如何为高级 Azure Redis 缓存配置虚拟网络支持How to configure Virtual Network Support for a Premium Azure Cache for Redis

Azure Redis 缓存具有不同的缓存产品/服务,从而在缓存大小和功能(包括群集、暂留和虚拟网络支持等高级层功能)的选择上具有灵活性。Azure Cache for Redis has different cache offerings, which provide flexibility in the choice of cache size and features, including Premium tier features such as clustering, persistence, and virtual network support. VNet 是云中的专用网络。A VNet is a private network in the cloud. 为 Azure Redis 缓存实例配置了 VNet 后,该实例不可公开寻址,而只能从 VNet 中的虚拟机和应用程序进行访问。When an Azure Cache for Redis instance is configured with a VNet, it is not publicly addressable and can only be accessed from virtual machines and applications within the VNet. 本文说明如何为高级 Azure Redis 缓存实例配置虚拟网络支持。This article describes how to configure virtual network support for a premium Azure Cache for Redis instance.

备注

Azure Redis 缓存同时支持经典 VNet 和资源管理器 VNet。Azure Cache for Redis supports both classic and Resource Manager VNets.

为何使用 VNet?Why VNet?

Azure 虚拟网络 (VNet) 部署为 Azure Redis 缓存提供增强的安全性和隔离性,并提供子网、访问控制策略以及其他进一步限制访问的功能。Azure Virtual Network (VNet) deployment provides enhanced security and isolation for your Azure Cache for Redis, as well as subnets, access control policies, and other features to further restrict access.

虚拟网络支持Virtual network support

在创建缓存期间,可在“新建 Azure Redis 缓存” 边栏选项卡中配置虚拟网络 (VNet) 支持。Virtual Network (VNet) support is configured on the New Azure Cache for Redis blade during cache creation.

  1. 若要创建高级缓存,请登录到 Azure 门户并选择“创建资源”。To create a premium cache, sign in to the Azure portal and select Create a resource. 请注意:除了在 Azure 门户中创建缓存以外,也可使用资源管理器模板、PowerShell 或 Azure CLI 创建。Note, in addition to creating caches in the Azure portal, you can also create them using Resource Manager templates, PowerShell, or Azure CLI. 有关创建 Azure Redis 缓存的详细信息,请参阅创建缓存For more information about creating an Azure Cache for Redis, see Create a cache.

    创建资源。

  2. 在“新建”页上选择“数据库”,然后选择“Azure Cache for Redis”。On the New page, select Databases and then select Azure Cache for Redis.

    选择 Azure Cache for Redis。

  3. 在“新建 Redis 缓存”页上配置新高级缓存的设置。On the New Redis Cache page, configure the settings for your new premium cache.

    设置Setting 建议的值Suggested value 说明Description
    DNS 名称DNS name 输入任何全局唯一的名称。Enter a globally unique name. 缓存名称必须是包含 1 到 63 个字符的字符串,只能包含数字、字母或连字符。The cache name must be a string between 1 and 63 characters that contains only numbers, letters, or hyphens. 该名称必须以数字或字母开头和结尾,且不能包含连续的连字符。The name must start and end with a number or letter, and can't contain consecutive hyphens. 缓存实例的主机名将是 <DNS name>.redis.cache.chinacloudapi.cnYour cache instance's host name will be <DNS name>.redis.cache.chinacloudapi.cn.
    订阅Subscription 单击下拉箭头并选择你的订阅。Drop-down and select your subscription. 要在其下创建此新的 Azure Cache for Redis 实例的订阅。The subscription under which to create this new Azure Cache for Redis instance.
    资源组Resource group 单击下拉箭头并选择一个资源组,或者选择“新建”并输入新的资源组名称。Drop-down and select a resource group, or select Create new and enter a new resource group name. 要在其中创建缓存和其他资源的资源组的名称。Name for the resource group in which to create your cache and other resources. 将所有应用资源放入一个资源组可以轻松地统一管理或删除这些资源。By putting all your app resources in one resource group, you can easily manage or delete them together.
    位置Location 单击下拉箭头并选择一个位置。Drop-down and select a location. 选择与要使用该缓存的其他服务靠近的区域Select a region near other services that will use your cache.
    缓存类型Cache type 单击下拉箭头并选择高级缓存来配置高级功能。Drop-down and select a premium cache to configure premium features. 有关详细信息,请参阅 Azure Cache for Redis 定价For details, see Azure Cache for Redis pricing. 定价层决定可用于缓存的大小、性能和功能。The pricing tier determines the size, performance, and features that are available for the cache. 有关详细信息,请参阅用于 Redis 的 Azure 缓存概述For more information, see Azure Cache for Redis Overview.
  4. 选择“网络”选项卡,或单击页面底部的“网络”按钮 。Select the Networking tab or click the Networking button at the bottom of the page.

