Azure 负载均衡器组件Azure Load Balancer components

Azure 负载均衡器包含几个关键组件。Azure Load Balancer includes a few key components. 可以通过以下方式在订阅中配置这些组件:These components can be configured in your subscription via:

  • Azure 门户Azure portal
  • Azure CLIAzure CLI
  • Azure PowerShellAzure PowerShell
  • 资源管理器模板Resource Manager Templates

前端 IP 配置 Frontend IP configuration

Azure 负载均衡器的 IP 地址。The IP address of your Azure Load Balancer. 这是客户端的联系点。It's the point of contact for clients. 这些 IP 地址可以是:These IP addresses can be either:

  • 公共 IP 地址Public IP Address
  • 专用 IP 地址Private IP Address

IP 地址的性质决定了所创建的负载均衡器的类型。The nature of the IP address determines the type of load balancer created. 选择“专用 IP 地址”将创建内部负载均衡器。Private IP address selection creates an internal load balancer. 选择“公共 IP 地址”将创建公共负载均衡器。Public IP address selection creates a public load balancer.

公共负载均衡器Public Load Balancer Internal 负载均衡器(内部负载均衡器)Internal Load Balancer
前端 IP 配置Frontend IP configuration 公共 IP 地址Public IP address 专用 IP 地址Private IP address
说明Description 公共负载均衡器将传入流量的公共 IP 和端口映射到 VM 的专用 IP 和端口。A public load balancer maps the public IP and port of incoming traffic to the private IP and port of the VM. 负载均衡器将来自 VM 的响应流量映射到另一个方向。Load balancer maps traffic the other way around for the response traffic from the VM. 你可以通过应用负载均衡规则,在多个 VM 或服务之间分配特定类型的流量。You can distribute specific types of traffic across multiple VMs or services by applying load-balancing rules. 例如,可将 Web 请求流量负载分配到多个 Web 服务器。For example, you can spread the load of web request traffic across multiple web servers. 内部负载均衡器将流量分配给虚拟网络内的各个资源。An internal load balancer distributes traffic to resources that are inside a virtual network. Azure 会限制对虚拟网络的负载均衡前端 IP 地址的访问。Azure restricts access to the frontend IP addresses of a virtual network that are load balanced. 前端 IP 地址和虚拟网络不会直接在 Internet 终结点上公开。Front-end IP addresses and virtual networks are never directly exposed to an internet endpoint. 内部业务线应用程序可在 Azure 中运行,并可从 Azure 内或从本地资源访问这些应用程序。Internal line-of-business applications run in Azure and are accessed from within Azure or from on-premises resources.
支持的 SKUSKUs supported 基本、标准Basic, Standard 基本、标准Basic, Standard

分层的负载均衡器示例

负载均衡器可以具有多个前端 IP。Load Balancer can have multiple frontend IPs. 详细了解多个前端Learn more about multiple frontends.

后端池Backend pool

虚拟机规模集中用于处理传入请求的虚拟机组或实例组。The group of virtual machines or instances in a virtual machine scale set that is serving the incoming request. 为了经济高效地扩展以满足大量传入流量,计算准则通常建议向后端池添加更多实例。To scale cost-effectively to meet high volumes of incoming traffic, computing guidelines generally recommend adding more instances to the backend pool.

纵向扩展或缩减实例时,负载均衡器可即时通过自动重新配置来重新配置自身。Load balancer instantly reconfigures itself via automatic reconfiguration when you scale instances up or down. 在后端池中添加或删除 VM 会重新配置负载均衡器,无需执行其他操作。Adding or removing VMs from the backend pool reconfigures the load balancer without additional operations. 后端池的范围包括虚拟网络中的任何虚拟机。The scope of the backend pool is any virtual machine in the virtual network.

考虑如何设计后端池时,请在设计时尽量减少后端池单个资源的数目,从而缩短管理操作的时长。When considering how to design your backend pool, design for the least number of individual backend pool resources to optimize the length of management operations. 数据平面的性能或规模并无差异。There's no difference in data plane performance or scale.

运行状况探测Health probes

运行状况探测用于确定后端池中实例的运行状况。A health probe is used to determine the health status of the instances in the backend pool. 在创建负载均衡器期间,请配置运行状况探测以供负载均衡器使用。During load balancer creation, configure a health probe for the load balancer to use. 此运行状况探测将确定实例是否正常并可以接收流量。This health probe will determine if an instance is healthy and can receive traffic.

