Azure SQL 托管实例的连接体系结构Connectivity architecture for Azure SQL Managed Instance

适用于:是Azure SQL 托管实例 APPLIES TO: yesAzure SQL Managed Instance

本文介绍 Azure SQL 托管实例中的通信。This article explains communication in Azure SQL Managed Instance. 此外还将介绍连接体系结构,以及组件将流量定向到托管实例的方式。It also describes connectivity architecture and how the components direct traffic to a managed instance.

SQL 托管实例位于 Azure 虚拟网络和托管实例专用子网中。SQL Managed Instance is placed inside the Azure virtual network and the subnet that's dedicated to managed instances. 此部署提供:This deployment provides:

  • 安全的专用 IP 地址。A secure private IP address.
  • 将本地网络连接到 SQL 托管实例的能力。The ability to connect an on-premises network to SQL Managed Instance.
  • 将 SQL 托管实例连接到链接服务器或其他本地数据存储的能力。The ability to connect SQL Managed Instance to a linked server or another on-premises data store.
  • 将 SQL 托管实例连接到 Azure 资源的能力。The ability to connect SQL Managed Instance to Azure resources.

通信概述Communication overview

下图显示了连接到 SQL 托管实例的实体。The following diagram shows entities that connect to SQL Managed Instance. 它还显示了需要与托管实例通信的资源。It also shows the resources that need to communicate with a managed instance. 关系图底部的通信过程表示作为数据源连接到 SQL 托管实例的客户应用程序和工具。The communication process at the bottom of the diagram represents customer applications and tools that connect to SQL Managed Instance as data sources.

连接体系结构中的实体

SQL 托管实例是一种平台即服务 (PaaS) 产品。SQL Managed Instance is a platform as a service (PaaS) offering. Azure 使用自动化代理(管理、部署和维护)基于遥测数据流管理此服务。Azure uses automated agents (management, deployment, and maintenance) to manage this service based on telemetry data streams. 由于管理工作由 Azure 负责,客户无法通过远程桌面协议 (RDP) 访问 SQL 托管实例的虚拟群集计算机。Because Azure is responsible for management, customers can't access the SQL Managed Instance virtual cluster machines through Remote Desktop Protocol (RDP).

某些由最终用户或应用程序发起的操作可能需要 SQL 托管实例来与平台进行交互。Some operations started by end users or applications might require SQL Managed Instance to interact with the platform. 一种情况是创建 SQL 托管实例数据库。One case is the creation of a SQL Managed Instance database. 此资源是通过 Azure 门户、PowerShell、Azure CLI 和 REST API 公开的。This resource is exposed through the Azure portal, PowerShell, Azure CLI, and the REST API.

SQL 托管实例依赖于 Azure 服务,例如用于备份的 Azure 存储、用于遥测的 Azure 事件中心、用于身份验证的 Azure Active Directory (Azure AD)、用于透明数据加密 (TDE) 的 Azure Key Vault,以及提供安全性和可支持性功能的几项 Azure 平台服务。SQL Managed Instance depends on Azure services such as Azure Storage for backups, Azure Event Hubs for telemetry, Azure Active Directory (Azure AD) for authentication, Azure Key Vault for Transparent Data Encryption (TDE), and a couple of Azure platform services that provide security and supportability features. SQL 托管实例与这些服务建立连接。SQL Managed Instance makes connections to these services.

所有通信都使用证书进行加密和签名。All communications are encrypted and signed using certificates. 为了检查通信方的可信度,SQL 托管实例会通过证书吊销列表不断验证这些证书。To check the trustworthiness of communicating parties, SQL Managed Instance constantly verifies these certificates through certificate revocation lists. 如果证书被吊销,SQL 托管实例将关闭连接以保护数据。If the certificates are revoked, SQL Managed Instance closes the connections to protect the data.

高级连接体系结构High-level connectivity architecture

在较高级别,SQL 托管实例是一组服务组件。At a high level, SQL Managed Instance is a set of service components. 这些组件托管在客户虚拟网络子网中运行的一组专用隔离虚拟机上。These components are hosted on a dedicated set of isolated virtual machines that run inside the customer's virtual network subnet. 这些计算机构成了虚拟群集。These machines form a virtual cluster.

一个虚拟群集可以承载多个托管实例。A virtual cluster can host multiple managed instances. 当客户更改子网中预配的实例数时,群集可根据需要自动扩展或收缩。If needed, the cluster automatically expands or contracts when the customer changes the number of provisioned instances in the subnet.

客户应用程序可连接到 SQL 托管实例,还可查询和更新虚拟网络、对等虚拟网络或通过 VPN 或 Azure ExpressRoute 连接的网络中的数据库。Customer applications can connect to SQL Managed Instance and can query and update databases inside the virtual network, peered virtual network, or network connected by VPN or Azure ExpressRoute. 此网络必须使用一个终结点和一个专用 IP 地址。This network must use an endpoint and a private IP address.

连接体系结构示意图

Azure 管理和部署服务在虚拟网络外部运行。Azure management and deployment services run outside the virtual network. SQL 托管实例和 Azure 服务通过采用公共 IP 地址的终结点进行连接。SQL Managed Instance and Azure services connect over the endpoints that have public IP addresses. 当 SQL 托管实例创建出站连接时,在接收端,网络地址转换 (NAT) 使该连接看起来像来自此公共 IP 地址的连接。When SQL Managed Instance creates an outbound connection, on the receiving end Network Address Translation (NAT) makes the connection look like it's coming from this public IP address.

管理流量通过客户的虚拟网络传送。Management traffic flows through the customer's virtual network. 这意味着,虚拟网络基础结构的要素可能会使实例发生故障并变得不可用,从而对管理流量造成不利影响。That means that elements of the virtual network's infrastructure can harm management traffic by making the instance fail and become unavailable.

重要

为改善客户体验和服务可用性,Azure 会针对 Azure 虚拟网络基础结构要素应用网络意向策略。To improve customer experience and service availability, Azure applies a network intent policy on Azure virtual network infrastructure elements. 该策略可影响 SQL 托管实例的工作方式。The policy can affect how SQL Managed Instance works. 此平台机制以透明方式向用户传达网络要求。This platform mechanism transparently communicates networking requirements to users. 该策略的主要目的是防止网络配置不当,并确保 SQL 托管实例正常运行。The policy's main goal is to prevent network misconfiguration and to ensure normal SQL Managed Instance operations. 删除某个托管实例时,会一并删除网络意向策略。When you delete a managed instance, the network intent policy is also removed.

虚拟群集连接体系结构Virtual cluster connectivity architecture

让我们更深入地了解 SQL 托管实例的连接体系结构。Let's take a deeper dive into connectivity architecture for SQL Managed Instance. 以下关系图演示了虚拟群集的概念布局。The following diagram shows the conceptual layout of the virtual cluster.

虚拟群集的连接体系结构

客户端使用 <mi_name>.<dns_zone>.database.chinacloudapi.cn 格式的主机名连接到 SQL 托管实例。Clients connect to SQL Managed Instance by using a host name that has the form <mi_name>.<dns_zone>.database.chinacloudapi.cn. 此主机名将解析为专用 IP 地址,不过它将在公共域名系统 (DNS) 区域中注册,且可公开解析。This host name resolves to a private IP address, although it's registered in a public Domain Name System (DNS) zone and is publicly resolvable. zone-id 是创建群集时自动生成的。The zone-id is automatically generated when you create the cluster. 如果新创建的群集托管辅助托管实例,它会将其区域 ID 与主群集共享。If a newly created cluster hosts a secondary managed instance, it shares its zone ID with the primary cluster. 有关详细信息,请参阅使用自动故障转移组可以实现多个数据库的透明、协调式故障转移For more information, see Use auto failover groups to enable transparent and coordinated failover of multiple databases.

此专用 IP 地址属于 SQL 托管实例的内部负载均衡器。This private IP address belongs to the internal load balancer for SQL Managed Instance. 该负载均衡器将流量定向到 SQL 托管实例网关。The load balancer directs traffic to the SQL Managed Instance gateway. 由于多个托管实例可在同一群集中运行,因此网关使用 SQL 托管实例主机名来将流量重新定向到正确的 SQL 引擎服务。Because multiple managed instances can run inside the same cluster, the gateway uses the SQL Managed Instance host name to redirect traffic to the correct SQL engine service.

管理和部署服务使用映射到外部负载均衡器的管理终结点连接到 SQL 托管实例。Management and deployment services connect to SQL Managed Instance by using a management endpoint that maps to an external load balancer. 只有在仅由 SQL 托管实例的管理组件使用的预定义端口上接收到流量时,才会将流量路由到节点。Traffic is routed to the nodes only if it's received on a predefined set of ports that only the management components of SQL Managed Instance use. 节点上的内置防火墙设置为只允许来自 Azure IP 范围的流量。A built-in firewall on the nodes is set up to allow traffic only from Azure IP ranges. 证书将对管理组件与管理平面之间的所有通信进行相互身份验证。Certificates mutually authenticate all communication between management components and the management plane.

管理终结点Management endpoint

Azure 使用一个管理终结点来管理 SQL 托管实例。Azure manages SQL Managed Instance by using a management endpoint. 此终结点位于该实例的虚拟群集内部。This endpoint is inside an instance's virtual cluster. 管理终结点在网络级别受到内置防火墙的保护。The management endpoint is protected by a built-in firewall on the network level. 在应用程序级别,管理终结点受到证书相互验证的保护。On the application level, it's protected by mutual certificate verification. 若要查找终结点的 IP 地址,请参阅确定管理终结点的 IP 地址To find the endpoint's IP address, see Determine the management endpoint's IP address.

