Azure housekeeping with bash and CLI 2.0

Occasionally it’s a good idea to do some housekeeping on your Azure subscription.

The three bash & Azure cli 2.0 scripts in this post will:

  1. Try to find any ‘orphaned’ .vhd disk files that are in your storage account and show the command needed to delete them. When you delete a VM you’ll typically leave behind a .vhd file in the storage account associated with that VM. As these are 128GB page blobs if you have created and destroyed a lot of VM’s the cost keeping these ‘orphaned’ .vhd’s you are no longer using can build up over time
  2. Find any ‘orphaned’ public IP’s you provisioned with deleted VM’s and show the command to delete them
  3. Find any ‘orphaned’ Network Interfaces and again show the command to delete them.

All three scripts assume you have completed the cli 2.0 login process. (az login) and set the subscription (az account set -s “Your Subscription name”)

You can confirm these have been done by checking the output of the az account show command , it should list the subscription you set.

MacBook-Pro:cli2 AndyT$ az account show
{
  "environmentName": "AzureCloud",
  "id": "12345678-abcd-1234-abcd-123456789abc",
  "isDefault": true,
  "name": "Your Subscription Name",
  "state": "Enabled",
  "tenantId": "87654321-1234-abcd-1234-abc123456789",
  "user": {
    "name": "yourlogin@your.domain",
    "type": "user"
  }
}
MacBook-Pro:cli2 AndyT$ 

So here are the scripts – use at your own risk!

1. Cleanup storage
i=0
for g in `az group list | grep name | awk {'print $2'} | cut -d'"' -f2` ; do
  echo Scanning Resource Group: $g
  j=0
  for f in `az storage account list -g $g --query '[*].{name: name}' | grep 'name\|enc\|sku' | awk {'print $2'} | cut -d'"' -f2 ` ; do  
    echo Stor Acc = $f
    k=`az storage account keys list --resource-group $g --account-name $f --query '[0].value'`
    for cont in `az storage container list --query '[*].{name: name}' --account-name $f --account-key $k | grep 'name' | awk {'print $2'} | cut -d'"' -f2 `
      do
      #echo Found Container = $cont  
      if [ $cont == "vhds" ] ; then
        echo Scanning for Blobs in vhds container  
        let j=0
        for blob in `az storage blob list --query '[*].{name: name,type: properties.blobType,lease: properties.lease.state, content: properties.contentSettings.contentType}' --container-name $cont --account-name $f | grep 'lease\|name\|type\|content' | awk {'print $2'} | cut -d'"' -f2`
        do
          if [ $j -eq 0 ] ; then
            bcontent[i]=$blob
          fi
          if [ $j -eq 1 ] ; then
              blease[i]=$blob
          fi
          if [ $j -eq 2 ] ; then
              bname[i]=$blob
          fi
          if [ $j -eq 3 ] ; then
              btype[i]=$blob
              brg[i]=$g
              bstor[i]=$f
              bcont[i]=$cont
          fi
          let j=j+1
          if [ $j -ge 4 ] ; then
              let j=0
              let i=i+1
          fi
        done
      fi
    done
  done
done
let i=i-1
echo $i
for k in `seq 0 $i`; do 
  if [ ${blease[$k]} != "leased" ] ; then
    if [ ${bcontent[$k]} == "application/octet-stream" ] ; then
      if [ ${btype[$k]} == "PageBlob" ] ; then
        fname="${bname[$k]}"
        fl=${#fname}
        let fb=$fl-4
        fext=${fname:$fb:$fl}
        if [ $fext == ".vhd" ] ; then
          printf "Delete:  %s " "${brg[$k]}"
          printf "  %s "  "${bstor[$k]}"
          printf "  %s "  "${bcont[$k]}"
          printf "  %s\n"  "${bname[$k]}"
          echo Command to use: az storage blob delete --account-name ${bstor[$k]} --container-name ${bcont[$k]} --name ${bname[$k]} --delete-snapshots include
          printf "\n\n"
        fi
      fi
    fi
  fi
done
2. Cleanup public ip’s
i=0
for g in `az group list | grep name | awk {'print $2'} | cut -d'"' -f2` 
do
  echo Scanning Resource Group = $g
  let j=0
  for n in `az network public-ip list -g $g  --query '[*].{name: name,ipc: ipConfiguration.id}' | grep 'name\|ipc' | awk {'print $2'}`
  do
    if [ $j -eq 1 ] ; then
      nname[i]=$n
      nn=`echo $n | cut -d',' -f 1 | cut -d'"' -f 2`
      nname[i]=$nn
    fi
    if [ $j -eq 0 ] ; then
      nc=`echo $n | cut -d',' -f 1`
      nvm[i]=$nc
      brg[i]=$g
    fi
    let j=j+1
    if [ $j -ge 2 ] ; then
      let j=0
      let i=i+1
    fi
  done
done
let i=i-1
echo "Found $i Public IP's - checking if any are orphaned ..."
for k in `seq 0 $i`; do
  if [ ${nvm[$k]} == "null" ] ; then
    printf "Delete: %s " "${brg[$k]}"
    printf "  %s "  "${nname[$k]}"
    printf "  %s \n"  "${nvm[$k]}"
    echo Command: az network public-ip delete -g ${brg[$k]} --name ${nname[$k]} --verbose
  fi
done
3. Cleanup network interfaces
i=0
for g in `az group list | grep name | awk {'print $2'} | cut -d'"' -f2` 
do
  echo Resource Group = $g
  let j=0
  for n in `az network nic list -g $g  --query '[*].{name: name,vm: virtualMachine}' | grep 'name\|vm' | awk {'print $2'}`
  do
    if [ $j -eq 0 ] ; then
      nname[i]=$n
      nn=`echo $n | cut -d',' -f 1 | cut -d'"' -f 2`
      nname[i]=$nn
    fi
    if [ $j -eq 1 ] ; then
      nvm[i]=$n
      brg[i]=$g
    fi
    let j=j+1
    if [ $j -ge 2 ] ; then
      let j=0
      let i=i+1
    fi
  done
done
let i=i-1
echo "Found $i NIC's - checking if any are orphaned ..."
for k in `seq 0 $i`; do
  if [ ${nvm[$k]} == "null" ] ; then
    printf "Delete: %s " "${brg[$k]}"
    printf "  %s "  "${nname[$k]}"
    printf "  %s \n"  "${nvm[$k]}"
    echo az network nic delete -g ${brg[$k]} --name ${nname[$k]} --verbose
  fi
done

