Azure Stack Hub 网络的差异和注意事项Differences and considerations for Azure Stack Hub networking

Azure Stack Hub 网络具有许多由 Azure 网络提供的功能。Azure Stack Hub networking has many of the features provided by Azure networking. 但是,在部署 Azure Stack Hub 网络之前,你应该了解一些关键区别。However, there are some key differences that you should understand before deploying an Azure Stack Hub network.

本文概述 Azure Stack Hub 网络及其功能的独特注意事项。This article provides an overview of the unique considerations for Azure Stack Hub networking and its features. 有关 Azure Stack Hub 与 Azure 之间的大致差异的详细信息,请参阅重要注意事项一文。To learn about high-level differences between Azure Stack Hub and Azure, see the Key considerations article.

速查表:网络差异Cheat sheet: Networking differences

服务Service 功能Feature Azure(公有云)Azure (global) Azure Stack HubAzure Stack Hub
DNSDNS 多租户 DNSMulti-tenant DNS 支持Supported 尚不支持Not yet supported
DNS AAAA 记录DNS AAAA records 支持Supported 不支持Not supported
每个订阅的 DNS 区域数DNS zones per subscription 100(默认值)100 (default)
可以请求增加。Can be increased on request.
每个区域的 DNS 记录集数DNS record sets per zone 5000(默认值)5000 (default)
可以请求增加。Can be increased on request.
用于区域委派的名称服务器Name servers for zone delegation Azure 为创建的每个用户(租户)区域提供四个名称服务器。Azure provides four name servers for each user (tenant) zone that is created. Azure Stack Hub 为创建的每个用户(租户)区域提供两个名称服务器。Azure Stack Hub provides two name servers for each user (tenant) zone that is created.
Azure 防火墙Azure Firewall 网络安全服务Network security service Azure 防火墙是托管的基于云的网络安全服务,可保护 Azure 虚拟网络资源。Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. 尚不支持。Not yet supported.
虚拟网络Virtual Network 虚拟网络对等互连Virtual network peering 通过 Azure 主干网络连接同一区域中的两个虚拟网络。Connect two virtual networks in the same region through the Azure backbone network. 从版本 2008 开始支持虚拟网络对等互连Supported since version 2008 Virtual Network peering
IPv6 地址IPv6 addresses 可以分配 IPv6 地址作为网络接口配置的一部分。You can assign an IPv6 address as part of the Network Interface Configuration. 仅支持 IPv4。Only IPv4 is supported.
DDoS 防护计划DDoS Protection Plan 支持Supported 尚不支持。Not yet supported.
规模集 IP 配置Scale Set IP Configurations 支持Supported 尚不支持。Not yet supported.
专用访问服务(子网)Private Access Services (Subnet) 支持Supported 尚不支持。Not yet supported.
服务终结点Service Endpoints 支持 Azure 服务的内部(非Internet)连接。Supported for internal (non-Internet) connection to Azure Services. 尚不支持。Not yet supported.
服务终结点策略Service Endpoint Policies 支持Supported 尚不支持。Not yet supported.
服务隧道Service Tunnels 支持Supported 尚不支持。Not yet supported.
网络安全组Network Security Groups 扩充式安全规则Augmented Security Rules 支持Supported Supported.
有效安全规则Effective Security Rules 支持Supported 尚不支持。Not yet supported.
应用程序安全组Application Security Groups 支持Supported 尚不支持。Not yet supported.
规则协议Rule Protocols TCP、UDP、ICMP、任意TCP, UDP, ICMP, Any 仅 TCP、UDP 或任意Only TCP, UDP or Any
虚拟网络网关Virtual Network Gateways 点到站点 VPN 网关Point-to-Site VPN Gateway 支持Supported 尚不支持。Not yet supported.
VNet 到 VNet 网关Vnet-to-Vnet Gateway 支持Supported 尚不支持。Not yet supported.
虚拟网络网关类型Virtual Network Gateway Type Azure 支持 VPNAzure Supports VPN
Express RouteExpress Route
Hyper Net。Hyper Net.
Azure Stack Hub 目前仅支持 VPN 类型。Azure Stack Hub currently supports only VPN type.
VPN 网关 SKUVPN Gateway SKUs 支持基本、GW1、GW2、GW3、标准高性能、超高性能 SKU。Support for Basic, GW1, GW2, GW3, Standard High Performance, Ultra-High Performance. 支持基本、标准和高性能 SKU。Support for Basic, Standard, and High-Performance SKUs.
VPN 类型VPN Type Azure 支持“基于策略”和“基于路由”。Azure supports both policy-based and route-based. Azure Stack Hub 仅支持“基于路由”。Azure Stack Hub supports route-based only.
BGP 设置BGP Settings Azure 支持配置“BGP 对等互连地址”和“对等互连权重”。Azure supports configuration of BGP Peering Address and Peer Weight. “BGP 对等互连地址”和“对等互连权重”在 Azure Stack Hub 中自动配置。BGP Peering Address and Peer Weight are auto-configured in Azure Stack Hub. 用户无法使用自己的值来配置这些设置。There's no way for the user to configure these settings with their own values.