在 SQL 托管实例内开始连接时(与备份和审核日志一样),流量似乎从管理终结点的公共 IP 地址开始。When connections start inside SQL Managed Instance (as with backups and audit logs), traffic appears to start from the management endpoint's public IP address. 可通过将防火墙规则设置为只允许 SQL 托管实例的 IP 地址,来限制从 SQL 托管实例访问公共服务。You can limit access to public services from SQL Managed Instance by setting firewall rules to allow only the IP address for SQL Managed Instance. 有关详细信息,请参阅验证 SQL 托管实例的内置防火墙For more information, see Verify the SQL Managed Instance built-in firewall.

备注

发往 SQL 托管实例所在区域中的 Azure 服务的流量经过优化,因此不会通过 NAT 转换为管理终结点公共 IP 地址。Traffic that goes to Azure services that are inside the SQL Managed Instance region is optimized and for that reason not NATed to the public IP address for the management endpoint. 因此,如果需要使用基于 IP 的防火墙规则(往往用于存储),服务需要与 SQL 托管实例位于不同的区域中。For that reason if you need to use IP-based firewall rules, most commonly for storage, the service needs to be in a different region from SQL Managed Instance.

服务辅助的子网配置Service-aided subnet configuration

为了满足客户的安全性和管理性要求,SQL 托管实例即将从手动配置转换为服务辅助的子网配置。To address customer security and manageability requirements, SQL Managed Instance is transitioning from manual to service-aided subnet configuration.

使用服务辅助的子网配置时,用户可完全控制数据 (TDS) 流量,而 SQL 托管实例将负责确保管理流量不间断流动,以满足 SLA 的规定。With service-aided subnet configuration, the user is in full control of data (TDS) traffic, while SQL Managed Instance takes responsibility to ensure uninterrupted flow of management traffic in order to fulfill an SLA.

服务辅助子网配置以虚拟网络子网委派功能为基础,可提供自动网络配置管理和启用服务终结点。Service-aided subnet configuration builds on top of the virtual network subnet delegation feature to provide automatic network configuration management and enable service endpoints. 服务终结点可用于对保存备份和审核日志的存储帐户配置虚拟网络防火墙规则。Service endpoints could be used to configure virtual network firewall rules on storage accounts that keep backups and audit logs.

网络要求Network requirements

在虚拟网络中的专用子网内部署 SQL 托管实例。Deploy SQL Managed Instance in a dedicated subnet inside the virtual network. 该子网必须具有以下特征:The subnet must have these characteristics:

  • 专用子网: SQL 托管实例的子网不能包含其他任何关联的云服务,且不能是网关子网。Dedicated subnet: The SQL Managed Instance subnet can't contain any other cloud service that's associated with it, and it can't be a gateway subnet. 该子网不能包含除该 SQL 托管实例以外的其他任何资源,你之后也无法在该子网中添加其他类型的资源。The subnet can't contain any resource but SQL Managed Instance, and you can't later add other types of resources in the subnet.
  • 子网委派:需要将 SQL 托管实例的子网委托给 Microsoft.Sql/managedInstances 资源提供程序。Subnet delegation: The SQL Managed Instance subnet needs to be delegated to the Microsoft.Sql/managedInstances resource provider.
  • 网络安全组 (NSG) :NSG 需与 SQL 托管实例的子网相关联。Network security group (NSG): An NSG needs to be associated with the SQL Managed Instance subnet. 当 SQL 托管实例配置为使用重定向连接时,可使用某个 NSG 通过筛选端口 1433 和端口 11000-11999 上的流量,来控制对 SQL 托管实例数据终结点的访问。You can use an NSG to control access to the SQL Managed Instance data endpoint by filtering traffic on port 1433 and ports 11000-11999 when SQL Managed Instance is configured for redirect connections. 该服务会自动预配并保留当前的规则,使管理流量能够不间断地流动。The service will automatically provision and keep current rules required to allow uninterrupted flow of management traffic.
  • 用户定义的路由 (UDR) 表: UDR 表需与 SQL 托管实例的子网相关联。User defined route (UDR) table: A UDR table needs to be associated with the SQL Managed Instance subnet. 可将条目添加到路由表,以通过虚拟网络网关或虚拟网络设备 (NVA) 路由发往本地专用 IP 范围的流量。You can add entries to the route table to route traffic that has on-premises private IP ranges as a destination through the virtual network gateway or virtual network appliance (NVA). 服务会自动预配并保留当前的条目,使管理流量能够不间断地流动。Service will automatically provision and keep current entries required to allow uninterrupted flow of management traffic.
  • 足够的 IP 地址: SQL 托管实例子网必须至少有 16 个 IP 地址。Sufficient IP addresses: The SQL Managed Instance subnet must have at least 16 IP addresses. 建议的最少数目为 32 个 IP 地址。The recommended minimum is 32 IP addresses. 有关详细信息,请参阅确定 SQL 托管实例的子网大小For more information, see Determine the size of the subnet for SQL Managed Instance. 根据 SQL 托管实例的网络要求配置托管实例后,可将其部署在现有网络中。You can deploy managed instances in the existing network after you configure it to satisfy the networking requirements for SQL Managed Instance. 否则,请创建新的网络和子网Otherwise, create a new network and subnet.

重要

创建托管实例时,将在子网上应用网络意图策略,以防止对网络设置进行不符合标准的更改。When you create a managed instance, a network intent policy is applied on the subnet to prevent noncompliant changes to networking setup. 从子网中删除最后一个实例后,也将删除网络意图策略。After the last instance is removed from the subnet, the network intent policy is also removed.

采用服务辅助子网配置的必需入站安全规则Mandatory inbound security rules with service-aided subnet configuration

名称Name 端口Port 协议Protocol SourceSource 目标Destination 操作Action
管理management 9000、9003、1438、1440、14529000, 9003, 1438, 1440, 1452 TCPTCP SqlManagementSqlManagement MI SUBNETMI SUBNET 允许Allow
9000、90039000, 9003 TCPTCP CorpnetSawCorpnetSaw MI SUBNETMI SUBNET 允许Allow
9000、90039000, 9003 TCPTCP CorpnetPublicCorpnetPublic MI SUBNETMI SUBNET 允许Allow
mi_subnetmi_subnet 任意Any 任意Any MI SUBNETMI SUBNET MI SUBNETMI SUBNET 允许Allow
health_probehealth_probe 任意Any 任意Any AzureLoadBalancerAzureLoadBalancer MI SUBNETMI SUBNET 允许Allow

采用服务辅助子网配置的必需出站安全规则Mandatory outbound security rules with service-aided subnet configuration

名称Name 端口Port 协议Protocol SourceSource 目标Destination 操作Action
管理management 443、12000443, 12000 TCPTCP MI SUBNETMI SUBNET AzureCloudAzureCloud 允许Allow
mi_subnetmi_subnet 任意Any 任意Any MI SUBNETMI SUBNET MI SUBNETMI SUBNET 允许Allow

