Azure 云服务定义 NetworkTrafficRules 架构Azure Cloud Services Definition NetworkTrafficRules Schema

NetworkTrafficRules 节点是服务定义文件中的一个可选元素,用于指定角色如何彼此进行通信。The NetworkTrafficRules node is an optional element in the service definition file that specifies how roles communicate with each other. 它限制哪些角色可以访问特定角色的内部终结点。It limits which roles can access the internal endpoints of the specific role. NetworkTrafficRules 不是一个独立的元素;它在服务定义文件中与两个或更多角色结合使用。The NetworkTrafficRules is not a standalone element; it is combined with two or more roles in a service definition file.

服务定义文件的默认扩展名为 .csdef。The default extension for the service definition file is .csdef.

备注

仅当使用 Azure SDK 1.3 版或更高版本时,才可以使用 NetworkTrafficRules 节点。The NetworkTrafficRules node is only available using the Azure SDK version 1.3 or higher.

网络流量规则的基本服务定义架构Basic service definition schema for the network traffic rules

包含网络流量定义的服务定义文件的基本格式如下所示。The basic format of a service definition file containing network traffic definitions is as follows.

<ServiceDefinition …>
   <NetworkTrafficRules>
      <OnlyAllowTrafficTo>
         <Destinations>
            <RoleEndpoint endpointName="<name-of-the-endpoint>" roleName="<name-of-the-role-containing-the-endpoint>"/>
         </Destinations>
         <AllowAllTraffic/>
         <WhenSource matches="[AnyRule]">
            <FromRole roleName="<name-of-the-role-to-allow-traffic-from>"/>
         </WhenSource>
      </OnlyAllowTrafficTo>
   </NetworkTrafficRules>
</ServiceDefinition>

架构元素Schema Elements

服务定义文件的 NetworkTrafficRules 节点包含以下元素,本主题的后续部分做了详细说明:The NetworkTrafficRules node of the service definition file includes these elements, described in detail in subsequent sections in this topic:

NetworkTrafficRules 元素NetworkTrafficRules Element

OnlyAllowTrafficTo 元素OnlyAllowTrafficTo Element

Destinations 元素Destinations Element

RoleEndpoint 元素RoleEndpoint Element

AllowAllTraffic 元素AllowAllTraffic Element

WhenSource 元素WhenSource Element

FromRole 元素FromRole Element

NetworkTrafficRules 元素NetworkTrafficRules Element

NetworkTrafficRules 元素指定哪些角色可以与另一角色上的哪个终结点进行通信。The NetworkTrafficRules element specifies which roles can communicate with which endpoint on another role. 服务可以包含一个 NetworkTrafficRules 定义。A service can contain one NetworkTrafficRules definition.

OnlyAllowTrafficTo 元素OnlyAllowTrafficTo Element

OnlyAllowTrafficTo 元素描述目标终结点的集合以及可以与它们进行通信的角色。The OnlyAllowTrafficTo element describes a collection of destination endpoints and the roles that can communicate with them. 可以指定多个 OnlyAllowTrafficTo 节点。You can specify multiple OnlyAllowTrafficTo nodes.

Destinations 元素Destinations Element

Destinations 元素描述可以与之进行通信的 RoleEndpoint 的集合。The Destinations element describes a collection of RoleEndpoints than can be communicated with.

RoleEndpoint 元素RoleEndpoint Element

RoleEndpoint 元素描述角色上允许与之进行通信的终结点。The RoleEndpoint element describes an endpoint on a role to allow communications with. 如果角色上有多个终结点,可以指定多个 RoleEndpoint 元素。You can specify multiple RoleEndpoint elements if there are more than one endpoint on the role.

AttributeAttribute 类型Type 说明Description
endpointName string 必需。Required. 允许将流量发送到的终结点的名称。The name of the endpoint to allow traffic to.
roleName string 必需。Required. 允许与之进行通信的 web 角色的名称。The name of the web role to allow communication to.

AllowAllTraffic 元素AllowAllTraffic Element

AllowAllTraffic 元素是一个规则,它允许所有角色与 Destinations 节点中定义的终结点进行通信。The AllowAllTraffic element is a rule that allows all roles to communicate with the endpoints defined in the Destinations node.

WhenSource 元素WhenSource Element

WhenSource 元素描述可以与 Destinations 节点中定义的终结点进行通信的角色的集合。The WhenSource element describes a collection of roles than can communicate with the endpoints defined in the Destinations node.

AttributeAttribute 类型Type 说明Description
matches string 必需。Required. 指定允许通信时要应用的规则。Specifies the rule to apply when allowing communications. 目前唯一有效的值是 AnyRuleThe only valid value is currently AnyRule.

FromRole 元素FromRole Element

FromRole 元素指定可以与 Destinations 节点中定义的终结点进行通信的角色。The FromRole element specifies the roles that can communicate with the endpoints defined in the Destinations node. 如果有多个可以与终结点进行通信的角色,可以指定多个 FromRole 元素。You can specify multiple FromRole elements if there are more than one role that can communicate with the endpoints.

AttributeAttribute 类型Type 说明Description
roleName string 必需。Required. 允许从中进行通信的角色的名称。The name for role from which to allow communication.

另请参阅See Also

云服务(经典)定义架构Cloud Service (classic) Definition Schema