默认网关站点Default Gateway Site Azure 支持为强制隧道配置默认站点。Azure supports configuration of a default site for forced tunneling. 尚不支持。Not yet supported.
网关大小调整Gateway Resizing Azure 支持在部署后调整网关大小。Azure supports resizing the gateway after deployment. 不支持调整大小。Resizing not supported.
可用性配置Availability Configuration 主动/主动Active/Active 主动/被动Active/Passive
UsePolicyBasedTrafficSelectorsUsePolicyBasedTrafficSelectors Azure 支持将基于策略的流量选择器与基于路由的网关连接配合使用。Azure supports using policy-based traffic selectors with route-based gateway connections. 尚不支持。Not yet supported.
监视和警报Monitoring and Alerts Azure 使用 Azure Monitor 提供 VPN 资源警报设置功能。Azure uses Azure Monitor to provide the ability to set up alerts for VPN resources. 尚不支持。Not yet supported.
负载均衡器Load balancer SKUSKU 支持基本和标准负载均衡器。Basic and Standard Load Balancers are supported 仅支持基本负载均衡器。Only the Basic Load Balancer is supported.
不支持 SKU 属性。The SKU property is not supported.
对于版本 1807-1906,基本 SKU 负载均衡器支持每个负载均衡器 10 个前端 IP 配置;对于版本 1907 和更高版本,则支持每个负载均衡器 200 个前端 IP 配置。The Basic SKU load balancer supports 10 front-end IP configurations for releases 1807-1906 and 200 front-end IP configurations for releases 1907 and above per load balancer.
区域Zones 支持可用性区域。Availability Zones are Supported. 尚不支持Not yet supported
服务终结点的入站 NAT 规则支持Inbound NAT Rules support for Service Endpoints Azure 支持为入站 NAT 规则指定服务终结点。Azure supports specifying Service Endpoints for Inbound NAT rules. Azure Stack Hub 尚不支持服务终结点,因此无法指定这些设置。Azure Stack Hub doesn't yet support Service Endpoints, so these can't be specified.
协议Protocol Azure 支持指定 GRE 或 ESP。Azure Supports specifying GRE or ESP. Azure Stack Hub 不支持协议类。Protocol Class isn't supported in Azure Stack Hub.
公共 IP 地址Public IP Address 公共 IP 地址版本Public IP Address Version Azure 同时支持 IPv6 和 IPv4。Azure supports both IPv6 and IPv4. 仅支持 IPv4。Only IPv4 is supported.
SKUSKU Azure 支持“基本”和“标准”。Azure supports Basic and Standard. 仅支持“基本”。Only Basic is supported.
网络接口Network Interface 获取有效路由表Get Effective Route Table 支持Supported 尚不支持。Not yet supported.
获取有效 ACLGet Effective ACLs 支持Supported 尚不支持。Not yet supported.
启用加速网络Enable Accelerated Networking 支持Supported 尚不支持。Not yet supported.
IP 转发IP Forwarding 默认已禁用。Disabled by default. 可启用。Can be enabled. 不支持切换此设置。Toggling this setting isn't supported. 默认已启用。On by default.
应用程序安全组Application Security Groups 支持Supported 尚不支持。Not yet supported.
内部 DNS 名称标签Internal DNS Name Label 支持Supported 尚不支持。Not yet supported.
专用 IP 地址版本Private IP Address Version 支持 IPv6 和 IPv4。Both IPv6 and IPv4 are supported. 仅支持 IPv4。Only IPv4 is supported.
静态 MAC 地址Static MAC Address 不支持Not supported 不支持。Not supported. 每个 Azure Stack Hub 系统使用同一 MAC 地址池。Each Azure Stack Hub system uses the same MAC address pool.
网络观察程序Network Watcher 网络观察程序租户网络监视功能Network Watcher tenant network monitoring capabilities 支持Supported 尚不支持。Not yet supported.
CDNCDN 内容分发网络配置文件Content Delivery Network profiles 支持Supported 尚不支持。Not yet supported.
应用程序网关Application gateway 7 层负载均衡Layer-7 load balancing 支持Supported 尚不支持。Not yet supported.
流量管理器Traffic Manager 路由传入的流量,以获得最佳应用程序性能和可靠性。Route incoming traffic for optimal application performance and reliability. 支持Supported 尚不支持。Not yet supported.
Express RouteExpress Route 设置快速专用连接,从本地基础结构或共置设施连接到 Azure 云服务。Set up a fast, private connection to Azure cloud services from your on-premises infrastructure or colocation facility. 支持Supported 支持将 Azure Stack Hub 连接到 Express Route 线路。Support for connecting Azure Stack Hub to an Express Route circuit.

API 版本API versions

Azure Stack Hub 网络支持以下 API 版本:Azure Stack Hub Networking supports the following API versions:

  • 2018-11-012018-11-01
  • 2018-10-012018-10-01
  • 2018-08-012018-08-01
  • 2018-07-012018-07-01
  • 2018-06-012018-06-01
  • 2018-05-012018-05-01
  • 2018-04-012018-04-01
  • 2018-03-012018-03-01
  • 2018-02-012018-02-01
  • 2018-01-012018-01-01
  • 2017-11-012017-11-01
  • 2017-10-012017-10-01

后续步骤Next steps

Azure Stack Hub 中的 DNSDNS in Azure Stack Hub