Azure VM Network Bandwidth

July 2017 – Updated with new VPN Gateway types 

In this blog post we look at some network bandwidth tests for a variety of Azure VM sizes.

The tests have been run between two VM’s in the same VNet. Network bandwidth testing has been done with Linux using iperf3 running on CentOS 7.2 and Windows 2016 using the Ntttcp tool.

nettest1

Both single stream and multi stream tests were used. Of course your actual throughput numbers will vary from the ones seen in the tests below due to a number of factors (OS Type, workload characteristics etc….)

Note:  Microsoft is currently in the process of implementing some Azure Network optimisations:

    1. “Receive Side Scaling” – https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-optimize-network-bandwidth
    2. “Accelerated Networking” – https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-accelerated-networking-portal

The table below has been updated to include optimization 1. further updates will follow later in the year.
Entries in green include optimisation 1 “Receive Side Scaling”.

OS VM Type # Cores Single Stream Throughput ‘N’ Streams Throughput (1x #Cores)
CentOS (with 1) A0 Basic 0.25 10 Mbps 10 Mbps
CentOS (with 1) A1 Basic 1 100 Mbps 100 Mbps
CentOS (with 1) A2 Basic 2 200 Mbps 200 Mbps
CentOS (with 1) A3 Basic 4 400 Mbps 395 Mbps
CentOS (with 1)
A4 Basic 8 805 Mbps 816 Mbps
Windows A4 Basic 8 737 Mbps 734 Mbps
CentOS (with 1) A1 Standard 4 500 Mbps 500 Mbps
CentOS (with 1) A2 Standard 4 500 Mbps 500 Mbps
CentOS (with 1) A3 Standard 4 1000 Mbps 1000 Mbps
CentOS (with 1) A4 Standard 8 1990 Mbps 2000 Mbps
CentOS (with 1) A6 Standard 8 1000 Mbps 1000 Mbps
CentOS (with 1) A6 Standard 8 2000 Mbps 2000 Mbps
CentOS (with 1) A1 v2 1 495 Mbps 488 Mbps
Windows A1 v2 1 411 Mbps 467 Mbps
CentOS (with 1) A2 v2 2 500 Mbps 492 Mbps
CentOS (with 1) A4 v2 4 998 Mbps 999 Mbps
CentOS (with 1) A8 v2 8 1980 Mbps 1910 Mbps
CentOS (with 1) A8 8 4000 Mbps 4200 Mbps
CentOS (with 1) A9 16 4550 Mbps 7850 Mbps
CentOS (with 1) A10 8 3990 Mbps 3995 Mbps
Windows A10 8 1820 Mbps 3942 Mbps
CentOS (with 1) A11 16 4410 Mbps 8000 Mbps
CentOS (with 1) D1 v2 1 750 Mbps 726 Mbps
CentOS (with 1) D2 v2 2 1500 Mbps 1500 Mbps
CentOS (with 1) D3 v2 4 3000 Mbps 3000 Mbps
CentOS (with 1) D4 v2 8 4950 Mbps 6000 Mbps
CentOS (with 1) D5 v2 16 4840 Mbps 12000 Mbps
CentOS (with 1) D11 v2 2 1500 Mbps 1500 Mbps
CentOS (with 1) D12 v2 4 3000 Mbps 3000 Mbps
CentOS (with 1) D13 v2 8 4210 Mbps 5990 Mbps
CentOS (with 1) D14 v2 16 4990 Mbps 11900 Mbps
CentOS (with 1) D15 v2 20 4440 Mbps 15500 Mbps
Windows D15 v2 20 1002 Mbps 12176 Mbps
CentOS (with 1) F1 1 750 Mbps 749 Mbps
CentOS (with 1) F2 2 1500 Mbps 1490 Mbps
CentOS (with 1) F4 4 2990 Mbps 2995 Mbps
Windows (with 1) F4 4 928 Mbps 2640 Mbps
CentOS (with 1) F8 8 3490 Mbps 5990 Mbps
Windows F8 8 390 Mbps 4388 Mbps
CentOS (with 1) F16 16 4110 Mbps 11800 Mbps
Windows (with 1) F16 16 1096 Mbps 8416 Mbps
CentOS (with 1) G1 2 2000 Mbps 2000 Mbps
CentOS (with 1) G2 4 3270 Mbps 4000 Mbps
CentOS (with 1) G3 8 3160 Mbps 8000 Mbps
CentOS (with 1) G4 16 3970 Mbps 8880 Mbps
Windows G4 16 1602 Mbps 9488 Mbps
Windows (with 1) G4 16 1904 Mbps 7856 Mbps
CentOS (with 1) G5 32 3850 Mbps 13700 Mbps
CentOS (with 1) NV6 6 4850 Mbps 5970 Mbps
CentOS (with 1)
NV12 12 4760 Mbps 12200 Mbps

