使用 Azure PowerShell 模块创建内部负载均衡器Create an internal load balancer by using the Azure PowerShell module

备注

本文进行了更新,以便使用新的 Azure PowerShell Az 模块。This article has been updated to use the new Azure PowerShell Az module. 你仍然可以使用 AzureRM 模块,至少在 2020 年 12 月之前,它将继续接收 bug 修补程序。You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. 若要详细了解新的 Az 模块和 AzureRM 兼容性,请参阅新 Azure Powershell Az 模块简介To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. 有关 Az 模块安装说明,请参阅安装 Azure PowerShellFor Az module installation instructions, see Install Azure PowerShell.

Azure 内部负载均衡器 (ILB) 可在驻留于云服务或虚拟网络(具有区域性作用域)中的虚拟机之间提供网络负载均衡。Azure Internal Load Balancer (ILB) provides network load balancing between virtual machines that reside inside a cloud service or a virtual network with a regional scope.

有关使用和配置具有区域性作用域的虚拟网络的信息,请参阅区域虚拟网络For information about the use and configuration of virtual networks with a regional scope, see Regional virtual networks. 已配置关联组的现有虚拟网络无法使用 ILB。Existing virtual networks that have been configured for an affinity group cannot use ILB.

配置方案Configuration scenario

在此方案中,我们将在虚拟网络中创建一个内部负载均衡器,如下图所示:In this scenario, we're creating an internal load balancer in a virtual network as shown in the following figure:

内部负载均衡器方案

方案的配置如下所示:The configuration for our scenario is as follows:

  • 两台分别名为 DB1 和 DB2 的虚拟机Two virtual machines named DB1 and DB2
  • 内部负载均衡器的终结点Endpoints for the internal load balancer
  • 内部负载均衡器An internal load balancer

先决条件:安装 Azure PowerShell 模块Prerequisite: Install the Azure PowerShell module

若要执行本文中的步骤,需要安装和配置 Azure PowerShell 模块To perform the steps in this article, you need to install and configure the Azure PowerShell module. 请务必完成所有指令。Be sure to complete all of the instructions. 安装完成后,请登录到 Azure,然后选择订阅。After the installation is finished, sign in to Azure and select your subscription.

备注

需要一个 Azure 帐户来完成这些步骤。You need an Azure account to complete these steps. 如果没有 Azure 帐户,可以注册试用帐户If you don't have an Azure account, you can sign up for a trial account.

配置入门Get started with the configuration

本文介绍如何将 Azure 资源管理器与 Azure PowerShell 模块配合使用,以便创建内部负载均衡器。This article explains how to create an internal load balancer by using Azure Resource Manager with the Azure PowerShell module. 在资源管理器部署模型中,创建内部负载均衡器所需的对象是单独配置的。In the Resource Manager deployment model, the objects that are needed to create an internal load balancer are configured individually. 创建和配置对象后,即可将其组合起来创建负载均衡器。After the objects are created and configured, they are combined to create a load balancer.

若要部署负载均衡器,必须创建以下对象:To deploy a load balancer, the following objects must be created:

  • 前端 IP 池:适用于所有传入网络流量的专用 IP 地址。Front-end IP pool: The private IP address for all incoming network traffic.
  • 后端地址池:网络接口,用于接收来自前端 IP 地址的负载均衡流量。Back-end address pool: The network interfaces to receive the load-balanced traffic from the front-end IP address.
  • 负载均衡规则:负载均衡器的端口(源和本地)配置。Load balancing rules: The port (source and local) configuration for the load balancer.
  • 探测配置:虚拟机的运行状况探测。Probe configuration: The health status probes for virtual machines.
  • 入站 NAT 规则:直接访问虚拟机时的端口规则。Inbound NAT rules: The port rules for direct access to virtual machines.

有关负载均衡器组件的详细信息,请参阅 Azure 负载均衡器组件For more information about load balancer components, see Azure Load Balancer components.

以下步骤介绍如何配置两个虚拟机之间的负载均衡器。The following steps explain how to configure a load balancer between two virtual machines.

将 PowerShell 设置为使用 Resource ManagerSet up PowerShell to use Resource Manager

确保具备 Azure PowerShell 模块的最新生产版本。Make sure you have the latest production version of the Azure PowerShell module. 必须正确配置 PowerShell 才能访问 Azure 订阅。PowerShell must be correctly configured to access your Azure subscription.

步骤 1:启动 PowerShellStep 1: Start PowerShell

启动适用于 Azure 资源管理器的 PowerShell 模块。Start the PowerShell module for Azure Resource Manager.

Connect-AzAccount -Environment AzureChinaCloud 

步骤 2:查看订阅Step 2: View your subscriptions

检查可用的 Azure 订阅。Check your available Azure subscriptions.

Get-AzSubscription

当系统提示你进行身份验证时,请输入凭据。Enter your credentials when you're prompted for authentication.

步骤 3:选择要使用的订阅Step 3: Select the subscription to use

选择用于部署负载均衡器的 Azure 订阅。Choose which of your Azure subscriptions to use for deploying the load balancer.