  5. 在“网络”选项卡中,选择“虚拟网络”作为连接方法 。In the Networking tab, select Virtual Networks as your connectivity method. 若要使用新的虚拟网络,请先创建虚拟网络,方法是执行使用 Azure 门户创建虚拟网络使用 Azure 门户创建虚拟网络(经典)中的步骤,然后返回“新建 Azure Cache for Redis”边栏选项卡来创建并配置高级缓存。To use a new virtual network, create it first by following the steps in Create a virtual network using the Azure portal or Create a virtual network (classic) by using the Azure portal and then return to the New Azure Cache for Redis blade to create and configure your premium cache.

    重要

    将 Azure Redis 缓存部署到资源管理器 VNet 时,缓存必须位于专用子网中,该子网中只能包含 Azure Redis 缓存实例,而不能包含其他资源。When deploying an Azure Cache for Redis to a Resource Manager VNet, the cache must be in a dedicated subnet that contains no other resources except for Azure Cache for Redis instances. 如果尝试将 Azure Redis 缓存部署到包含其他资源的资源管理器 VNet 子网,部署会失败。If an attempt is made to deploy an Azure Cache for Redis to a Resource Manager VNet to a subnet that contains other resources, the deployment fails.

    设置Setting 建议的值Suggested value 说明Description
    虚拟网络Virtual Network 单击下拉箭头并选择你的虚拟网络。Drop-down and select your virtual network. 选择与缓存位于同一订阅和位置中的虚拟网络。Select a virtual network that is in the same subscription and location as your cache.
    子网Subnet 单击下拉箭头并选择你的子网。Drop-down and select your subnet. 应以 CIDR 表示法表示子网的地址范围(例如 192.168.1.0/24)。The subnet's address range should be in CIDR notation (e.g. 192.168.1.0/24). 它必须包含在虚拟网络的地址空间中。It must be contained by the address space of the virtual network.
    静态 IP 地址Static IP address (可选)输入静态 IP 地址。(Optional) Enter a static IP address. 如果未指定静态 IP,则会自动选择一个 IP 地址。If you don't specify a static IP then an IP address is chosen automatically.

    重要

    Azure 会保留每个子网中的某些 IP 地址,不可以使用这些地址。Azure reserves some IP addresses within each subnet, and these addresses can't be used. 子网的第一个和最后一个 IP 地址仅为协议一致性而保留,其他三个地址用于 Azure 服务。The first and last IP addresses of the subnets are reserved for protocol conformance, along with three more addresses used for Azure services. 有关详细信息,请参阅使用这些子网中的 IP 地址是否有任何限制?For more information, see Are there any restrictions on using IP addresses within these subnets?

    除了 Azure VNET 基础结构使用的 IP 地址以外,子网中的每个 Redis 实例为每个分片使用两个 IP 地址,为负载均衡器使用一个额外的 IP 地址。In addition to the IP addresses used by the Azure VNET infrastructure, each Redis instance in the subnet uses two IP addresses per shard and one additional IP address for the load balancer. 非群集缓存被视为包含一个分片。A non-clustered cache is considered to have one shard.

  6. 选择页面底部的“下一步:高级”选项卡,或者单击页面底部的“下一步:高级”按钮。Select the Next: Advanced tab or click the Next: Advanced button on the bottom of the page.

  7. 在高级缓存实例的“高级”选项卡中,配置非 TLS 端口、群集和数据暂留的设置。In the Advanced tab for a premium cache instance, configure the settings for non-TLS port, clustering, and data persistence.

  8. 选择页面底部的“下一步:标记”选项卡,或者单击“下一步:标记”按钮。Select the Next: Tags tab or click the Next: Tags button at the bottom of the page.