Test method

In each CentOS VM:

$ sudo yum -y update          (a very important step !)

Ensure Receive Side Scaling is enabled see:  https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-optimize-network-bandwidth

$ wget https://iperf.fr/download/fedora/iperf3-3.1.3-1.fc24.x86_64.rpm
$ sudo yum install iperf3-3.1.3-1.fc24.x86_64.rpm

On one VM run iperf in server mode
$ iperf3 -s

On another VM run single stream test:
$ iperf3 -c ip-of-server

For the multiple streams test:
$ iperf3 -c  ip-of-server  -P n

Where n =  number of cores in VM

In each Windows 2016 VM:

Apply the latest Windows updates then download ntttcp from here

On one VM (ip=w.x.y.z) run ntttcp in receiver mode
C:> ntttcp -r -m 1,*,w.x.y.z
&
C:> ntttcp -r -m n,*,w.x.y.z   (for the multi-thread test)
Where n = 8x number of cores in VM

On another VM run single thread test ntttcp in sender mode:
C:> ntttcp -s -m 1,*,w.x.y.z.

For the multi thread test:
C:> ntttcp -s -m n,*,w.x.y.z.

Where n =  the number of cores in VM

Peering VNets (Directly connected)

nettest2

Testing between VM’s in directly peered VNets showed no noticeable difference.

Peered VNets in the same region

Testing between VM’s indirectly peered via the new gateway types (VPMGW1, 2 & 3) shows bandwidth up to 2.8Gbs a big step forward from the previous gateway types that returned a maximum of  980 Mbps when using the now depreciated ‘High Performance’ gateway.

nettest3

Gateway Type Single Stream Throughput ‘N’ Stream Throughput (1x #Cores)
VPNGW1 700 Mbps 717 Mbps
VPNGW2 1400 Mbps 1430 Mbps
VPNGW3 1810 Mbps 2880 Mbps

For comparison here are the results form the now depreciated gateway types Standard and High Performance:

Gateway Type Single Stream Throughput ‘N’ Streams Throughput (1x #Cores)
Standard 472Mbps 580 Mbps
High Performance 720 Mbps 980 Mbps

Peered VNets via two BGP Gateways one in each region

nettest4

Gateway Type Single Stream Throughput ‘N’ Streams Throughput 
VPNGW1 550 Mbps 670 Mbps
VPNGW2 650 Mbps 780 Mbps
VPNGW3 650 Mbps 650 Mbps

For comparison here are the results form the now depreciated gateway types Standard and High Performance:

Gateway Type Single Stream Throughput ‘N’ Streams Throughput 
Standard 200 Mbps 280 Mbps
High Performance 210 Mbps 411 Mbps

Azure Application Proxy – In Action

This blog post demonstrates how to use Azure Application Proxy.

Azure Application Proxy enables you to take an internal web application and make it securely available outside of your organisation. A few different authentication options can be enabled for your internal application to help secure it:

  • If your application does not use and form of sign-in then Azures Active Directory (AAD) sign-in can be added to the public endpoint Azure Application Proxy provides.
  • Pass through, relying on you on premise  authentication.
  • If your application does use Active Directory sign-in then you have the option to set up and use AAD based single sign-on. This post demonstrates that option.

If you would like to test the scenario described above, you may want to firstly create a simple application rather than using a real application. Part 1 of this blog shows how to do that using Visual Studio. If you already have a web application that authenticated against your local Active Directory, you can skip Parts 1,2 and 3. If you already have your Azure Active Directory synchronized with your local domain you can skip through Part 4 as well.

Part 1 – Creating a simple application with Visual Studio

Part 2 – Publishing the Application to a local IIS server

Part 3 – Setting up IIS for Authentication

Part 4 – Set up your Local Domain and Directory Synchronization

Part 5 – Enable Azure Application Proxy