We've been going through the process of migrating VMs from our data centres into Azure.
When migrating, one of the gotchas is networking rules; i.e. there are NSGs, hardware firewalls, OS firewalls, VPN routing rules, etc in various places, each managed by different teams, so saying what needs to be updated & ensuring it has been ahead of migrating the VM can be awkard - and you can't test until the VM's been migrated over... Or that was my initial assumption.
I've realised that we can create the NIC and allocate it an IP in advance of migrating the VM. We can temporarily attach this NIC to a resource that listens on the relevant ports, and thus we can test (e.g. using Test-Connection $myNicIP -Port $myPort from those clients we're interested in).
We can use any VM for this, and since the VM doesn't have to be in the same resource group as its NIC potentially we could just have an arbitrary VM, and run the following PS to create a temporary listener for our test: $s = [System.Net.Sockets.TcpListener]::new([System.Net.IPAddress]::Any, $PortOfInterest);$s.Start();Start-Sleep -Seconds 600;$s.Stop().
However, is there a better option?
- If there's some way to just enable the NIC to respond without needing to attach it to anything (i.e. for easy testing) that would be ideal... but I guess unlikely.
- Or is there a better solution; e.g. the above powershell could easily be a serverless function; but for that we need a premium service or ASE, then need to setup a private endpooint for it to attach the nic; so it's several steps to get there. Is there some existing solution that can be deployed in minutes to connect to a NIC and just listen for / accept incoming TCP requests; doing nothing more with them.
