Adding another network interface to a virtual machine
A virtual machine can have one or more network interfaces. For more information on the maximum number of VM network interfaces, see Quotas and limits in Compute Cloud.
You can add network interfaces to either running or stopped VMs. To maintain network connectivity, we recommend adding network interfaces to stopped VMs.
Adding a network interface to a stopped VM
To add another network interface to your virtual machine:
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
-
View the description of the CLI command for adding a network interface to a virtual machine:
yc compute instance attach-network-interface --help
-
Get a list of VMs in the default folder:
yc compute instance list
Result:
+----------------------+-----------------+---------------+---------+----------------------+ | ID | NAME | ZONE ID | STATUS | DESCRIPTION | +----------------------+-----------------+---------------+---------+----------------------+ | fhm0b28lgfp4******** | first-instance | ru-central1-a | RUNNING | my first vm via CLI | | fhm9gk85nj7g******** | second-instance | ru-central1-a | RUNNING | my second vm via CLI | +----------------------+-----------------+---------------+---------+----------------------+
Save the ID of the VM you want to add another network interface to.
-
Stop the selected VM by specifying its ID:
yc compute instance stop <VM_ID>
-
Get a list of all subnets in the default folder:
yc vpc subnet list
Result:
+----------------------+-----------------------+----------------------+----------------+---------------+-------------------+ | ID | NAME | NETWORK ID | ROUTE TABLE ID | ZONE | RANGE | +----------------------+-----------------------+----------------------+----------------+---------------+-------------------+ | bucqps2lt75g******** | subnet-ru-central1-a1 | c64pv6m0aqq6******** | | ru-central1-a | [192.168.1.0/24] | | e2lrucutusnd******** | subnet-ru-central1-a2 | c64pv6m0aqq6******** | | ru-central1-a | [192.168.2.0/24] | | e2lv9c6aek1d******** | subnet-ru-central1-a3 | c64pv6m0aqq6******** | | ru-central1-a | [192.168.4.0/24] | | bltign9kcffv******** | default-ru-central1-b | c64pv6m0aqq6******** | | ru-central1-b | [192.168.3.0/24] | +----------------------+-----------------------+----------------------+----------------+---------------+-------------------+
Save the ID of the subnet you want to attach to the VM's network interface being added. The subnet must be in the same availability zone as the VM.
-
Get a list of all security groups in the default folder:
yc vpc sg list
Result:
+----------------------+---------------------------------+--------------------------------+----------------------+ | ID | NAME | DESCRIPTION | NETWORK-ID | +----------------------+---------------------------------+--------------------------------+----------------------+ | c646ev94tb6k******** | my-sg-group | | c64pv6m0aqq6******** | | c64r84tbt32j******** | default-sg-c64pv6m0aqq6******** | Default security group for | c64pv6m0aqq6******** | | | | network | | +----------------------+---------------------------------+--------------------------------+----------------------+
Save the IDs of the security groups you want to attach to the VM's network interface being added. The security groups must be in the same cloud network as the subnet being attached.
-
Get a list of used network interface numbers for the selected VM by specifying its ID:
yc compute instance get <VM_ID>
Result:
... network_interfaces: - index: "0" mac_address: d0:0d:b8:**:**:** subnet_id: e2lpp96bvvgp******** primary_v4_address: address: 192.168.2.7 one_to_one_nat: ip_version: IPV4 security_group_ids: - enpuatgvejtn******** - index: "1" mac_address: d0:ad:b8:**:**:** subnet_id: e2lrucutusnd******** primary_v4_address: {} security_group_ids: - enpuatgvejtn******** - enpg8d2hqh1o******** ...