  9. 或者,在“标记”选项卡中,如果希望对资源分类,请输入名称或值。Optionally, in the Tags tab, enter the name and value if you wish to categorize the resource.

  10. 选择“查看 + 创建” 。Select Review + create. 随后你会转到“查看 + 创建”选项卡,Azure 将在此处验证配置。You're taken to the Review + create tab where Azure validates your configuration.

  11. 显示绿色的“已通过验证”消息后,选择“创建”。After the green Validation passed message appears, select Create.

创建缓存需要花费片刻时间。It takes a while for the cache to create. 可以在 Azure Cache for Redis 的“概述”页上监视进度。 You can monitor progress on the Azure Cache for Redis Overview page. 如果“状态”显示为“正在运行”,则表示该缓存可供使用。 When Status shows as Running, the cache is ready to use. 创建缓存之后,可以在“资源菜单” 中单击“虚拟网络” ,查看 VNet 的配置。After the cache is created, you can view the configuration for the VNet by clicking Virtual Network from the Resource menu.

虚拟网络

若要在使用 VNet 时连接到 Azure Redis 缓存实例,请在连接字符串中指定缓存的主机名,如以下示例所示:To connect to your Azure Cache for Redis instance when using a VNet, specify the host name of your cache in the connection string as shown in the following example:

private static Lazy<ConnectionMultiplexer>
    lazyConnection = new Lazy<ConnectionMultiplexer> (() =>
    {
        return ConnectionMultiplexer.Connect("contoso5premium.redis.cache.chinacloudapi.cn,abortConnect=false,ssl=true,password=password");
    });

public static ConnectionMultiplexer Connection
{
    get
    {
        return lazyConnection.Value;
    }
}

Azure Redis 缓存 VNet 常见问题解答Azure Cache for Redis VNet FAQ

以下列表包含有关 Azure Redis 缓存缩放的常见问题的解答。The following list contains answers to commonly asked questions about the Azure Cache for Redis scaling.

Azure Redis 缓存和 VNet 有哪些常见的错误配置问题?What are some common misconfiguration issues with Azure Cache for Redis and VNets?

在 VNet 中托管 Azure Redis 缓存时,将使用下表中的端口。When Azure Cache for Redis is hosted in a VNet, the ports in the following tables are used.

重要

如果下表中的端口受阻,缓存可能无法正常工作。If the ports in the following tables are blocked, the cache may not function correctly. 在 VNet 中使用 Azure Redis 缓存时,阻止这些端口中的一个或多个是最常见的错误配置问题。Having one or more of these ports blocked is the most common misconfiguration issue when using Azure Cache for Redis in a VNet.

出站端口要求Outbound port requirements

出站端口有九个要求。There are nine outbound port requirements. 这些范围内的出站请求要么出站到缓存运行所需的其他服务,要么在 Redis 子网内部进行节点间通信。Outbound requests in these ranges are either outbound to other services necessary for the cache to function or internal to the Redis subnet for internode communication. 对于异地复制,主缓存和副本缓存的子网之间的通信存在其他出站要求。For geo-replication, additional outbound requirements exist for communication between subnets of the primary and replica cache.

端口Port(s) 方向Direction 传输协议Transport Protocol 目的Purpose 本地 IPLocal IP 远程 IPRemote IP
80、44380, 443 出站Outbound TCPTCP Azure 存储/PKI (Internet) 上的 Redis 依赖关系Redis dependencies on Azure Storage/PKI (Internet) (Redis 子网)(Redis subnet) * 4* 4
443443 出站Outbound TCPTCP Azure Key Vault 和 Azure Monitor 上的 Redis 依赖关系Redis dependency on Azure Key Vault and Azure Monitor (Redis 子网)(Redis subnet) AzureKeyVault、AzureMonitor 1AzureKeyVault, AzureMonitor 1
5353 出站Outbound TCP/UDPTCP/UDP DNS (Internet/VNet) 上的 Redis 依赖关系Redis dependencies on DNS (Internet/VNet) (Redis 子网)(Redis subnet) 168.63.129.16 和 169.254.169.254 2 以及子网的任何自定义 DNS 服务器 3168.63.129.16 and 169.254.169.254 2 and any custom DNS server for the subnet 3
84438443 出站Outbound TCPTCP Redis 的内部通信Internal communications for Redis (Redis 子网)(Redis subnet) (Redis 子网)(Redis subnet)
10221-1023110221-10231 出站Outbound TCPTCP Redis 的内部通信Internal communications for Redis (Redis 子网)(Redis subnet) (Redis 子网)(Redis subnet)
2022620226 出站Outbound TCPTCP Redis 的内部通信Internal communications for Redis (Redis 子网)(Redis subnet) (Redis 子网)(Redis subnet)
13000-1399913000-13999 出站Outbound TCPTCP Redis 的内部通信Internal communications for Redis (Redis 子网)(Redis subnet) (Redis 子网)(Redis subnet)
15000-1599915000-15999 出站Outbound TCPTCP Redis 的内部通信和异地复制Internal communications for Redis and Geo-Replication (Redis 子网)(Redis subnet) (Redis 子网)(地域副本对等子网)(Redis subnet) (Geo-replica peer subnet)
6379-63806379-6380 出站Outbound TCPTCP Redis 的内部通信Internal communications for Redis (Redis 子网)(Redis subnet) (Redis 子网)(Redis subnet)