采用服务辅助子网配置的用户定义的路由User defined routes with service-aided subnet configuration

名称Name 地址前缀Address prefix 下一跃点Next hop
subnet-to-vnetlocalsubnet-to-vnetlocal MI SUBNETMI SUBNET 虚拟网络Virtual network
mi-13-64-11-nexthop-internetmi-13-64-11-nexthop-internet 13.64.0.0/1113.64.0.0/11 InternetInternet
mi-13-104-14-nexthop-internetmi-13-104-14-nexthop-internet 13.104.0.0/1413.104.0.0/14 InternetInternet
mi-20-33-16-nexthop-internetmi-20-33-16-nexthop-internet 20.33.0.0/1620.33.0.0/16 InternetInternet
mi-20-34-15-nexthop-internetmi-20-34-15-nexthop-internet 20.34.0.0/1520.34.0.0/15 InternetInternet
mi-20-36-14-nexthop-internetmi-20-36-14-nexthop-internet 20.36.0.0/1420.36.0.0/14 InternetInternet
mi-20-40-13-nexthop-internetmi-20-40-13-nexthop-internet 20.40.0.0/1320.40.0.0/13 InternetInternet
mi-20-48-12-nexthop-internetmi-20-48-12-nexthop-internet 20.48.0.0/1220.48.0.0/12 InternetInternet
mi-20-64-10-nexthop-internetmi-20-64-10-nexthop-internet 20.64.0.0/1020.64.0.0/10 InternetInternet
mi-20-128-16-nexthop-internetmi-20-128-16-nexthop-internet 20.128.0.0/1620.128.0.0/16 InternetInternet
mi-20-135-16-nexthop-internetmi-20-135-16-nexthop-internet 20.135.0.0/1620.135.0.0/16 InternetInternet
mi-20-136-16-nexthop-internetmi-20-136-16-nexthop-internet 20.136.0.0/1620.136.0.0/16 InternetInternet
mi-20-140-15-nexthop-internetmi-20-140-15-nexthop-internet 20.140.0.0/1520.140.0.0/15 InternetInternet
mi-20-143-16-nexthop-internetmi-20-143-16-nexthop-internet 20.143.0.0/1620.143.0.0/16 InternetInternet
mi-20-144-14-nexthop-internetmi-20-144-14-nexthop-internet 20.144.0.0/1420.144.0.0/14 InternetInternet
mi-20-150-15-nexthop-internetmi-20-150-15-nexthop-internet 20.150.0.0/1520.150.0.0/15 InternetInternet
mi-20-160-12-nexthop-internetmi-20-160-12-nexthop-internet 20.160.0.0/1220.160.0.0/12 InternetInternet
mi-20-176-14-nexthop-internetmi-20-176-14-nexthop-internet 20.176.0.0/1420.176.0.0/14 InternetInternet
mi-20-180-14-nexthop-internetmi-20-180-14-nexthop-internet 20.180.0.0/1420.180.0.0/14 InternetInternet
mi-20-184-13-nexthop-internetmi-20-184-13-nexthop-internet 20.184.0.0/1320.184.0.0/13 InternetInternet
mi-20-192-10-nexthop-internetmi-20-192-10-nexthop-internet 20.192.0.0/1020.192.0.0/10 InternetInternet
mi-40-64-10-nexthop-internetmi-40-64-10-nexthop-internet 40.64.0.0/1040.64.0.0/10 InternetInternet
mi-51-4-15-nexthop-internetmi-51-4-15-nexthop-internet 51.4.0.0/1551.4.0.0/15 InternetInternet
mi-51-8-16-nexthop-internetmi-51-8-16-nexthop-internet 51.8.0.0/1651.8.0.0/16 InternetInternet
mi-51-10-15-nexthop-internetmi-51-10-15-nexthop-internet 51.10.0.0/1551.10.0.0/15 InternetInternet
mi-51-18-16-nexthop-internetmi-51-18-16-nexthop-internet 51.18.0.0/1651.18.0.0/16 InternetInternet
mi-51-51-16-nexthop-internetmi-51-51-16-nexthop-internet 51.51.0.0/1651.51.0.0/16 InternetInternet
mi-51-53-16-nexthop-internetmi-51-53-16-nexthop-internet 51.53.0.0/1651.53.0.0/16 InternetInternet
mi-51-103-16-nexthop-internetmi-51-103-16-nexthop-internet 51.103.0.0/1651.103.0.0/16 InternetInternet
mi-51-104-15-nexthop-internetmi-51-104-15-nexthop-internet 51.104.0.0/1551.104.0.0/15 InternetInternet
mi-51-132-16-nexthop-internetmi-51-132-16-nexthop-internet 51.132.0.0/1651.132.0.0/16 InternetInternet
mi-51-136-15-nexthop-internetmi-51-136-15-nexthop-internet 51.136.0.0/1551.136.0.0/15 InternetInternet
mi-51-138-16-nexthop-internetmi-51-138-16-nexthop-internet 51.138.0.0/1651.138.0.0/16 InternetInternet
mi-51-140-14-nexthop-internetmi-51-140-14-nexthop-internet 51.140.0.0/1451.140.0.0/14 InternetInternet
mi-51-144-15-nexthop-internetmi-51-144-15-nexthop-internet 51.144.0.0/1551.144.0.0/15 InternetInternet
mi-52-96-12-nexthop-internetmi-52-96-12-nexthop-internet 52.96.0.0/1252.96.0.0/12 InternetInternet
mi-52-112-14-nexthop-internetmi-52-112-14-nexthop-internet 52.112.0.0/1452.112.0.0/14 InternetInternet
mi-52-125-16-nexthop-internetmi-52-125-16-nexthop-internet 52.125.0.0/1652.125.0.0/16 InternetInternet
mi-52-126-15-nexthop-internetmi-52-126-15-nexthop-internet 52.126.0.0/1552.126.0.0/15 InternetInternet
mi-52-130-15-nexthop-internetmi-52-130-15-nexthop-internet 52.130.0.0/1552.130.0.0/15 InternetInternet
mi-52-132-14-nexthop-internetmi-52-132-14-nexthop-internet 52.132.0.0/1452.132.0.0/14 InternetInternet
mi-52-136-13-nexthop-internetmi-52-136-13-nexthop-internet 52.136.0.0/1352.136.0.0/13 InternetInternet
mi-52-145-16-nexthop-internetmi-52-145-16-nexthop-internet 52.145.0.0/1652.145.0.0/16 InternetInternet
mi-52-146-15-nexthop-internetmi-52-146-15-nexthop-internet 52.146.0.0/1552.146.0.0/15 InternetInternet
mi-52-148-14-nexthop-internetmi-52-148-14-nexthop-internet 52.148.0.0/1452.148.0.0/14 InternetInternet
mi-52-152-13-nexthop-internetmi-52-152-13-nexthop-internet 52.152.0.0/1352.152.0.0/13 InternetInternet
mi-52-160-11-nexthop-internetmi-52-160-11-nexthop-internet 52.160.0.0/1152.160.0.0/11 InternetInternet
mi-52-224-11-nexthop-internetmi-52-224-11-nexthop-internet 52.224.0.0/1152.224.0.0/11 InternetInternet
mi-64-4-18-nexthop-internetmi-64-4-18-nexthop-internet 64.4.0.0/1864.4.0.0/18 InternetInternet
mi-65-52-14-nexthop-internetmi-65-52-14-nexthop-internet 65.52.0.0/1465.52.0.0/14 InternetInternet
mi-66-119-144-20-nexthop-internetmi-66-119-144-20-nexthop-internet 66.119.144.0/2066.119.144.0/20 InternetInternet
mi-70-37-17-nexthop-internetmi-70-37-17-nexthop-internet 70.37.0.0/1770.37.0.0/17 InternetInternet
mi-70-37-128-18-nexthop-internetmi-70-37-128-18-nexthop-internet 70.37.128.0/1870.37.128.0/18 InternetInternet
mi-91-190-216-21-nexthop-internetmi-91-190-216-21-nexthop-internet 91.190.216.0/2191.190.216.0/21 InternetInternet
mi-94-245-64-18-nexthop-internetmi-94-245-64-18-nexthop-internet 94.245.64.0/1894.245.64.0/18 InternetInternet
mi-103-9-8-22-nexthop-internetmi-103-9-8-22-nexthop-internet 103.9.8.0/22103.9.8.0/22 InternetInternet
mi-103-25-156-24-nexthop-internetmi-103-25-156-24-nexthop-internet 103.25.156.0/24103.25.156.0/24 InternetInternet
mi-103-25-157-24-nexthop-internetmi-103-25-157-24-nexthop-internet 103.25.157.0/24103.25.157.0/24 InternetInternet
mi-103-25-158-23-nexthop-internetmi-103-25-158-23-nexthop-internet 103.25.158.0/23103.25.158.0/23 InternetInternet
mi-103-36-96-22-nexthop-internetmi-103-36-96-22-nexthop-internet 103.36.96.0/22103.36.96.0/22 InternetInternet
mi-103-255-140-22-nexthop-internetmi-103-255-140-22-nexthop-internet 103.255.140.0/22103.255.140.0/22 InternetInternet
mi-104-40-13-nexthop-internetmi-104-40-13-nexthop-internet 104.40.0.0/13104.40.0.0/13 InternetInternet
mi-104-146-15-nexthop-internetmi-104-146-15-nexthop-internet 104.146.0.0/15104.146.0.0/15 InternetInternet
mi-104-208-13-nexthop-internetmi-104-208-13-nexthop-internet 104.208.0.0/13104.208.0.0/13 InternetInternet
mi-111-221-16-20-nexthop-internetmi-111-221-16-20-nexthop-internet 111.221.16.0/20111.221.16.0/20 InternetInternet
mi-111-221-64-18-nexthop-internetmi-111-221-64-18-nexthop-internet 111.221.64.0/18111.221.64.0/18 InternetInternet
mi-129-75-16-nexthop-internetmi-129-75-16-nexthop-internet 129.75.0.0/16129.75.0.0/16 InternetInternet
mi-131-107-16-nexthop-internetmi-131-107-16-nexthop-internet 131.107.0.0/16131.107.0.0/16 InternetInternet
mi-131-253-1-24-nexthop-internetmi-131-253-1-24-nexthop-internet 131.253.1.0/24131.253.1.0/24 InternetInternet
mi-131-253-3-24-nexthop-internetmi-131-253-3-24-nexthop-internet 131.253.3.0/24131.253.3.0/24 InternetInternet
mi-131-253-5-24-nexthop-internetmi-131-253-5-24-nexthop-internet 131.253.5.0/24131.253.5.0/24 InternetInternet
mi-131-253-6-24-nexthop-internetmi-131-253-6-24-nexthop-internet 131.253.6.0/24131.253.6.0/24 InternetInternet
mi-131-253-8-24-nexthop-internetmi-131-253-8-24-nexthop-internet 131.253.8.0/24131.253.8.0/24 InternetInternet
mi-131-253-12-22-nexthop-internetmi-131-253-12-22-nexthop-internet 131.253.12.0/22131.253.12.0/22 InternetInternet
mi-131-253-16-23-nexthop-internetmi-131-253-16-23-nexthop-internet 131.253.16.0/23131.253.16.0/23 InternetInternet
mi-131-253-18-24-nexthop-internetmi-131-253-18-24-nexthop-internet 131.253.18.0/24131.253.18.0/24 InternetInternet
mi-131-253-21-24-nexthop-internetmi-131-253-21-24-nexthop-internet 131.253.21.0/24131.253.21.0/24 InternetInternet
mi-131-253-22-23-nexthop-internetmi-131-253-22-23-nexthop-internet 131.253.22.0/23131.253.22.0/23 InternetInternet
mi-131-253-24-21-nexthop-internetmi-131-253-24-21-nexthop-internet 131.253.24.0/21131.253.24.0/21 InternetInternet
mi-131-253-32-20-nexthop-internetmi-131-253-32-20-nexthop-internet 131.253.32.0/20131.253.32.0/20 InternetInternet
mi-131-253-61-24-nexthop-internetmi-131-253-61-24-nexthop-internet 131.253.61.0/24131.253.61.0/24 InternetInternet
mi-131-253-62-23-nexthop-internetmi-131-253-62-23-nexthop-internet 131.253.62.0/23131.253.62.0/23 InternetInternet
mi-131-253-64-18-nexthop-internetmi-131-253-64-18-nexthop-internet 131.253.64.0/18131.253.64.0/18 InternetInternet
mi-131-253-128-17-nexthop-internetmi-131-253-128-17-nexthop-internet 131.253.128.0/17131.253.128.0/17 InternetInternet
mi-132-245-16-nexthop-internetmi-132-245-16-nexthop-internet 132.245.0.0/16132.245.0.0/16 InternetInternet