In the above example, the network interfaces numbered
0
and1
(theindex
field values) are already in use. -
Add a new network interface to the selected VM:
yc compute instance attach-network-interface \ --id <VM_ID> \ --subnet-id <subnet_ID> \ --network-interface-index <network_interface_number> \ --security-group-id <security_group_ID> \ --ipv4-address <internal_IP_address> \ --nat-ip-version ipv4 \ --nat-address <public_IP_address>
Where:
-
--id
: ID of the selected VM. Instead of an ID, you can use the--name
parameter to specify the VM name. -
--subnet-id
: ID of the subnet to connect to the network interface being attached. Instead of an ID, you can use the--subnet-name
parameter to specify the subnet name. -
--network-interface-index
: Number of the VM's network interface you are creating. Specify any number between0
and15
except the ones already used. -
--security-group-id
: ID of the security group to attach to the network interface you are creating. You can attach up to five security groups to one network interface by listing their IDs separated by commas. -
--ipv4-address
: Internal IP address to assign to the network interface. The address must come from the address range of the subnet you are connecting to the interface. Set the value toauto
to automatically assign an internal IP address from the pool of IP addresses available in the subnet. -
--nat-ip-version ipv4
: Specify this parameter if you need to assign a public IP address to the network interface you are creating. If you do not specify the--nat-address
parameter, a dynamic public IP address from the pool of available Yandex Cloud IP addresses will be assigned to your network interface.If the network interface does not need a public IP address, remove the
--nat-ip-version
parameter. -
--nat-address
: Previously reserved static public IP address. You can set this parameter only if the--nat-ip-version
parameter is set. The IP address must be reserved in the same availability zone where the VM is located.
Result:
... network_interfaces: - index: "0" mac_address: d0:0d:b8:**:**:** subnet_id: e2lpp96bvvgp******** primary_v4_address: address: 192.168.2.7 one_to_one_nat: ip_version: IPV4 security_group_ids: - enpuatgvejtn******** - index: "1" mac_address: d0:ad:b8:**:**:** subnet_id: e2lrucutusnd******** primary_v4_address: address: 192.168.4.20 security_group_ids: - enpuatgvejtn******** - enpg8d2hqh1o******** - index: "2" mac_address: d0:2d:b8:**:**:** subnet_id: e2lv9c6aek1d******** primary_v4_address: {} security_group_ids: - enpuatgvejtn******** - enpg8d2hqh1o******** ...
-
-
To assign IP addresses to the new interface, start the VM by specifying its ID:
yc compute instance start <VM_ID>
Use the attachNetworkInterface REST API method for the Instance resource or the InstanceService/AttachNetworkInterface gRPC API call.
Now your VM features a new network interface. Make sure it works.
Adding a network interface to a running VM
Note
The feature of adding and removing network interfaces on running VMs is at the Preview stage. To access the feature, contact
To add another network interface to your virtual machine:
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
-
View the description of the CLI command for adding a network interface to a virtual machine:
yc compute instance attach-network-interface --help
-
Get a list of VMs in the default folder:
yc compute instance list
Result:
+----------------------+-----------------+---------------+---------+----------------------+ | ID | NAME | ZONE ID | STATUS | DESCRIPTION | +----------------------+-----------------+---------------+---------+----------------------+ | fhm0b28lgfp4******** | first-instance | ru-central1-a | RUNNING | my first vm via CLI | | fhm9gk85nj7g******** | second-instance | ru-central1-a | RUNNING | my second vm via CLI | +----------------------+-----------------+---------------+---------+----------------------+
Save the ID of the VM you want to add another network interface to.
-
Get a list of all subnets in the default folder:
yc vpc subnet list
Result:
+----------------------+-----------------------+----------------------+----------------+---------------+-------------------+ | ID | NAME | NETWORK ID | ROUTE TABLE ID | ZONE | RANGE | +----------------------+-----------------------+----------------------+----------------+---------------+-------------------+ | bucqps2lt75g******** | subnet-ru-central1-a1 | c64pv6m0aqq6******** | | ru-central1-a | [192.168.1.0/24] | | e2lrucutusnd******** | subnet-ru-central1-a2 | c64pv6m0aqq6******** | | ru-central1-a | [192.168.2.0/24] | | e2lv9c6aek1d******** | subnet-ru-central1-a3 | c64pv6m0aqq6******** | | ru-central1-a | [192.168.4.0/24] | | bltign9kcffv******** | default-ru-central1-b | c64pv6m0aqq6******** | | ru-central1-b | [192.168.3.0/24] | +----------------------+-----------------------+----------------------+----------------+---------------+-------------------+
Save the ID of the subnet you want to attach to the VM's network interface being added. The subnet must be in the same availability zone as the VM.