1 可以将服务标记“AzureKeyVault”和“AzureMonitor”用于资源管理器网络安全组。1 You can use the service tags 'AzureKeyVault' and 'AzureMonitor' with Resource Manager Network Security Groups.

2 Microsoft 拥有的这些 IP 地址用于对为 Azure DNS 提供服务的主机 VM 进行寻址。2 These IP addresses owned by Microsoft are used to address the Host VM which serves Azure DNS.

3 没有自定义 DNS 服务器的子网或忽略自定义 DNS 的更新 redis 缓存不需要。3 Not needed for subnets with no custom DNS server, or newer redis caches that ignore custom DNS.

4 有关详细信息,请参阅其他 VNET 网络连接要求4 For more information, see Additional VNET network connectivity requirements.

异地复制对等端口要求Geo-replication peer port requirements

如果在 Azure 虚拟网络中的缓存之间使用异地复制,请注意,建议的配置是在两个缓存的入站和出站方向上取消阻止整个子网的端口 15000-15999,这样即使将来发生异地故障转移,子网中的所有副本组件也可以直接相互通信。If you are using georeplication between caches in Azure Virtual Networks, please note that the recommended configuration is to unblock ports 15000-15999 for the whole subnet in both inbound AND outbound directions to both caches, so that all the replica components in the subnet can communicate directly with each other even in the event of a future geo-failover.

入站端口要求Inbound port requirements

入站端口范围有八个要求。There are eight inbound port range requirements. 这些范围中的入站请求从同一 VNET 中托管的其他服务入站,或者是 Redis 子网通信的内部请求。Inbound requests in these ranges are either inbound from other services hosted in the same VNET or internal to the Redis subnet communications.

端口Port(s) 方向Direction 传输协议Transport Protocol 目的Purpose 本地 IPLocal IP 远程 IPRemote IP
6379、63806379, 6380 入站Inbound TCPTCP 与 Redis 的客户端通信、Azure 负载均衡Client communication to Redis, Azure load balancing (Redis 子网)(Redis subnet) (Redis 子网)、(客户端子网)、AzureLoadBalancer 1(Redis subnet), (Client subnet), AzureLoadBalancer 1
84438443 入站Inbound TCPTCP Redis 的内部通信Internal communications for Redis (Redis 子网)(Redis subnet) (Redis 子网)(Redis subnet)
85008500 入站Inbound TCP/UDPTCP/UDP Azure 负载均衡Azure load balancing (Redis 子网)(Redis subnet) AzureLoadBalancerAzureLoadBalancer
10221-1023110221-10231 入站Inbound TCPTCP 与 Redis 群集的客户端通信、Redis 内部通信Client communication to Redis Clusters, Internal communications for Redis (Redis 子网)(Redis subnet) (Redis 子网)、AzureLoadBalancer、(客户端子网)(Redis subnet), AzureLoadBalancer, (Client subnet)
13000-1399913000-13999 入站Inbound TCPTCP 与 Redis 群集的客户端通信、Azure 负载均衡Client communication to Redis Clusters, Azure load balancing (Redis 子网)(Redis subnet) (Redis 子网)、(客户端子网)、AzureLoadBalancer(Redis subnet), (Client subnet), AzureLoadBalancer
15000-1599915000-15999 入站Inbound TCPTCP 与 Redis 群集的客户端通信、Azure 负载均衡和异地复制Client communication to Redis Clusters, Azure load Balancing, and Geo-Replication (Redis 子网)(Redis subnet) (Redis 子网)、(客户端子网)、AzureLoadBalancer、(地域副本对等子网)(Redis subnet), (Client subnet), AzureLoadBalancer, (Geo-replica peer subnet)
1600116001 入站Inbound TCP/UDPTCP/UDP Azure 负载均衡Azure load balancing (Redis 子网)(Redis subnet) AzureLoadBalancerAzureLoadBalancer
2022620226 入站Inbound TCPTCP Redis 的内部通信Internal communications for Redis (Redis 子网)(Redis subnet) (Redis 子网)(Redis subnet)