mi-134-170-16-nexthop-internetmi-134-170-16-nexthop-internet 134.170.0.0/16134.170.0.0/16 InternetInternet
mi-134-177-16-nexthop-internetmi-134-177-16-nexthop-internet 134.177.0.0/16134.177.0.0/16 InternetInternet
mi-137-116-15-nexthop-internetmi-137-116-15-nexthop-internet 137.116.0.0/15137.116.0.0/15 InternetInternet
mi-137-135-16-nexthop-internetmi-137-135-16-nexthop-internet 137.135.0.0/16137.135.0.0/16 InternetInternet
mi-138-91-16-nexthop-internetmi-138-91-16-nexthop-internet 138.91.0.0/16138.91.0.0/16 InternetInternet
mi-138-196-16-nexthop-internetmi-138-196-16-nexthop-internet 138.196.0.0/16138.196.0.0/16 InternetInternet
mi-139-217-16-nexthop-internetmi-139-217-16-nexthop-internet 139.217.0.0/16139.217.0.0/16 InternetInternet
mi-139-219-16-nexthop-internetmi-139-219-16-nexthop-internet 139.219.0.0/16139.219.0.0/16 InternetInternet
mi-141-251-16-nexthop-internetmi-141-251-16-nexthop-internet 141.251.0.0/16141.251.0.0/16 InternetInternet
mi-146-147-16-nexthop-internetmi-146-147-16-nexthop-internet 146.147.0.0/16146.147.0.0/16 InternetInternet
mi-147-243-16-nexthop-internetmi-147-243-16-nexthop-internet 147.243.0.0/16147.243.0.0/16 InternetInternet
mi-150-171-16-nexthop-internetmi-150-171-16-nexthop-internet 150.171.0.0/16150.171.0.0/16 InternetInternet
mi-150-242-48-22-nexthop-internetmi-150-242-48-22-nexthop-internet 150.242.48.0/22150.242.48.0/22 InternetInternet
mi-157-54-15-nexthop-internetmi-157-54-15-nexthop-internet 157.54.0.0/15157.54.0.0/15 InternetInternet
mi-157-56-14-nexthop-internetmi-157-56-14-nexthop-internet 157.56.0.0/14157.56.0.0/14 InternetInternet
mi-157-60-16-nexthop-internetmi-157-60-16-nexthop-internet 157.60.0.0/16157.60.0.0/16 InternetInternet
mi-167-105-16-nexthop-internetmi-167-105-16-nexthop-internet 167.105.0.0/16167.105.0.0/16 InternetInternet
mi-167-220-16-nexthop-internetmi-167-220-16-nexthop-internet 167.220.0.0/16167.220.0.0/16 InternetInternet
mi-168-61-16-nexthop-internetmi-168-61-16-nexthop-internet 168.61.0.0/16168.61.0.0/16 InternetInternet
mi-168-62-15-nexthop-internetmi-168-62-15-nexthop-internet 168.62.0.0/15168.62.0.0/15 InternetInternet
mi-191-232-13-nexthop-internetmi-191-232-13-nexthop-internet 191.232.0.0/13191.232.0.0/13 InternetInternet
mi-192-32-16-nexthop-internetmi-192-32-16-nexthop-internet 192.32.0.0/16192.32.0.0/16 InternetInternet
mi-192-48-225-24-nexthop-internetmi-192-48-225-24-nexthop-internet 192.48.225.0/24192.48.225.0/24 InternetInternet
mi-192-84-159-24-nexthop-internetmi-192-84-159-24-nexthop-internet 192.84.159.0/24192.84.159.0/24 InternetInternet
mi-192-84-160-23-nexthop-internetmi-192-84-160-23-nexthop-internet 192.84.160.0/23192.84.160.0/23 InternetInternet
mi-192-197-157-24-nexthop-internetmi-192-197-157-24-nexthop-internet 192.197.157.0/24192.197.157.0/24 InternetInternet
mi-193-149-64-19-nexthop-internetmi-193-149-64-19-nexthop-internet 193.149.64.0/19193.149.64.0/19 InternetInternet
mi-193-221-113-24-nexthop-internetmi-193-221-113-24-nexthop-internet 193.221.113.0/24193.221.113.0/24 InternetInternet
mi-194-69-96-19-nexthop-internetmi-194-69-96-19-nexthop-internet 194.69.96.0/19194.69.96.0/19 InternetInternet
mi-194-110-197-24-nexthop-internetmi-194-110-197-24-nexthop-internet 194.110.197.0/24194.110.197.0/24 InternetInternet
mi-198-105-232-22-nexthop-internetmi-198-105-232-22-nexthop-internet 198.105.232.0/22198.105.232.0/22 InternetInternet
mi-198-200-130-24-nexthop-internetmi-198-200-130-24-nexthop-internet 198.200.130.0/24198.200.130.0/24 InternetInternet
mi-198-206-164-24-nexthop-internetmi-198-206-164-24-nexthop-internet 198.206.164.0/24198.206.164.0/24 InternetInternet
mi-199-60-28-24-nexthop-internetmi-199-60-28-24-nexthop-internet 199.60.28.0/24199.60.28.0/24 InternetInternet
mi-199-74-210-24-nexthop-internetmi-199-74-210-24-nexthop-internet 199.74.210.0/24199.74.210.0/24 InternetInternet
mi-199-103-90-23-nexthop-internetmi-199-103-90-23-nexthop-internet 199.103.90.0/23199.103.90.0/23 InternetInternet
mi-199-103-122-24-nexthop-internetmi-199-103-122-24-nexthop-internet 199.103.122.0/24199.103.122.0/24 InternetInternet
mi-199-242-32-20-nexthop-internetmi-199-242-32-20-nexthop-internet 199.242.32.0/20199.242.32.0/20 InternetInternet
mi-199-242-48-21-nexthop-internetmi-199-242-48-21-nexthop-internet 199.242.48.0/21199.242.48.0/21 InternetInternet
mi-202-89-224-20-nexthop-internetmi-202-89-224-20-nexthop-internet 202.89.224.0/20202.89.224.0/20 InternetInternet
mi-204-13-120-21-nexthop-internetmi-204-13-120-21-nexthop-internet 204.13.120.0/21204.13.120.0/21 InternetInternet
mi-204-14-180-22-nexthop-internetmi-204-14-180-22-nexthop-internet 204.14.180.0/22204.14.180.0/22 InternetInternet
mi-204-79-135-24-nexthop-internetmi-204-79-135-24-nexthop-internet 204.79.135.0/24204.79.135.0/24 InternetInternet
mi-204-79-179-24-nexthop-internetmi-204-79-179-24-nexthop-internet 204.79.179.0/24204.79.179.0/24 InternetInternet
mi-204-79-181-24-nexthop-internetmi-204-79-181-24-nexthop-internet 204.79.181.0/24204.79.181.0/24 InternetInternet
mi-204-79-188-24-nexthop-internetmi-204-79-188-24-nexthop-internet 204.79.188.0/24204.79.188.0/24 InternetInternet
mi-204-79-195-24-nexthop-internetmi-204-79-195-24-nexthop-internet 204.79.195.0/24204.79.195.0/24 InternetInternet
mi-204-79-196-23-nexthop-internetmi-204-79-196-23-nexthop-internet 204.79.196.0/23204.79.196.0/23 InternetInternet
mi-204-79-252-24-nexthop-internetmi-204-79-252-24-nexthop-internet 204.79.252.0/24204.79.252.0/24 InternetInternet
mi-204-152-18-23-nexthop-internetmi-204-152-18-23-nexthop-internet 204.152.18.0/23204.152.18.0/23 InternetInternet
mi-204-152-140-23-nexthop-internetmi-204-152-140-23-nexthop-internet 204.152.140.0/23204.152.140.0/23 InternetInternet
mi-204-231-192-24-nexthop-internetmi-204-231-192-24-nexthop-internet 204.231.192.0/24204.231.192.0/24 InternetInternet
mi-204-231-194-23-nexthop-internetmi-204-231-194-23-nexthop-internet 204.231.194.0/23204.231.194.0/23 InternetInternet
mi-204-231-197-24-nexthop-internetmi-204-231-197-24-nexthop-internet 204.231.197.0/24204.231.197.0/24 InternetInternet
mi-204-231-198-23-nexthop-internetmi-204-231-198-23-nexthop-internet 204.231.198.0/23204.231.198.0/23 InternetInternet
mi-204-231-200-21-nexthop-internetmi-204-231-200-21-nexthop-internet 204.231.200.0/21204.231.200.0/21 InternetInternet
mi-204-231-208-20-nexthop-internetmi-204-231-208-20-nexthop-internet 204.231.208.0/20204.231.208.0/20 InternetInternet
mi-204-231-236-24-nexthop-internetmi-204-231-236-24-nexthop-internet 204.231.236.0/24204.231.236.0/24 InternetInternet
mi-205-174-224-20-nexthop-internetmi-205-174-224-20-nexthop-internet 205.174.224.0/20205.174.224.0/20 InternetInternet
mi-206-138-168-21-nexthop-internetmi-206-138-168-21-nexthop-internet 206.138.168.0/21206.138.168.0/21 InternetInternet
mi-206-191-224-19-nexthop-internetmi-206-191-224-19-nexthop-internet 206.191.224.0/19206.191.224.0/19 InternetInternet
mi-207-46-16-nexthop-internetmi-207-46-16-nexthop-internet 207.46.0.0/16207.46.0.0/16 InternetInternet
mi-207-68-128-18-nexthop-internetmi-207-68-128-18-nexthop-internet 207.68.128.0/18207.68.128.0/18 InternetInternet
mi-208-68-136-21-nexthop-internetmi-208-68-136-21-nexthop-internet 208.68.136.0/21208.68.136.0/21 InternetInternet
mi-208-76-44-22-nexthop-internetmi-208-76-44-22-nexthop-internet 208.76.44.0/22208.76.44.0/22 InternetInternet
mi-208-84-21-nexthop-internetmi-208-84-21-nexthop-internet 208.84.0.0/21208.84.0.0/21 InternetInternet
mi-209-240-192-19-nexthop-internetmi-209-240-192-19-nexthop-internet 209.240.192.0/19209.240.192.0/19 InternetInternet
mi-213-199-128-18-nexthop-internetmi-213-199-128-18-nexthop-internet 213.199.128.0/18213.199.128.0/18 InternetInternet
mi-216-32-180-22-nexthop-internetmi-216-32-180-22-nexthop-internet 216.32.180.0/22216.32.180.0/22 InternetInternet
mi-216-220-208-20-nexthop-internetmi-216-220-208-20-nexthop-internet 216.220.208.0/20216.220.208.0/20 InternetInternet
mi-23-96-13-nexthop-internetmi-23-96-13-nexthop-internet 23.96.0.0/1323.96.0.0/13 InternetInternet
mi-42-159-16-nexthop-internetmi-42-159-16-nexthop-internet 42.159.0.0/1642.159.0.0/16 InternetInternet
mi-51-13-17-nexthop-internetmi-51-13-17-nexthop-internet 51.13.0.0/1751.13.0.0/17 InternetInternet
mi-51-107-16-nexthop-internetmi-51-107-16-nexthop-internet 51.107.0.0/1651.107.0.0/16 InternetInternet
mi-51-116-16-nexthop-internetmi-51-116-16-nexthop-internet 51.116.0.0/1651.116.0.0/16 InternetInternet
mi-51-120-16-nexthop-internetmi-51-120-16-nexthop-internet 51.120.0.0/1651.120.0.0/16 InternetInternet
mi-51-120-128-17-nexthop-internetmi-51-120-128-17-nexthop-internet 51.120.128.0/1751.120.128.0/17 InternetInternet
mi-51-124-16-nexthop-internetmi-51-124-16-nexthop-internet 51.124.0.0/1651.124.0.0/16 InternetInternet
mi-102-37-18-nexthop-internetmi-102-37-18-nexthop-internet 102.37.0.0/18102.37.0.0/18 InternetInternet
mi-102-133-16-nexthop-internetmi-102-133-16-nexthop-internet 102.133.0.0/16102.133.0.0/16 InternetInternet
mi-199-30-16-20-nexthop-internetmi-199-30-16-20-nexthop-internet 199.30.16.0/20199.30.16.0/20 InternetInternet
mi-204-79-180-24-nexthop-internetmi-204-79-180-24-nexthop-internet 204.79.180.0/24204.79.180.0/24 InternetInternet