-
Get a list of all security groups in the default folder:
yc vpc sg list
Result:
+----------------------+---------------------------------+--------------------------------+----------------------+ | ID | NAME | DESCRIPTION | NETWORK-ID | +----------------------+---------------------------------+--------------------------------+----------------------+ | c646ev94tb6k******** | my-sg-group | | c64pv6m0aqq6******** | | c64r84tbt32j******** | default-sg-c64pv6m0aqq6******** | Default security group for | c64pv6m0aqq6******** | | | | network | | +----------------------+---------------------------------+--------------------------------+----------------------+
Save the IDs of the security groups you want to attach to the VM's network interface being added. The security groups must be in the same cloud network as the subnet being attached.
-
Get a list of used network interface numbers for the selected VM by specifying its ID:
yc compute instance get <VM_ID>
Result:
... network_interfaces: - index: "0" mac_address: d0:0d:1a:**:**:** subnet_id: e2lrucutusnd******** primary_v4_address: address: 192.168.1.20 one_to_one_nat: address: 158.***.**.*** ip_version: IPV4 security_group_ids: - enpuatgvejtn******** - index: "1" mac_address: d0:1d:1a:**:**:** subnet_id: e2lpp96bvvgp******** primary_v4_address: address: 192.168.2.3 security_group_ids: - enpuatgvejtn******** - enpg8d2hqh1o******** ...
In the above example, the network interfaces numbered
0
and1
(theindex
field values) are already in use. -
Add a new network interface to the selected VM:
yc compute instance attach-network-interface \ --id <VM_ID> \ --subnet-id <subnet_ID> \ --network-interface-index <network_interface_number> \ --security-group-id <security_group_ID> \ --ipv4-address <internal_IP_address> \ --nat-ip-version ipv4 \ --nat-address <public_IP_address>
Where:
-
--id
: ID of the selected VM. Instead of an ID, you can use the--name
parameter to specify the VM name. -
--subnet-id
: ID of the subnet to connect to the network interface being attached. Instead of an ID, you can use the--subnet-name
parameter to specify the subnet name. -
--network-interface-index
: Number of the VM's network interface you are creating. Specify any number between0
and15
except the ones already used. -
--security-group-id
: ID of the security group to attach to the network interface you are creating. You can attach up to five security groups to one network interface by listing their IDs separated by commas. -
--ipv4-address
: Internal IP address to assign to the network interface. The address must come from the address range of the subnet you are connecting to the interface. Set the value toauto
to automatically assign an internal IP address from the pool of IP addresses available in the subnet. -
--nat-ip-version ipv4
: Specify this parameter if you need to assign a public IP address to the network interface you are creating. If you do not specify the--nat-address
parameter, a dynamic public IP address from the pool of available Yandex Cloud IP addresses will be assigned to your network interface.If the network interface does not need a public IP address, remove the
--nat-ip-version
parameter. -
--nat-address
: Previously reserved static public IP address. You can set this parameter only if the--nat-ip-version
parameter is set. The IP address must be reserved in the same availability zone where the VM is located.
