>

    Result:

    ...
network_interfaces:
  - index: "0"
    mac_address: d0:0d:1a:**:**:**
    subnet_id: e2lrucutusnd********
    primary_v4_address:
      address: 192.168.1.20
      one_to_one_nat:
        address: 158.***.**.***
        ip_version: IPV4
    security_group_ids:
      - enpuatgvejtn********
  - index: "1"
    mac_address: d0:1d:1a:**:**:**
    subnet_id: e2lpp96bvvgp********
    primary_v4_address:
      address: 192.168.2.3
    security_group_ids:
      - enpuatgvejtn********
      - enpg8d2hqh1o********
...

    In the above example, network interfaces numbered 0 and 1 (the index field values) are already used.

  6. Add a new network interface to the selected VM:

    yc compute instance attach-network-interface \
  --id <VM_ID> \
  --subnet-id <subnet_ID> \
  --network-interface-index <network_interface_number> \
  --security-group-id <security_group_ID> \
  --ipv4-address <internal_IP_address> \
  --nat-ip-version ipv4 \
  --nat-address <public_IP_address>

    Where:

    • --id: ID of the selected VM. Instead of an ID, you can use the --name parameter to specify the VM name.

    • --subnet-id: ID of the subnet to connect to the network interface being attached. Instead of an ID, you can use the --subnet-name parameter to specify the subnet name.

    • --network-interface-index: Number of the VM's network interface you are creating. Specify any number between 0 and 15 except the ones already used.

    • --security-group-id: ID of the security group to attach to the network interface you are creating. You can attach up to five security groups to one network interface by listing their IDs separated by commas.

    • --ipv4-address: Internal IP address to assign to the network interface. The address must come from the address range of the subnet you are connecting to the interface. Set the value to auto to automatically assign an internal IP address from the pool of IP addresses available in the subnet.

    • --nat-ip-version ipv4: Specify this parameter if you need to assign a public IP address to the network interface you are creating. If you do not specify the --nat-address parameter, a dynamic public IP address from the pool of available Yandex Cloud IP addresses will be assigned to your network interface.

      If the network interface does not need a public IP address, remove the --nat-ip-version parameter.

    • --nat-address: Previously reserved static public IP address. You can set this parameter only if the --nat-ip-version parameter is set. The IP address must be reserved in the same availability zone where the VM is located.

    Result:

    ...
network_interfaces:
  - index: "0"
    mac_address: d0:0d:1a:**:**:**
    subnet_id: e2lrucutusnd********
    primary_v4_address:
      address: 192.168.1.20
      one_to_one_nat:
        address: 158.***.**.***
        ip_version: IPV4
    security_group_ids:
      - enpuatgvejtn********
  - index: "1"
    mac_address: d0:1d:1a:**:**:**
    subnet_id: e2lpp96bvvgp********
    primary_v4_address:
      address: 192.168.2.3
    security_group_ids:
      - enpuatgvejtn********
      - enpg8d2hqh1o********
  - index: "2"
    mac_address: d0:2d:1a:**:**:**
    subnet_id: e2lv9c6aek1d********
    primary_v4_address:
      address: 192.168.4.17
    security_group_ids:
      - enpuatgvejtn********
      - enpg8d2hqh1o********
...

Use the attachNetworkInterface REST API method for the Instance resource or the InstanceService/AttachNetworkInterface gRPC API call.

Now your VM features a new network interface. The new interface is currently inactive as you added it to a running VM. To make sure it is inactive:

  1. Connect to the VM over SSH.

  2. Run this command to get information about the state of VM's network interfaces:

    ip a

    Result:

    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
...
4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether d0:2d:1a:f4:20:ef brd ff:ff:ff:ff:ff:ff
    altname enp140s0
    altname ens10

    state DOWN for the eth2 interface means that it is inactive.

  1. Connect to the VM via RDP.

  2. To start Device Manager, run this command in PowerShell:

    devmgmt.msc

  3. In the Device Manager window that opens, expand Network adapters. The newly added network interface has an exclamation mark next to it and is inactive.

To make it active, restart the VM. For Windows OS, restarting the VM is the only way to activate the interface.

If your VM is running Linux and you cannot restart it, you can activate the network interface without restarting the VM. To avoid network connectivity loss, configure settings from the serial console:

  1. Enable access to the serial console on your VM.

    When creating a user for authenticating on the VM through the serial console, add this user to the sudo group using the sudo usermod -a -G sudo <username> command.

  2. Connect to the VM's serial console via the CLI or SSH.

  3. Activate the network interface you have added:

    sudo ip link set <interface_name> up

    Where <interface_name> is the name of the inactive interface in Linux, e.g., eth2. You can view the names of network interfaces in the Linux terminal using the ip a command.

  4. Get DHCP settings for the new interface:

    sudo dhclient <interface_name>

  5. Delete the default route for the new network interface from the VM's route table:

    sudo ip route del default dev <interface_name>

  6. Disable access to the VM's serial console if you no longer need it.

Now the attached network interface is active.