* MI SUBNET 是指子网的 IP 地址范围,采用 x.x.x.x/y 格式。* MI SUBNET refers to the IP address range for the subnet in the form x.x.x.x/y. 可以在 Azure 门户的“子网属性”中找到此信息。You can find this information in the Azure portal, in subnet properties.

此外,还可以将条目添加到路由表,以通过虚拟网络网关或虚拟网络设备 (NVA) 路由发往本地专用 IP 范围的流量。In addition, you can add entries to the route table to route traffic that has on-premises private IP ranges as a destination through the virtual network gateway or virtual network appliance (NVA).

如果虚拟网络包含自定义 DNS,则自定义 DNS 服务器必须能够解析公共 DNS 记录。If the virtual network includes a custom DNS, the custom DNS server must be able to resolve public DNS records. 使用其他功能(例如 Azure AD 身份验证)可能需要解析其他 FQDN。Using additional features like Azure AD Authentication might require resolving additional FQDNs. 有关详细信息,请参阅设置自定义 DNSFor more information, see Set up a custom DNS.

网络约束Networking constraints

出站连接上会强制实施 TLS 1.2:2020 年 1 月,Microsoft 对所有 Azure 服务中的服务内流量强制实施了 TLS 1.2。TLS 1.2 is enforced on outbound connections: In January 2020 Microsoft enforced TLS 1.2 for intra-service traffic in all Azure services. 对于 Azure SQL 托管实例,这导致在用于复制的出站连接上和到 SQL Server 的链接服务器连接上强制实施了 TLS 1.2。For Azure SQL Managed Instance, this resulted in TLS 1.2 being enforced on outbound connections used for replication and linked server connections to SQL Server. 如果对 SQL 托管实例使用低于 2016 版的 SQL Server,请确保已应用特定于 TLS 1.2 的更新If you are using versions of SQL Server older than 2016 with SQL Managed Instance, please ensure that TLS 1.2 specific updates have been applied.

SQL 托管实例当前不支持以下虚拟网络功能:The following virtual network features are currently not supported with SQL Managed Instance:

  • Microsoft 对等互连:如果在与 SQL 托管实例所在的虚拟网络直接或暂时对等互连的 ExpressRoute 线路上启用 Microsoft 对等互连,会影响虚拟网络内的 SQL 托管实例组件与它依赖的服务之间的流量,从而导致可用性问题。Microsoft peering: Enabling Microsoft peering on ExpressRoute circuits peered directly or transitively with a virtual network where SQL Managed Instance resides affects traffic flow between SQL Managed Instance components inside the virtual network and services it depends on, causing availability issues. 向已启用 Microsoft 对等互连的虚拟网络部署 SQL 托管实例预计会失败。SQL Managed Instance deployments to virtual network with Microsoft peering already enabled are expected to fail.
  • 全局虚拟网络对等互连:由于所记录的负载均衡器约束,跨 Azure 区域的虚拟网络对等互连连接对 SQL 托管实例不起作用。Global virtual network peering: Virtual network peering connectivity across Azure regions doesn't work for SQL Managed Instance due to documented load balancer constraints.
  • AzurePlatformDNS:使用 AzurePlatformDNS 服务标记阻止平台 DNS 解析会导致 SQL 托管实例不可用。AzurePlatformDNS: Using the AzurePlatformDNS service tag to block platform DNS resolution would render SQL Managed Instance unavailable. 尽管 SQL 托管实例支持将客户定义的 DNS 用于引擎内的 DNS 解析,但平台操作依赖于平台 DNS。Although SQL Managed Instance supports customer-defined DNS for DNS resolution inside the engine, there is a dependency on platform DNS for platform operations.

[已弃用] 不采用服务辅助子网配置时的网络要求[Deprecated] Network requirements without service-aided subnet configuration

在虚拟网络中的专用子网内部署 SQL 托管实例。Deploy SQL Managed Instance in a dedicated subnet inside the virtual network. 该子网必须具有以下特征:The subnet must have these characteristics:

  • 专用子网: SQL 托管实例的子网不能包含其他任何关联的云服务,且不能是网关子网。Dedicated subnet: The SQL Managed Instance subnet can't contain any other cloud service that's associated with it, and it can't be a gateway subnet. 该子网不能包含除该 SQL 托管实例以外的其他任何资源,你之后也无法在该子网中添加其他类型的资源。The subnet can't contain any resource but SQL Managed Instance, and you can't later add other types of resources in the subnet.
  • 网络安全组 (NSG) :与虚拟网络关联的 NSG 必须在其他任何规则的前面定义入站安全规则出站安全规则Network security group (NSG): An NSG that's associated with the virtual network must define inbound security rules and outbound security rules before any other rules. 当 SQL 托管实例配置为使用重定向连接时,可使用某个 NSG 通过筛选端口 1433 和端口 11000-11999 上的流量,来控制对 SQL 托管实例数据终结点的访问。You can use an NSG to control access to the SQL Managed Instance data endpoint by filtering traffic on port 1433 and ports 11000-11999 when SQL Managed Instance is configured for redirect connections.
  • 用户定义的路由 (UDR) 表: 与虚拟网络关联的 UDR 表必须包含特定的条目User defined route (UDR) table: A UDR table that's associated with the virtual network must include specific entries.
  • 没有服务终结点: 不得将任何服务终结点与 SQL 托管实例的子网相关联。No service endpoints: No service endpoint should be associated with the SQL Managed Instance subnet. 创建虚拟网络时,请务必禁用“服务终结点”选项。Make sure that the service endpoints option is disabled when you create the virtual network.
  • 足够的 IP 地址: SQL 托管实例子网必须至少有 16 个 IP 地址。Sufficient IP addresses: The SQL Managed Instance subnet must have at least 16 IP addresses. 建议的最少数目为 32 个 IP 地址。The recommended minimum is 32 IP addresses. 有关详细信息,请参阅确定 SQL 托管实例的子网大小For more information, see Determine the size of the subnet for SQL Managed Instance. 根据 SQL 托管实例的网络要求配置托管实例后,可将其部署在现有网络中。You can deploy managed instances in the existing network after you configure it to satisfy the networking requirements for SQL Managed Instance. 否则,请创建新的网络和子网Otherwise, create a new network and subnet.