1 可以使用服务标记“AzureLoadBalancer”(资源管理器)或“AZURE_LOADBALANCER”(经典)来创作 NSG 规则。1 You can use the Service Tag 'AzureLoadBalancer' (Resource Manager) (or 'AZURE_LOADBALANCER' for classic) for authoring the NSG rules.

其他 VNET 网络连接要求Additional VNET network connectivity requirements

在虚拟网络中,可能一开始不符合 Azure Redis 缓存的网络连接要求。There are network connectivity requirements for Azure Cache for Redis that may not be initially met in a virtual network. 在虚拟网络中使用时,Azure Redis 缓存需要以下所有项才能正常运行。Azure Cache for Redis requires all the following items to function properly when used within a virtual network.

  • 与全球 Azure 存储终结点建立的出站网络连接。Outbound network connectivity to Azure Storage endpoints worldwide. 这包括位于 Azure Redis 缓存实例区域的终结点,以及位于 其他 Azure 区域的存储终结点。This includes endpoints located in the same region as the Azure Cache for Redis instance, as well as storage endpoints located in other Azure regions. Azure 存储终结点在以下 DNS 域之下解析:table.core.chinacloudapi.cnblob.core.chinacloudapi.cnqueue.core.chinacloudapi.cnfile.core.chinacloudapi.cnAzure Storage endpoints resolve under the following DNS domains: table.core.chinacloudapi.cn, blob.core.chinacloudapi.cn, queue.core.chinacloudapi.cn, and file.core.chinacloudapi.cn.
  • 与 ocsp.digicert.com、crl4.digicert.com、ocsp.msocsp.com、mscrl.microsoft.com、crl3.digicert.com、cacerts.digicert.com、oneocsp.microsoft.com 和 crl.microsoft.com 之间的出站网络连接 。Outbound network connectivity to ocsp.digicert.com, crl4.digicert.com, ocsp.msocsp.com, mscrl.microsoft.com, crl3.digicert.com, cacerts.digicert.com, oneocsp.microsoft.com and crl.microsoft.com. 需要此连接才能支持 TLS/SSL 功能。This connectivity is needed to support TLS/SSL functionality.
  • 虚拟网络的 DNS 设置必须能够解析前面几点所提到的所有终结点和域。The DNS configuration for the virtual network must be capable of resolving all of the endpoints and domains mentioned in the earlier points. 确保已针对虚拟网络配置并维护有效的 DNS 基础结构即可符合这些 DNS 要求。These DNS requirements can be met by ensuring a valid DNS infrastructure is configured and maintained for the virtual network.
  • 与以下Azure Monitor 终结点(在下列 DNS 域下进行解析)的出站网络连接:shoebox2-black.shoebox2.metrics.nsatc.net、north-prod2.prod2.metrics.nsatc.net、azglobal-black.azglobal.metrics.nsatc.net、shoebox2-red.shoebox2.metrics.nsatc.net、east-prod2.prod2.metrics.nsatc.net、azglobal-red.azglobal.metrics.nsatc.net 。Outbound network connectivity to the following Azure Monitor endpoints, which resolve under the following DNS domains: shoebox2-black.shoebox2.metrics.nsatc.net, north-prod2.prod2.metrics.nsatc.net, azglobal-black.azglobal.metrics.nsatc.net, shoebox2-red.shoebox2.metrics.nsatc.net, east-prod2.prod2.metrics.nsatc.net, azglobal-red.azglobal.metrics.nsatc.net.

如何验证缓存是否在 VNET 中正常工作?How can I verify that my cache is working in a VNET?