Result:
... network_interfaces: - index: "0" mac_address: d0:0d:1a:**:**:** subnet_id: e2lrucutusnd******** primary_v4_address: address: 192.168.1.20 one_to_one_nat: address: 158.***.**.*** ip_version: IPV4 security_group_ids: - enpuatgvejtn******** - index: "1" mac_address: d0:1d:1a:**:**:** subnet_id: e2lpp96bvvgp******** primary_v4_address: address: 192.168.2.3 security_group_ids: - enpuatgvejtn******** - enpg8d2hqh1o******** - index: "2" mac_address: d0:2d:1a:**:**:** subnet_id: e2lv9c6aek1d******** primary_v4_address: address: 192.168.4.17 security_group_ids: - enpuatgvejtn******** - enpg8d2hqh1o******** ...
-
Use the attachNetworkInterface REST API method for the Instance resource or the InstanceService/AttachNetworkInterface gRPC API call.
Now your VM features a new network interface. The new interface is currently inactive as you added it to a running VM. To make sure it is inactive:
-
Connect to the VM over SSH.
-
Run this command to get information about the state of VM's network interfaces:
ip a
Result:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever ... 4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether d0:2d:1a:f4:20:ef brd ff:ff:ff:ff:ff:ff altname enp140s0 altname ens10
state DOWN
for theeth2
interface indicates that it is inactive.
-
Connect to the VM via RDP.
-
To start Device Manager, run this command in PowerShell:
devmgmt.msc
-
In the Device Manager window that opens, expand Network adapters. The newly added network interface has an exclamation mark next to it and is inactive.
To make it active, restart the VM. For Windows OS, restarting the VM is the only way to activate the interface.
If your VM is running Linux and you cannot restart it, you can activate the network interface without restarting the VM. To avoid network connectivity loss, configure settings from the serial console:
-
Enable access to the serial console on your VM.
When creating a user for authenticating on the VM through the serial console, add this user to the
sudo
group using thesudo usermod -a -G sudo <username>
command. -
Connect to the VM's serial console via the CLI or SSH.
-
Activate the network interface you have added:
sudo ip link set <interface_name> up
Where
<interface_name>
is the name of the inactive interface in Linux, e.g.,eth2
. You can view the names of network interfaces in the Linux terminal using theip a
command. -
Get DHCP settings for the new interface:
sudo dhclient <interface_name>
-
Delete the default route for the new network interface from the VM's route table:
sudo ip route del default dev <interface_name>
-
Disable access to the VM's serial console if you no longer need it.
Now the attached network interface is active.
Make sure the new network interface works properly
To test the new network interface:
-
Connect to the VM over SSH.
-
Run this command to get information about the state of VM's network interfaces:
ip a
Result:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether d0:0d:b8:99:4f:fa brd ff:ff:ff:ff:ff:ff altname enp138s0 altname ens8 inet 192.168.2.7/24 metric 100 brd 192.168.2.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::d20d:b8ff:fe99:4ffa/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether d0:2d:b8:99:4f:fa brd ff:ff:ff:ff:ff:ff altname enp139s0 altname ens9 inet 192.168.4.20/24 metric 200 brd 192.168.4.255 scope global eth1 valid_lft forever preferred_lft forever inet6 fe80::d22d:b8ff:fe99:4ffa/64 scope link valid_lft forever preferred_lft forever 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether d0:ad:b8:99:4f:fa brd ff:ff:ff:ff:ff:ff altname enp140s0 altname ens10 inet 192.168.1.28/24 metric 300 brd 192.168.1.255 scope global eth2 valid_lft forever preferred_lft forever inet6 fe80::d2ad:b8ff:fe99:4ffa/64 scope link valid_lft forever preferred_lft forever
state UP
for theeth0
,eth1
, andeth2
interfaces indicates that they are running and active. -
To view the VM's route table, run this command:
ip r
Result:
default via 192.168.2.1 dev eth0 proto dhcp src 192.168.2.7 metric 100 default via 192.168.4.1 dev eth1 proto dhcp src 192.168.4.20 metric 200 default via 192.168.1.1 dev eth2 proto dhcp src 192.168.1.28 metric 300 192.168.1.0/24 dev eth2 proto kernel scope link src 192.168.1.28 metric 300 192.168.1.1 dev eth2 proto dhcp scope link src 192.168.1.28 metric 300 192.168.1.2 dev eth2 proto dhcp scope link src 192.168.1.28 metric 300 192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.7 metric 100 192.168.2.1 dev eth0 proto dhcp scope link src 192.168.2.7 metric 100 192.168.2.2 dev eth0 proto dhcp scope link src 192.168.2.7 metric 100 192.168.4.0/24 dev eth1 proto kernel scope link src 192.168.4.20 metric 200 192.168.4.1 dev eth1 proto dhcp scope link src 192.168.4.20 metric 200 192.168.4.2 dev eth1 proto dhcp scope link src 192.168.4.20 metric 200
The routes for all the network interfaces are configured.