重要

如果目标子网缺少这些特征,则无法部署新的托管实例。You can't deploy a new managed instance if the destination subnet lacks these characteristics. 创建托管实例时,将会针对子网应用网络意向策略,以防止对网络设置进行不合规的更改。When you create a managed instance, a network intent policy is applied on the subnet to prevent noncompliant changes to networking setup. 从子网中删除最后一个实例后,网络意向策略也会一并删除。After the last instance is removed from the subnet, the network intent policy is also removed.

强制性入站安全规则Mandatory inbound security rules

名称Name 端口Port 协议Protocol SourceSource 目标Destination 操作Action
管理management 9000、9003、1438、1440、14529000, 9003, 1438, 1440, 1452 TCPTCP 任意Any MI SUBNETMI SUBNET 允许Allow
mi_subnetmi_subnet 任意Any 任意Any MI SUBNETMI SUBNET MI SUBNETMI SUBNET 允许Allow
health_probehealth_probe 任意Any 任意Any AzureLoadBalancerAzureLoadBalancer MI SUBNETMI SUBNET 允许Allow

强制性出站安全规则Mandatory outbound security rules

名称Name 端口Port 协议Protocol SourceSource 目标Destination 操作Action
管理management 443、12000443, 12000 TCPTCP MI SUBNETMI SUBNET AzureCloudAzureCloud 允许Allow
mi_subnetmi_subnet 任意Any 任意Any MI SUBNETMI SUBNET MI SUBNETMI SUBNET 允许Allow

重要

确保端口 9000、9003、1438、1440 和 1452 只有一个入站规则,端口 443 和 12000 只有一个出站规则。Ensure there is only one inbound rule for ports 9000, 9003, 1438, 1440, and 1452, and one outbound rule for ports 443 and 12000. 如果单独为每个端口配置入站和出站规则,则无法通过 Azure 资源管理器部署预配 SQL 托管实例。SQL Managed Instance provisioning through Azure Resource Manager deployments will fail if inbound and outbound rules are configured separately for each port. 如果这些端口位于不同的规则中,则部署将失败,错误代码为 VnetSubnetConflictWithIntendedPolicyIf these ports are in separate rules, the deployment will fail with the error code VnetSubnetConflictWithIntendedPolicy.

* MI SUBNET 是指子网的 IP 地址范围,采用 x.x.x.x/y 格式。* MI SUBNET refers to the IP address range for the subnet in the form x.x.x.x/y. 可以在 Azure 门户的“子网属性”中找到此信息。You can find this information in the Azure portal, in subnet properties.

重要

尽管所需的入站安全规则允许来自端口 9000、9003、1438、1440 和 1452 上的任意资源的流量,但这些端口受内置防火墙的保护。Although required inbound security rules allow traffic from any source on ports 9000, 9003, 1438, 1440, and 1452, these ports are protected by a built-in firewall. 有关详细信息,请参阅确定管理终结点地址For more information, see Determine the management endpoint address.

备注

如果在 SQL 托管实例中使用事务复制,并且将任何实例数据库用作发布服务器或分发服务器,请在子网的安全规则中打开端口 445(TCP 出站)。If you use transactional replication in SQL Managed Instance, and if you use any instance database as a publisher or a distributor, open port 445 (TCP outbound) in the subnet's security rules. 此端口允许访问 Azure 文件共享。This port will allow access to the Azure file share.