可以定义运行状况探测的不正常阈值。You can define the unhealthy threshold for your health probes. 当探测无法响应时,负载均衡器会停止向状况不良的实例发送新连接。When a probe fails to respond, Load Balancer stops sending new connections to the unhealthy instances. 探测失败不会影响现有连接。A probe failure doesn't affect existing connections. 连接将继续,直到应用程序:The connection continues until the application:

  • 结束流Ends the flow
  • 出现空闲超时Idle timeout occurs
  • VM 关闭The VM shuts down

负载均衡器为终结点提供了不同的运行状况探测类型:TCP、HTTP 和 HTTPS。Load Balancer provides different health probe types for endpoints: TCP, HTTP, and HTTPS. 详细了解负载均衡器运行状况探测Learn more about Load Balancer Health probes.

基本负载均衡器不支持 HTTPS 探测。Basic Load Balancer doesn't support HTTPS probes. 基本负载均衡器会关闭所有 TCP 连接(包括已建立的连接)。Basic Load Balancer closes all TCP connections (including established connections).

负载均衡规则Load Balancing rules

负载均衡器规则用于定义将传入的流量分配至后端池中所有实例的方式。A Load Balancer rule is used to define how incoming traffic is distributed to the all the instances within the Backend Pool. 负载均衡规则将给定的前端 IP 配置和端口映射到多个后端 IP 地址和端口。A load-balancing rule maps a given Frontend IP configuration and port to multiple backend IP addresses and ports.

例如,使用端口 80 的负载均衡规则将流量从前端 IP 路由到后端实例的端口 80。For example, use a load balancing rule for port 80 to route traffic from your frontend IP to port 80 of your backend instances.

图:负载均衡规则Figure: Load Balancing rules

高可用性端口High Availability Ports

使用“协议 - 全部”和“端口 - 0”配置的负载均衡器规则。A load balancer rule configured with 'protocol - all and port - 0'.

通过此规则,可以使用单条规则对到达内部标准负载均衡器的所有端口的所有 TCP 和 UDP 流进行负载均衡。This rule enables a single rule to load-balance all TCP and UDP flows that arrive on all ports of an internal Standard Load Balancer.

按流进行负载均衡决策。The load-balancing decision is made per flow. 此操作基于以下五个元组连接:This action is based on the following five-tuple connection:

  1. 源 IP 地址source IP address
  2. 源端口source port
  3. 目标 IP 地址destination IP address
  4. 目标端口destination port
  5. protocolprotocol

HA 端口负载均衡规则可帮助实现关键方案,如虚拟网络内部网络虚拟设备 (NVA) 的高可用性和缩放。The HA ports load-balancing rules help you with critical scenarios, such as high availability and scale for network virtual appliances (NVAs) inside virtual networks. 当大量端口必须进行负载均衡时,此功能可以帮助完成。The feature can help when a large number of ports must be load-balanced.

图:HA 端口规则Figure: HA Ports rules

详细了解 HA 端口Learn more about HA ports.

入站 NAT 规则Inbound NAT rules

入站 NAT 规则转发发送到前端 IP 地址和端口组合的传入流量。An inbound NAT rule forwards incoming traffic sent to Frontend IP address and port combination. 该流量将被转发到后端池中的特定虚拟机或实例。The traffic is sent to a specific virtual machine or instance in the backend pool. 可以通过与负载均衡相同的基于哈希的分配来实现此端口转发。Port forwarding is done by the same hash-based distribution as load balancing.

例如需要让远程桌面协议 (RDP) 或安全外壳 (SSH) 会话对后端池中的 VM 实例进行分隔。For example, if you would like Remote Desktop Protocol (RDP) or Secure Shell (SSH) sessions to separate VM instances in a backend pool. 可将多个内部终结点映射到同一前端 IP 地址上的多个端口。Multiple internal endpoints can be mapped to ports on the same Frontend IP address. 可以使用前端 IP 地址来远程管理 VM,无需额外配置跳转盒。The Frontend IP addresses can be used to remotely administer your VMs without an additional jump box.

图:入站 NAT 规则Figure: Inbound NAT rules

虚拟机规模集的上下文中的入站 NAT 规则是入站 NAT 池。Inbound NAT rules in the context of Virtual Machine Scale Sets are inbound NAT pools. 详细了解负载均衡器组件和虚拟机规模集Learn more about Load Balancer components and virtual machine scale set.

出站规则Outbound rules

出站规则为后端池所标识的所有虚拟机或实例配置出站网络地址转换 (NAT)。An outbound rule configures outbound Network Address Translation (NAT) for all virtual machines or instances identified by the backend pool. 此规则使后端中的实例能够与 Internet 或其他终结点进行通信(出站)。This rule enables instances in the backend to communicate (outbound) to the internet or other endpoints.

详细了解出站连接和规则Learn more about outbound connections and rules.

基本负载均衡器不支持出站规则。Basic load balancer doesn't support Outbound rules.

后续步骤Next steps