重要

连接到 VNET 中托管的 Azure Redis 缓存实例时,缓存客户端必须位于同一 VNET 中,或位于同一 Azure 区域中已启用 VNET 对等互连的 VNET 中。When connecting to an Azure Cache for Redis instance that is hosted in a VNET, your cache clients must be in the same VNET or in a VNET with VNET peering enabled within the same Azure region. 当前不支持全局 VNET 对等互连。Global VNET Peering isn't currently supported. 这包括任何测试应用程序或诊断 ping 工具。This includes any test applications or diagnostic pinging tools. 无论客户端应用程序在哪里托管,都必须配置网络安全组或其他网络层,这样客户端的网络流量才能到达 Redis 实例。Regardless of where the client application is hosted, Network security groups or other network layers must be configured such that the client's network traffic is allowed to reach the Redis instance.

根据上一部分中所述的要求配置端口后,可通过执行以下步骤来验证缓存是否正常工作。Once the port requirements are configured as described in the previous section, you can verify that your cache is working by performing the following steps.

  • 重新启动所有缓存节点。Reboot all of the cache nodes. 如果无法访问全部所需的缓存依赖项(如入站端口要求出站端口要求中所述),则缓存无法成功重启。If all of the required cache dependencies can't be reached (as documented in Inbound port requirements and Outbound port requirements), the cache won't be able to restart successfully.
  • 重启缓存节点后(由 Azure 门户中的缓存状态报告),可执行以下测试:Once the cache nodes have restarted (as reported by the cache status in the Azure portal), you can perform the following tests:
    • 使用 tcping,从缓存所在的同一 VNET 中的某台计算机 ping 缓存终结点(使用端口 6380)。ping the cache endpoint (using port 6380) from a machine that is within the same VNET as the cache, using tcping. 例如:For example:

      tcping.exe contosocache.redis.cache.chinacloudapi.cn 6380

      如果 tcping 工具报告端口已打开,则可以从该 VNET 中的客户端连接缓存。If the tcping tool reports that the port is open, the cache is available for connection from clients in the VNET.

    • 另一种测试方法是创建一个与缓存连接的测试缓存客户端(可以是使用 StackExchange.Redis 的简单控制台应用程序),然后在缓存中添加和检索一些项。Another way to test is to create a test cache client (which could be a simple console application using StackExchange.Redis) that connects to the cache and adds and retrieves some items from the cache. 将示例客户端应用程序安装到缓存所在的同一个 VNET 中的某个 VM,然后运行该应用程序来验证与缓存之间的连接。Install the sample client application onto a VM that is in the same VNET as the cache and run it to verify connectivity to the cache.

尝试连接到 VNET 中的 Azure Redis 缓存时,为何会收到一项指出远程证书无效的错误?When trying to connect to my Azure Cache for Redis in a VNET, why am I getting an error stating the remote certificate is invalid?

尝试连接到 VNET 中的 Azure Redis 缓存时,会看到类似于以下内容的证书验证错误:When trying to connect to an Azure Cache for Redis in a VNET, you see a certificate validation error such as this:

{"No connection is available to service this operation: SET mykey; The remote certificate is invalid according to the validation procedure.; …"}

这可能是因为你在通过 IP 地址来连接主机。The cause could be you are connecting to the host by the IP address. 建议使用主机名。We recommend using the hostname. 换而言之,请使用以下方法:In other words, use the following:

[mycachename].redis.chinacloudapi.cn:6380,password=xxxxxxxxxxxxxxxxxxxx,ssl=True,abortConnect=False

避免使用类似于以下连接字符串的 IP 地址:Avoid using the IP address similar to the following connection string:

10.128.2.84:6380,password=xxxxxxxxxxxxxxxxxxxx,ssl=True,abortConnect=False

如果无法解析 DNS 名称,某些客户端库包括了 sslHost(这是由 StackExchange.Redis 客户端提供的)之类的配置选项。If you are unable to resolve the DNS name, some client libraries include configuration options like sslHost which is provided by the StackExchange.Redis client. 这允许你替代用于证书验证的主机名。This allows you to override the hostname used for certificate validation. 例如:For example:

10.128.2.84:6380,password=xxxxxxxxxxxxxxxxxxxx,ssl=True,abortConnect=False;sslHost=[mycachename].redis.chinacloudapi.cn

是否可以对标准或基本缓存使用 VNet?Can I use VNets with a standard or basic cache?