用户定义的路由User defined routes

名称Name 地址前缀Address prefix 下一跃点Next hop
subnet_to_vnetlocalsubnet_to_vnetlocal MI SUBNETMI SUBNET 虚拟网络Virtual network
mi-13-64-11-nexthop-internetmi-13-64-11-nexthop-internet 13.64.0.0/1113.64.0.0/11 InternetInternet
mi-13-104-14-nexthop-internetmi-13-104-14-nexthop-internet 13.104.0.0/1413.104.0.0/14 InternetInternet
mi-20-33-16-nexthop-internetmi-20-33-16-nexthop-internet 20.33.0.0/1620.33.0.0/16 InternetInternet
mi-20-34-15-nexthop-internetmi-20-34-15-nexthop-internet 20.34.0.0/1520.34.0.0/15 InternetInternet
mi-20-36-14-nexthop-internetmi-20-36-14-nexthop-internet 20.36.0.0/1420.36.0.0/14 InternetInternet
mi-20-40-13-nexthop-internetmi-20-40-13-nexthop-internet 20.40.0.0/1320.40.0.0/13 InternetInternet
mi-20-48-12-nexthop-internetmi-20-48-12-nexthop-internet 20.48.0.0/1220.48.0.0/12 InternetInternet
mi-20-64-10-nexthop-internetmi-20-64-10-nexthop-internet 20.64.0.0/1020.64.0.0/10 InternetInternet
mi-20-128-16-nexthop-internetmi-20-128-16-nexthop-internet 20.128.0.0/1620.128.0.0/16 InternetInternet
mi-20-135-16-nexthop-internetmi-20-135-16-nexthop-internet 20.135.0.0/1620.135.0.0/16 InternetInternet
mi-20-136-16-nexthop-internetmi-20-136-16-nexthop-internet 20.136.0.0/1620.136.0.0/16 InternetInternet
mi-20-140-15-nexthop-internetmi-20-140-15-nexthop-internet 20.140.0.0/1520.140.0.0/15 InternetInternet
mi-20-143-16-nexthop-internetmi-20-143-16-nexthop-internet 20.143.0.0/1620.143.0.0/16 InternetInternet
mi-20-144-14-nexthop-internetmi-20-144-14-nexthop-internet 20.144.0.0/1420.144.0.0/14 InternetInternet
mi-20-150-15-nexthop-internetmi-20-150-15-nexthop-internet 20.150.0.0/1520.150.0.0/15 InternetInternet
mi-20-160-12-nexthop-internetmi-20-160-12-nexthop-internet 20.160.0.0/1220.160.0.0/12 InternetInternet
mi-20-176-14-nexthop-internetmi-20-176-14-nexthop-internet 20.176.0.0/1420.176.0.0/14 InternetInternet
mi-20-180-14-nexthop-internetmi-20-180-14-nexthop-internet 20.180.0.0/1420.180.0.0/14 InternetInternet
mi-20-184-13-nexthop-internetmi-20-184-13-nexthop-internet 20.184.0.0/1320.184.0.0/13 InternetInternet
mi-20-192-10-nexthop-internetmi-20-192-10-nexthop-internet 20.192.0.0/1020.192.0.0/10 InternetInternet
mi-40-64-10-nexthop-internetmi-40-64-10-nexthop-internet 40.64.0.0/1040.64.0.0/10 InternetInternet
mi-51-4-15-nexthop-internetmi-51-4-15-nexthop-internet 51.4.0.0/1551.4.0.0/15 InternetInternet
mi-51-8-16-nexthop-internetmi-51-8-16-nexthop-internet 51.8.0.0/1651.8.0.0/16 InternetInternet
mi-51-10-15-nexthop-internetmi-51-10-15-nexthop-internet 51.10.0.0/1551.10.0.0/15 InternetInternet
mi-51-18-16-nexthop-internetmi-51-18-16-nexthop-internet 51.18.0.0/1651.18.0.0/16 InternetInternet
mi-51-51-16-nexthop-internetmi-51-51-16-nexthop-internet 51.51.0.0/1651.51.0.0/16 InternetInternet
mi-51-53-16-nexthop-internetmi-51-53-16-nexthop-internet 51.53.0.0/1651.53.0.0/16 InternetInternet
mi-51-103-16-nexthop-internetmi-51-103-16-nexthop-internet 51.103.0.0/1651.103.0.0/16 InternetInternet
mi-51-104-15-nexthop-internetmi-51-104-15-nexthop-internet 51.104.0.0/1551.104.0.0/15 InternetInternet
mi-51-132-16-nexthop-internetmi-51-132-16-nexthop-internet 51.132.0.0/1651.132.0.0/16 InternetInternet
mi-51-136-15-nexthop-internetmi-51-136-15-nexthop-internet 51.136.0.0/1551.136.0.0/15 InternetInternet
mi-51-138-16-nexthop-internetmi-51-138-16-nexthop-internet 51.138.0.0/1651.138.0.0/16 InternetInternet
mi-51-140-14-nexthop-internetmi-51-140-14-nexthop-internet 51.140.0.0/1451.140.0.0/14 InternetInternet
mi-51-144-15-nexthop-internetmi-51-144-15-nexthop-internet 51.144.0.0/1551.144.0.0/15 InternetInternet
mi-52-96-12-nexthop-internetmi-52-96-12-nexthop-internet 52.96.0.0/1252.96.0.0/12 InternetInternet
mi-52-112-14-nexthop-internetmi-52-112-14-nexthop-internet 52.112.0.0/1452.112.0.0/14 InternetInternet
mi-52-125-16-nexthop-internetmi-52-125-16-nexthop-internet 52.125.0.0/1652.125.0.0/16 InternetInternet
mi-52-126-15-nexthop-internetmi-52-126-15-nexthop-internet 52.126.0.0/1552.126.0.0/15 InternetInternet
mi-52-130-15-nexthop-internetmi-52-130-15-nexthop-internet 52.130.0.0/1552.130.0.0/15 InternetInternet
mi-52-132-14-nexthop-internetmi-52-132-14-nexthop-internet 52.132.0.0/1452.132.0.0/14 InternetInternet
mi-52-136-13-nexthop-internetmi-52-136-13-nexthop-internet 52.136.0.0/1352.136.0.0/13 InternetInternet
mi-52-145-16-nexthop-internetmi-52-145-16-nexthop-internet 52.145.0.0/1652.145.0.0/16 InternetInternet
mi-52-146-15-nexthop-internetmi-52-146-15-nexthop-internet 52.146.0.0/1552.146.0.0/15 InternetInternet
mi-52-148-14-nexthop-internetmi-52-148-14-nexthop-internet 52.148.0.0/1452.148.0.0/14 InternetInternet
mi-52-152-13-nexthop-internetmi-52-152-13-nexthop-internet 52.152.0.0/1352.152.0.0/13 InternetInternet
mi-52-160-11-nexthop-internetmi-52-160-11-nexthop-internet 52.160.0.0/1152.160.0.0/11 InternetInternet
mi-52-224-11-nexthop-internetmi-52-224-11-nexthop-internet 52.224.0.0/1152.224.0.0/11 InternetInternet
mi-64-4-18-nexthop-internetmi-64-4-18-nexthop-internet 64.4.0.0/1864.4.0.0/18 InternetInternet
mi-65-52-14-nexthop-internetmi-65-52-14-nexthop-internet 65.52.0.0/1465.52.0.0/14 InternetInternet
mi-66-119-144-20-nexthop-internetmi-66-119-144-20-nexthop-internet 66.119.144.0/2066.119.144.0/20 InternetInternet
mi-70-37-17-nexthop-internetmi-70-37-17-nexthop-internet 70.37.0.0/1770.37.0.0/17 InternetInternet
mi-70-37-128-18-nexthop-internetmi-70-37-128-18-nexthop-internet 70.37.128.0/1870.37.128.0/18 InternetInternet
mi-91-190-216-21-nexthop-internetmi-91-190-216-21-nexthop-internet 91.190.216.0/2191.190.216.0/21 InternetInternet
mi-94-245-64-18-nexthop-internetmi-94-245-64-18-nexthop-internet 94.245.64.0/1894.245.64.0/18 InternetInternet
mi-103-9-8-22-nexthop-internetmi-103-9-8-22-nexthop-internet 103.9.8.0/22103.9.8.0/22 InternetInternet
mi-103-25-156-24-nexthop-internetmi-103-25-156-24-nexthop-internet 103.25.156.0/24103.25.156.0/24 InternetInternet
mi-103-25-157-24-nexthop-internetmi-103-25-157-24-nexthop-internet 103.25.157.0/24103.25.157.0/24 InternetInternet
mi-103-25-158-23-nexthop-internetmi-103-25-158-23-nexthop-internet 103.25.158.0/23103.25.158.0/23 InternetInternet
mi-103-36-96-22-nexthop-internetmi-103-36-96-22-nexthop-internet 103.36.96.0/22103.36.96.0/22 InternetInternet
mi-103-255-140-22-nexthop-internetmi-103-255-140-22-nexthop-internet 103.255.140.0/22103.255.140.0/22 InternetInternet
mi-104-40-13-nexthop-internetmi-104-40-13-nexthop-internet 104.40.0.0/13104.40.0.0/13 InternetInternet
mi-104-146-15-nexthop-internetmi-104-146-15-nexthop-internet 104.146.0.0/15104.146.0.0/15 InternetInternet
mi-104-208-13-nexthop-internetmi-104-208-13-nexthop-internet 104.208.0.0/13104.208.0.0/13 InternetInternet
mi-111-221-16-20-nexthop-internetmi-111-221-16-20-nexthop-internet 111.221.16.0/20111.221.16.0/20 InternetInternet
mi-111-221-64-18-nexthop-internetmi-111-221-64-18-nexthop-internet 111.221.64.0/18111.221.64.0/18 InternetInternet
mi-129-75-16-nexthop-internetmi-129-75-16-nexthop-internet 129.75.0.0/16129.75.0.0/16 InternetInternet
mi-131-107-16-nexthop-internetmi-131-107-16-nexthop-internet 131.107.0.0/16131.107.0.0/16 InternetInternet
mi-131-253-1-24-nexthop-internetmi-131-253-1-24-nexthop-internet 131.253.1.0/24131.253.1.0/24 InternetInternet
mi-131-253-3-24-nexthop-internetmi-131-253-3-24-nexthop-internet 131.253.3.0/24131.253.3.0/24 InternetInternet
mi-131-253-5-24-nexthop-internetmi-131-253-5-24-nexthop-internet 131.253.5.0/24131.253.5.0/24 InternetInternet
mi-131-253-6-24-nexthop-internetmi-131-253-6-24-nexthop-internet 131.253.6.0/24131.253.6.0/24 InternetInternet
mi-131-253-8-24-nexthop-internetmi-131-253-8-24-nexthop-internet 131.253.8.0/24131.253.8.0/24 InternetInternet
mi-131-253-12-22-nexthop-internetmi-131-253-12-22-nexthop-internet 131.253.12.0/22131.253.12.0/22 InternetInternet
mi-131-253-16-23-nexthop-internetmi-131-253-16-23-nexthop-internet 131.253.16.0/23131.253.16.0/23 InternetInternet
mi-131-253-18-24-nexthop-internetmi-131-253-18-24-nexthop-internet 131.253.18.0/24131.253.18.0/24 InternetInternet
mi-131-253-21-24-nexthop-internetmi-131-253-21-24-nexthop-internet 131.253.21.0/24131.253.21.0/24 InternetInternet
mi-131-253-22-23-nexthop-internetmi-131-253-22-23-nexthop-internet 131.253.22.0/23131.253.22.0/23 InternetInternet
mi-131-253-24-21-nexthop-internetmi-131-253-24-21-nexthop-internet 131.253.24.0/21131.253.24.0/21 InternetInternet
mi-131-253-32-20-nexthop-internetmi-131-253-32-20-nexthop-internet 131.253.32.0/20131.253.32.0/20 InternetInternet
mi-131-253-61-24-nexthop-internetmi-131-253-61-24-nexthop-internet 131.253.61.0/24131.253.61.0/24 InternetInternet
mi-131-253-62-23-nexthop-internetmi-131-253-62-23-nexthop-internet 131.253.62.0/23131.253.62.0/23 InternetInternet
mi-131-253-64-18-nexthop-internetmi-131-253-64-18-nexthop-internet 131.253.64.0/18131.253.64.0/18 InternetInternet
mi-131-253-128-17-nexthop-internetmi-131-253-128-17-nexthop-internet 131.253.128.0/17131.253.128.0/17 InternetInternet
mi-132-245-16-nexthop-internetmi-132-245-16-nexthop-internet 132.245.0.0/16132.245.0.0/16 InternetInternet
mi-134-170-16-nexthop-internetmi-134-170-16-nexthop-internet 134.170.0.0/16134.170.0.0/16 InternetInternet