Note
If the network interfaces you added are inactive or you can no longer connect to your VM, see Troubleshooting.
-
Connect to the VM via RDP.
-
To get information about the state of the VM's network interfaces, run this command in PowerShell:
ipconfig /all
Result:
Windows IP Configuration Host Name . . . . . . . . . . . . : windows-vm Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : ru-central1.internal auto.internal Ethernet adapter Ethernet: Connection-specific DNS Suffix . : ru-central1.internal Description . . . . . . . . . . . : Red Hat VirtIO Ethernet Adapter Physical Address. . . . . . . . . : D0-2D-7E-E7-46-C5 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::788f:1f20:e4e4:2f17%10(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.4.23(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Sunday, May 5, 2024 8:33:25 AM Lease Expires . . . . . . . . . . : Wednesday, June 11, 2160 3:05:02 PM Default Gateway . . . . . . . . . : 192.168.4.1 DHCP Server . . . . . . . . . . . : 192.168.4.2 DHCPv6 IAID . . . . . . . . . . . : 181415294 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2D-C8-FA-25-D0-0D-7E-E7-46-C5 DNS Servers . . . . . . . . . . . : 192.168.4.2 NetBIOS over Tcpip. . . . . . . . : Enabled Connection-specific DNS Suffix Search List : ru-central1.internal auto.internal Ethernet adapter eth0: Connection-specific DNS Suffix . : ru-central1.internal Description . . . . . . . . . . . : Red Hat VirtIO Ethernet Adapter #2 Physical Address. . . . . . . . . : D0-0D-7E-E7-46-C5 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::5e90:6d59:693:3d74%5(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.27(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Sunday, May 5, 2024 8:33:23 AM Lease Expires . . . . . . . . . . : Wednesday, June 11, 2160 3:05:02 PM Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.2 DHCPv6 IAID . . . . . . . . . . . : 131075350 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2D-C8-FA-25-D0-0D-7E-E7-46-C5 DNS Servers . . . . . . . . . . . : 192.168.1.2 NetBIOS over Tcpip. . . . . . . . : Enabled Connection-specific DNS Suffix Search List : ru-central1.internal auto.internal Ethernet adapter Ethernet 2: Connection-specific DNS Suffix . : ru-central1.internal Description . . . . . . . . . . . : Red Hat VirtIO Ethernet Adapter #3 Physical Address. . . . . . . . . : D0-1D-7E-E7-46-C5 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::851a:86ae:28fd:90ce%11(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.2.15(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Sunday, May 5, 2024 8:33:25 AM Lease Expires . . . . . . . . . . : Wednesday, June 11, 2160 3:05:02 PM Default Gateway . . . . . . . . . : 192.168.2.1 DHCP Server . . . . . . . . . . . : 192.168.2.2 DHCPv6 IAID . . . . . . . . . . . : 198188414 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2D-C8-FA-25-D0-0D-7E-E7-46-C5 DNS Servers . . . . . . . . . . . : 192.168.2.2 NetBIOS over Tcpip. . . . . . . . : Enabled Connection-specific DNS Suffix Search List : ru-central1.internal auto.internal
All the network interfaces are running and active.