Make sure the new network interface works properly

To check the performance of the attached network interface:

  1. Connect to the VM over SSH.

  2. Run this command to get information about the state of VM's network interfaces:

    ip a

    Result:

    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether d0:0d:b8:99:4f:fa brd ff:ff:ff:ff:ff:ff
    altname enp138s0
    altname ens8
    inet 192.168.2.7/24 metric 100 brd 192.168.2.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::d20d:b8ff:fe99:4ffa/64 scope link
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether d0:2d:b8:99:4f:fa brd ff:ff:ff:ff:ff:ff
    altname enp139s0
    altname ens9
    inet 192.168.4.20/24 metric 200 brd 192.168.4.255 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::d22d:b8ff:fe99:4ffa/64 scope link
       valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether d0:ad:b8:99:4f:fa brd ff:ff:ff:ff:ff:ff
    altname enp140s0
    altname ens10
    inet 192.168.1.28/24 metric 300 brd 192.168.1.255 scope global eth2
       valid_lft forever preferred_lft forever
    inet6 fe80::d2ad:b8ff:fe99:4ffa/64 scope link
       valid_lft forever preferred_lft forever

    state UP for the eth0, eth1, and eth2 interfaces means that they are running and active.

  3. To view the VM's route table, run this command:

    ip r

    Result:

    default via 192.168.2.1 dev eth0 proto dhcp src 192.168.2.7 metric 100
default via 192.168.4.1 dev eth1 proto dhcp src 192.168.4.20 metric 200
default via 192.168.1.1 dev eth2 proto dhcp src 192.168.1.28 metric 300
192.168.1.0/24 dev eth2 proto kernel scope link src 192.168.1.28 metric 300
192.168.1.1 dev eth2 proto dhcp scope link src 192.168.1.28 metric 300
192.168.1.2 dev eth2 proto dhcp scope link src 192.168.1.28 metric 300
192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.7 metric 100
192.168.2.1 dev eth0 proto dhcp scope link src 192.168.2.7 metric 100
192.168.2.2 dev eth0 proto dhcp scope link src 192.168.2.7 metric 100
192.168.4.0/24 dev eth1 proto kernel scope link src 192.168.4.20 metric 200
192.168.4.1 dev eth1 proto dhcp scope link src 192.168.4.20 metric 200
192.168.4.2 dev eth1 proto dhcp scope link src 192.168.4.20 metric 200

    The routes for all the network interfaces are configured.

    Note

    If the network interfaces you added are inactive or you can no longer connect to your VM, see Troubleshooting.

  1. Connect to the VM via RDP.

  2. To get information about the state of the VM's network interfaces, run this command in PowerShell:

    ipconfig /all

    Result:

    Windows IP Configuration

   Host Name . . . . . . . . . . . . : windows-vm
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : ru-central1.internal
                                       auto.internal

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : ru-central1.internal
   Description . . . . . . . . . . . : Red Hat VirtIO Ethernet Adapter
   Physical Address. . . . . . . . . : D0-2D-7E-E7-46-C5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::788f:1f20:e4e4:2f17%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.4.23(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, May 5, 2024 8:33:25 AM
   Lease Expires . . . . . . . . . . : Wednesday, June 11, 2160 3:05:02 PM
   Default Gateway . . . . . . . . . : 192.168.4.1
   DHCP Server . . . . . . . . . . . : 192.168.4.2
   DHCPv6 IAID . . . . . . . . . . . : 181415294
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2D-C8-FA-25-D0-0D-7E-E7-46-C5
   DNS Servers . . . . . . . . . . . : 192.168.4.2
   NetBIOS over Tcpip. . . . . . . . : Enabled
   Connection-specific DNS Suffix Search List :
                                       ru-central1.internal
                                       auto.internal

Ethernet adapter eth0:

   Connection-specific DNS Suffix  . : ru-central1.internal
   Description . . . . . . . . . . . : Red Hat VirtIO Ethernet Adapter #2
   Physical Address. . . . . . . . . : D0-0D-7E-E7-46-C5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5e90:6d59:693:3d74%5(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.27(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, May 5, 2024 8:33:23 AM
   Lease Expires . . . . . . . . . . : Wednesday, June 11, 2160 3:05:02 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.2
   DHCPv6 IAID . . . . . . . . . . . : 131075350
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2D-C8-FA-25-D0-0D-7E-E7-46-C5
   DNS Servers . . . . . . . . . . . : 192.168.1.2
   NetBIOS over Tcpip. . . . . . . . : Enabled
   Connection-specific DNS Suffix Search List :
                                       ru-central1.internal
                                       auto.internal

Ethernet adapter Ethernet 2:

   Connection-specific DNS Suffix  . : ru-central1.internal
   Description . . . . . . . . . . . : Red Hat VirtIO Ethernet Adapter #3
   Physical Address. . . . . . . . . : D0-1D-7E-E7-46-C5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::851a:86ae:28fd:90ce%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.15(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, May 5, 2024 8:33:25 AM
   Lease Expires . . . . . . . . . . : Wednesday, June 11, 2160 3:05:02 PM
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.2
   DHCPv6 IAID . . . . . . . . . . . : 198188414
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2D-C8-FA-25-D0-0D-7E-E7-46-C5
   DNS Servers . . . . . . . . . . . : 192.168.2.2
   NetBIOS over Tcpip. . . . . . . . : Enabled
   Connection-specific DNS Suffix Search List :
                                       ru-central1.internal
                                       auto.internal

    All the network interfaces are running and active.

Previous
Moving a VM to another cloud
Next
Deleting a network interface from a VM