mi-134-177-16-nexthop-internetmi-134-177-16-nexthop-internet 134.177.0.0/16134.177.0.0/16 InternetInternet
mi-137-116-15-nexthop-internetmi-137-116-15-nexthop-internet 137.116.0.0/15137.116.0.0/15 InternetInternet
mi-137-135-16-nexthop-internetmi-137-135-16-nexthop-internet 137.135.0.0/16137.135.0.0/16 InternetInternet
mi-138-91-16-nexthop-internetmi-138-91-16-nexthop-internet 138.91.0.0/16138.91.0.0/16 InternetInternet
mi-138-196-16-nexthop-internetmi-138-196-16-nexthop-internet 138.196.0.0/16138.196.0.0/16 InternetInternet
mi-139-217-16-nexthop-internetmi-139-217-16-nexthop-internet 139.217.0.0/16139.217.0.0/16 InternetInternet
mi-139-219-16-nexthop-internetmi-139-219-16-nexthop-internet 139.219.0.0/16139.219.0.0/16 InternetInternet
mi-141-251-16-nexthop-internetmi-141-251-16-nexthop-internet 141.251.0.0/16141.251.0.0/16 InternetInternet
mi-146-147-16-nexthop-internetmi-146-147-16-nexthop-internet 146.147.0.0/16146.147.0.0/16 InternetInternet
mi-147-243-16-nexthop-internetmi-147-243-16-nexthop-internet 147.243.0.0/16147.243.0.0/16 InternetInternet
mi-150-171-16-nexthop-internetmi-150-171-16-nexthop-internet 150.171.0.0/16150.171.0.0/16 InternetInternet
mi-150-242-48-22-nexthop-internetmi-150-242-48-22-nexthop-internet 150.242.48.0/22150.242.48.0/22 InternetInternet
mi-157-54-15-nexthop-internetmi-157-54-15-nexthop-internet 157.54.0.0/15157.54.0.0/15 InternetInternet
mi-157-56-14-nexthop-internetmi-157-56-14-nexthop-internet 157.56.0.0/14157.56.0.0/14 InternetInternet
mi-157-60-16-nexthop-internetmi-157-60-16-nexthop-internet 157.60.0.0/16157.60.0.0/16 InternetInternet
mi-167-105-16-nexthop-internetmi-167-105-16-nexthop-internet 167.105.0.0/16167.105.0.0/16 InternetInternet
mi-167-220-16-nexthop-internetmi-167-220-16-nexthop-internet 167.220.0.0/16167.220.0.0/16 InternetInternet
mi-168-61-16-nexthop-internetmi-168-61-16-nexthop-internet 168.61.0.0/16168.61.0.0/16 InternetInternet
mi-168-62-15-nexthop-internetmi-168-62-15-nexthop-internet 168.62.0.0/15168.62.0.0/15 InternetInternet
mi-191-232-13-nexthop-internetmi-191-232-13-nexthop-internet 191.232.0.0/13191.232.0.0/13 InternetInternet
mi-192-32-16-nexthop-internetmi-192-32-16-nexthop-internet 192.32.0.0/16192.32.0.0/16 InternetInternet
mi-192-48-225-24-nexthop-internetmi-192-48-225-24-nexthop-internet 192.48.225.0/24192.48.225.0/24 InternetInternet
mi-192-84-159-24-nexthop-internetmi-192-84-159-24-nexthop-internet 192.84.159.0/24192.84.159.0/24 InternetInternet
mi-192-84-160-23-nexthop-internetmi-192-84-160-23-nexthop-internet 192.84.160.0/23192.84.160.0/23 InternetInternet
mi-192-197-157-24-nexthop-internetmi-192-197-157-24-nexthop-internet 192.197.157.0/24192.197.157.0/24 InternetInternet
mi-193-149-64-19-nexthop-internetmi-193-149-64-19-nexthop-internet 193.149.64.0/19193.149.64.0/19 InternetInternet
mi-193-221-113-24-nexthop-internetmi-193-221-113-24-nexthop-internet 193.221.113.0/24193.221.113.0/24 InternetInternet
mi-194-69-96-19-nexthop-internetmi-194-69-96-19-nexthop-internet 194.69.96.0/19194.69.96.0/19 InternetInternet
mi-194-110-197-24-nexthop-internetmi-194-110-197-24-nexthop-internet 194.110.197.0/24194.110.197.0/24 InternetInternet
mi-198-105-232-22-nexthop-internetmi-198-105-232-22-nexthop-internet 198.105.232.0/22198.105.232.0/22 InternetInternet
mi-198-200-130-24-nexthop-internetmi-198-200-130-24-nexthop-internet 198.200.130.0/24198.200.130.0/24 InternetInternet
mi-198-206-164-24-nexthop-internetmi-198-206-164-24-nexthop-internet 198.206.164.0/24198.206.164.0/24 InternetInternet
mi-199-60-28-24-nexthop-internetmi-199-60-28-24-nexthop-internet 199.60.28.0/24199.60.28.0/24 InternetInternet
mi-199-74-210-24-nexthop-internetmi-199-74-210-24-nexthop-internet 199.74.210.0/24199.74.210.0/24 InternetInternet
mi-199-103-90-23-nexthop-internetmi-199-103-90-23-nexthop-internet 199.103.90.0/23199.103.90.0/23 InternetInternet
mi-199-103-122-24-nexthop-internetmi-199-103-122-24-nexthop-internet 199.103.122.0/24199.103.122.0/24 InternetInternet
mi-199-242-32-20-nexthop-internetmi-199-242-32-20-nexthop-internet 199.242.32.0/20199.242.32.0/20 InternetInternet
mi-199-242-48-21-nexthop-internetmi-199-242-48-21-nexthop-internet 199.242.48.0/21199.242.48.0/21 InternetInternet
mi-202-89-224-20-nexthop-internetmi-202-89-224-20-nexthop-internet 202.89.224.0/20202.89.224.0/20 InternetInternet
mi-204-13-120-21-nexthop-internetmi-204-13-120-21-nexthop-internet 204.13.120.0/21204.13.120.0/21 InternetInternet
mi-204-14-180-22-nexthop-internetmi-204-14-180-22-nexthop-internet 204.14.180.0/22204.14.180.0/22 InternetInternet
mi-204-79-135-24-nexthop-internetmi-204-79-135-24-nexthop-internet 204.79.135.0/24204.79.135.0/24 InternetInternet
mi-204-79-179-24-nexthop-internetmi-204-79-179-24-nexthop-internet 204.79.179.0/24204.79.179.0/24 InternetInternet
mi-204-79-181-24-nexthop-internetmi-204-79-181-24-nexthop-internet 204.79.181.0/24204.79.181.0/24 InternetInternet
mi-204-79-188-24-nexthop-internetmi-204-79-188-24-nexthop-internet 204.79.188.0/24204.79.188.0/24 InternetInternet
mi-204-79-195-24-nexthop-internetmi-204-79-195-24-nexthop-internet 204.79.195.0/24204.79.195.0/24 InternetInternet
mi-204-79-196-23-nexthop-internetmi-204-79-196-23-nexthop-internet 204.79.196.0/23204.79.196.0/23 InternetInternet
mi-204-79-252-24-nexthop-internetmi-204-79-252-24-nexthop-internet 204.79.252.0/24204.79.252.0/24 InternetInternet
mi-204-152-18-23-nexthop-internetmi-204-152-18-23-nexthop-internet 204.152.18.0/23204.152.18.0/23 InternetInternet
mi-204-152-140-23-nexthop-internetmi-204-152-140-23-nexthop-internet 204.152.140.0/23204.152.140.0/23 InternetInternet
mi-204-231-192-24-nexthop-internetmi-204-231-192-24-nexthop-internet 204.231.192.0/24204.231.192.0/24 InternetInternet
mi-204-231-194-23-nexthop-internetmi-204-231-194-23-nexthop-internet 204.231.194.0/23204.231.194.0/23 InternetInternet
mi-204-231-197-24-nexthop-internetmi-204-231-197-24-nexthop-internet 204.231.197.0/24204.231.197.0/24 InternetInternet
mi-204-231-198-23-nexthop-internetmi-204-231-198-23-nexthop-internet 204.231.198.0/23204.231.198.0/23 InternetInternet
mi-204-231-200-21-nexthop-internetmi-204-231-200-21-nexthop-internet 204.231.200.0/21204.231.200.0/21 InternetInternet
mi-204-231-208-20-nexthop-internetmi-204-231-208-20-nexthop-internet 204.231.208.0/20204.231.208.0/20 InternetInternet
mi-204-231-236-24-nexthop-internetmi-204-231-236-24-nexthop-internet 204.231.236.0/24204.231.236.0/24 InternetInternet
mi-205-174-224-20-nexthop-internetmi-205-174-224-20-nexthop-internet 205.174.224.0/20205.174.224.0/20 InternetInternet
mi-206-138-168-21-nexthop-internetmi-206-138-168-21-nexthop-internet 206.138.168.0/21206.138.168.0/21 InternetInternet
mi-206-191-224-19-nexthop-internetmi-206-191-224-19-nexthop-internet 206.191.224.0/19206.191.224.0/19 InternetInternet
mi-207-46-16-nexthop-internetmi-207-46-16-nexthop-internet 207.46.0.0/16207.46.0.0/16 InternetInternet
mi-207-68-128-18-nexthop-internetmi-207-68-128-18-nexthop-internet 207.68.128.0/18207.68.128.0/18 InternetInternet
mi-208-68-136-21-nexthop-internetmi-208-68-136-21-nexthop-internet 208.68.136.0/21208.68.136.0/21 InternetInternet
mi-208-76-44-22-nexthop-internetmi-208-76-44-22-nexthop-internet 208.76.44.0/22208.76.44.0/22 InternetInternet
mi-208-84-21-nexthop-internetmi-208-84-21-nexthop-internet 208.84.0.0/21208.84.0.0/21 InternetInternet
mi-209-240-192-19-nexthop-internetmi-209-240-192-19-nexthop-internet 209.240.192.0/19209.240.192.0/19 InternetInternet
mi-213-199-128-18-nexthop-internetmi-213-199-128-18-nexthop-internet 213.199.128.0/18213.199.128.0/18 InternetInternet
mi-216-32-180-22-nexthop-internetmi-216-32-180-22-nexthop-internet 216.32.180.0/22216.32.180.0/22 InternetInternet
mi-216-220-208-20-nexthop-internetmi-216-220-208-20-nexthop-internet 216.220.208.0/20216.220.208.0/20 InternetInternet
mi-23-96-13-nexthop-internetmi-23-96-13-nexthop-internet 23.96.0.0/1323.96.0.0/13 InternetInternet
mi-42-159-16-nexthop-internetmi-42-159-16-nexthop-internet 42.159.0.0/1642.159.0.0/16 InternetInternet
mi-51-13-17-nexthop-internetmi-51-13-17-nexthop-internet 51.13.0.0/1751.13.0.0/17 InternetInternet
mi-51-107-16-nexthop-internetmi-51-107-16-nexthop-internet 51.107.0.0/1651.107.0.0/16 InternetInternet
mi-51-116-16-nexthop-internetmi-51-116-16-nexthop-internet 51.116.0.0/1651.116.0.0/16 InternetInternet
mi-51-120-16-nexthop-internetmi-51-120-16-nexthop-internet 51.120.0.0/1651.120.0.0/16 InternetInternet
mi-51-120-128-17-nexthop-internetmi-51-120-128-17-nexthop-internet 51.120.128.0/1751.120.128.0/17 InternetInternet
mi-51-124-16-nexthop-internetmi-51-124-16-nexthop-internet 51.124.0.0/1651.124.0.0/16 InternetInternet
mi-102-37-18-nexthop-internetmi-102-37-18-nexthop-internet 102.37.0.0/18102.37.0.0/18 InternetInternet
mi-102-133-16-nexthop-internetmi-102-133-16-nexthop-internet 102.133.0.0/16102.133.0.0/16 InternetInternet
mi-199-30-16-20-nexthop-internetmi-199-30-16-20-nexthop-internet 199.30.16.0/20199.30.16.0/20 InternetInternet
mi-204-79-180-24-nexthop-internetmi-204-79-180-24-nexthop-internet 204.79.180.0/24204.79.180.0/24 InternetInternet

后续步骤Next steps