只能对高级缓存使用 VNet。VNets can only be used with premium caches.

为什么在某些子网中创建 Azure Redis 缓存会失败,而在其他子网中不会失败?Why does creating an Azure Cache for Redis fail in some subnets but not others?

如果要将 Azure Cache for Redis 部署到 VNet,缓存必须位于不包含其他资源类型的专用子网中。If you are deploying an Azure Cache for Redis to a VNet, the cache must be in a dedicated subnet that contains no other resource type. 如果尝试将 Azure Cache for Redis 部署到包含其他资源(如应用程序网关、出站 NAT 等)的资源管理器 VNet 子网,部署通常会失败。If an attempt is made to deploy an Azure Cache for Redis to a Resource Manager VNet subnet that contains other resources (such as Application Gateways, Outbound NAT, and so on), the deployment will usually fail. 必须先删除其他类型的现有资源,然后才能创建新的 Azure Cache for Redis。You must delete existing resources of other types before you can create a new Azure Cache for Redis.

子网中还必须有足够的可用 IP 地址。You must also have enough IP addresses available in the subnet.

子网地址空间的要求是什么?What are the subnet address space requirements?

Azure 会保留每个子网中的某些 IP 地址,不可以使用这些地址。Azure reserves some IP addresses within each subnet, and these addresses can't be used. 子网的第一个和最后一个 IP 地址仅为协议一致性而保留,其他三个地址用于 Azure 服务。The first and last IP addresses of the subnets are reserved for protocol conformance, along with three more addresses used for Azure services. 有关详细信息,请参阅使用这些子网中的 IP 地址是否有任何限制?For more information, see Are there any restrictions on using IP addresses within these subnets?

除了 Azure VNET 基础结构使用的 IP 地址以外,子网中的每个 Redis 实例为每个群集分片使用两个 IP 地址(加上附加副本的附加 IP 地址(如果有)),为负载均衡器使用一个额外的 IP 地址。In addition to the IP addresses used by the Azure VNET infrastructure, each Redis instance in the subnet uses two IP addresses per cluster shard (plus additional IP addresses for additional replicas, if any) and one additional IP address for the load balancer. 非群集缓存被视为包含一个分片。A non-clustered cache is considered to have one shard.

在 VNET 中托管缓存时,是否可以使用所有缓存功能?Do all cache features work when hosting a cache in a VNET?

如果缓存是 VNET 的一部分,则只有 VNET 中的客户端可以访问缓存。When your cache is part of a VNET, only clients in the VNET can access the cache. 因此,以下缓存管理功能目前不起作用。As a result, the following cache management features don't work at this time.

  • Redis 控制台 - 由于 Redis 控制台在本地浏览器(通常在未连接到 VNET 的开发人员计算机上)中运行,因此它无法连接到你的缓存。Redis Console - Because Redis Console runs in your local browser, which is usually on a developer machine that is not connected to the VNET, it cannot then connect to your cache.

将 ExpressRoute 与 Azure Redis 缓存配合使用Use ExpressRoute with Azure Cache for Redis

客户可以将 Azure ExpressRoute 线路连接到虚拟网络基础结构,从而将其本地网络扩展到 Azure。Customers can connect an Azure ExpressRoute circuit to their virtual network infrastructure, thus extending their on-premises network to Azure.

默认情况下,新创建的 ExpressRoute 线路不会在 VNET 上执行强制隧道(默认路由播发,0.0.0.0/0)。By default, a newly created ExpressRoute circuit does not perform forced tunneling (advertisement of a default route, 0.0.0.0/0) on a VNET. 因此,出站 Internet 连接可以直接来自 VNET,而客户端应用程序能够连接到其他 Azure 终结点(包括 Azure Redis 缓存)。As a result, outbound Internet connectivity is allowed directly from the VNET and client applications are able to connect to other Azure endpoints including Azure Cache for Redis.

但是,常见的客户配置是使用强制隧道(播发默认路由),以强制出站 Internet 流量改为流向本地。However, a common customer configuration is to use forced tunneling (advertise a default route) which forces outbound Internet traffic to instead flow on-premises. 如果接下来出站流量在本地遭到阻止,此流量将断开与 Azure Redis 缓存的连接,这样 Azure Redis 缓存实例将无法与其依赖项通信。This traffic flow breaks connectivity with Azure Cache for Redis if the outbound traffic is then blocked on-premises such that the Azure Cache for Redis instance is not able to communicate with its dependencies.

解决方法是在包含 Azure Redis 缓存的子网上定义一个(或多个)用户定义的路由 (UDR)。The solution is to define one (or more) user-defined routes (UDRs) on the subnet that contains the Azure Cache for Redis. UDR 定义了要遵循的子网特定路由,而不是默认路由。A UDR defines subnet-specific routes that will be honored instead of the default route.

如果可能,建议使用以下配置:If possible, it is recommended to use the following configuration:

  • ExpressRoute 配置播发 0.0.0.0/0 并默认使用强制隧道将所有输出流量发送到本地。The ExpressRoute configuration advertises 0.0.0.0/0 and by default force tunnels all outbound traffic on-premises.
  • 已应用到包含 Azure Redis 缓存的子网的 UDR 使用公共 Internet 的 TCP/IP 流量工作路由来定义 0.0.0.0/0;例如,可以将下一跃点类型设置为“Internet”。The UDR applied to the subnet containing the Azure Cache for Redis defines 0.0.0.0/0 with a working route for TCP/IP traffic to the public internet; for example by setting the next hop type to 'Internet'.

这些步骤的组合效应是子网级 UDR 优先于 ExpressRoute 强制隧道,因此可确保来自 Azure Redis 缓存的出站 Internet 访问。The combined effect of these steps is that the subnet level UDR takes precedence over the ExpressRoute forced tunneling, thus ensuring outbound Internet access from the Azure Cache for Redis.

由于性能原因,从本地应用程序使用 ExpressRoute 连接到 Azure Redis 缓存实例不是典型使用方案(为了获得最佳性能,Azure Redis 缓存客户端应与 Azure Redis 缓存位于同一区域中)。Connecting to an Azure Cache for Redis instance from an on-premises application using ExpressRoute is not a typical usage scenario due to performance reasons (for best performance Azure Cache for Redis clients should be in the same region as the Azure Cache for Redis).

重要

UDR 中定义的路由 必须 足够明确,以便优先于 ExpressRoute 配置所播发的任何路由。The routes defined in a UDR must be specific enough to take precedence over any routes advertised by the ExpressRoute configuration. 以下示例使用广泛 0.0.0.0/0 地址范围,因此使用更明确的地址范围,有可能意外地被路由播发重写。The following example uses the broad 0.0.0.0/0 address range, and as such can potentially be accidentally overridden by route advertisements using more specific address ranges.

警告

从公共对等路径到专用对等路径未正确交叉播发路由 的 ExpressRoute 配置不支持 Azure Redis 缓存。Azure Cache for Redis is not supported with ExpressRoute configurations that incorrectly cross-advertise routes from the public peering path to the private peering path. 已配置公共对等互连的 ExpressRoute 配置收到来自 Microsoft 的大量 Microsoft Azure IP 地址范围的路由播发。ExpressRoute configurations that have public peering configured, receive route advertisements from Microsoft for a large set of Azure IP address ranges. 如果这些地址范围在专用对等路径上未正确交叉播发,则结果是来自 Azure Redis 缓存实例子网的所有出站网络数据包都不会正确地使用强制隧道发送到客户的本地网络基础结构。If these address ranges are incorrectly cross-advertised on the private peering path, the result is that all outbound network packets from the Azure Cache for Redis instance's subnet are incorrectly force-tunneled to a customer's on-premises network infrastructure. 此网络流会破坏 Azure Redis 缓存。This network flow breaks Azure Cache for Redis. 此问题的解决方法是停止从公共对等路径到专用对等路径的交叉播发路由。The solution to this problem is to stop cross-advertising routes from the public peering path to the private peering path.

有关用户定义路由的背景信息,请参阅此概述Background information on user-defined routes is available in this overview.

有关 ExpressRoute 的详细信息,请参阅 ExpressRoute 技术概述For more information about ExpressRoute, see ExpressRoute technical overview.

后续步骤Next steps

了解有关 Azure Cache for Redis 功能的详细信息。Learn more about Azure Cache for Redis features.