Select-AzSubscription -Subscriptionid "GUID of subscription"

步骤 4:选择负载均衡器的资源组Step 4: Choose the resource group for the load balancer

创建负载均衡器的新资源组。Create a new resource group for the load balancer. 若要使用现有资源组,请跳过此步骤。Skip this step if you're using an existing resource group.

New-AzResourceGroup -Name NRP-RG -location "China North"

Azure Resource Manager 要求所有资源组指定一个位置。Azure Resource Manager requires that all resource groups specify a location. 此位置用作资源组中所有资源的默认值。The location is used as the default for all resources in the resource group. 对于与创建负载均衡器相关的所有命令,请始终使用同一资源组。Always use the same resource group for all commands related to creating the load balancer.

在示例中,我们使用位置“中国北部”创建了名为“NRP-RG”的资源组。 In the example, we created a resource group named NRP-RG with the location China North.

为前端 IP 池创建虚拟网络和 IP 地址Create the virtual network and IP address for the front-end IP pool

为虚拟网络创建子网,并将其分配给变量 $backendSubnet。 Create a subnet for the virtual network and assign it to the variable $backendSubnet.

$backendSubnet = New-AzVirtualNetworkSubnetConfig -Name LB-Subnet-BE -AddressPrefix 10.0.2.0/24

创建虚拟网络。Create a virtual network.

$vnet= New-AzVirtualNetwork -Name NRPVNet -ResourceGroupName NRP-RG -Location "China North" -AddressPrefix 10.0.0.0/16 -Subnet $backendSubnet

虚拟网络已创建。The virtual network is created. LB-Subnet-BE 子网已添加到 NRPVNet 虚拟网络。The LB-Subnet-BE subnet is added to the NRPVNet virtual network. 这些值已分配给 $vnet 变量。These values are assigned to the $vnet variable.

创建前端 IP 池和后端地址池Create the front-end IP pool and back-end address pool

为传入流量创建前端 IP 池,并创建后端地址池,用于接收负载均衡的流量。Create a front-end IP pool for the incoming traffic and a back-end address pool to receive the load-balanced traffic.

步骤 1:创建前端 IP 池Step 1: Create a front-end IP pool

使用子网 10.0.2.0/24 的专用 IP 地址 10.0.2.5 创建前端 IP 池。Create a front-end IP pool with the private IP address 10.0.2.5 for the subnet 10.0.2.0/24. 此地址是传入网络流量终结点。This address is the incoming network traffic endpoint.

$frontendIP = New-AzLoadBalancerFrontendIpConfig -Name LB-Frontend -PrivateIpAddress 10.0.2.5 -SubnetId $vnet.subnets[0].Id

步骤 2:创建后端地址池Step 2: Create a back-end address pool

创建后端地址池,用于接收前端 IP 池的传入流量:Create a back-end address pool to receive incoming traffic from the front-end IP pool:

$beaddresspool= New-AzLoadBalancerBackendAddressPoolConfig -Name "LB-backend"

创建配置规则、探测和负载均衡器Create the configuration rules, probe, and load balancer

创建前端 IP 池和后端地址池后,指定负载均衡器资源的规则。After the front-end IP pool and the back-end address pool are created, specify the rules for the load balancer resource.

步骤 1:创建配置规则Step 1: Create the configuration rules

此示例创建以下四个规则对象:The example creates the following four rule objects:

  • 远程桌面协议 (RDP) 的入站 NAT 规则:将端口 3441 上的所有传入流量重定向到端口 3389。An inbound NAT rule for the Remote Desktop Protocol (RDP): Redirects all incoming traffic on port 3441 to port 3389.
  • RDP 的第二个入站 NAT 规则:将端口 3442 上的所有传入流量重定向到端口 3389。A second inbound NAT rule for RDP: Redirects all incoming traffic on port 3442 to port 3389.
  • 运行状况探测规则:检查 HealthProbe.aspx 路径的运行状况。A health probe rule: Checks the health status of the HealthProbe.aspx path.
  • 负载均衡器规则:将公共端口 80 上的所有传入流量负载均衡到后端地址池中的本地端口 80。A load balancer rule: Load-balances all incoming traffic on public port 80 to local port 80 in the back-end address pool.
$inboundNATRule1= New-AzLoadBalancerInboundNatRuleConfig -Name "RDP1" -FrontendIpConfiguration $frontendIP -Protocol TCP -FrontendPort 3441 -BackendPort 3389

$inboundNATRule2= New-AzLoadBalancerInboundNatRuleConfig -Name "RDP2" -FrontendIpConfiguration $frontendIP -Protocol TCP -FrontendPort 3442 -BackendPort 3389

$healthProbe = New-AzLoadBalancerProbeConfig -Name "HealthProbe" -RequestPath "HealthProbe.aspx" -Protocol http -Port 80 -IntervalInSeconds 15 -ProbeCount 2

$lbrule = New-AzLoadBalancerRuleConfig -Name "HTTP" -FrontendIpConfiguration $frontendIP -BackendAddressPool $beAddressPool -Probe $healthProbe -Protocol Tcp -FrontendPort 80 -BackendPort 80

步骤 2:创建负载均衡器Step 2: Create the load balancer

创建负载均衡器并将规则对象(适用于 RDP 的入站 NAT、负载均衡器、运行状况探测)组合到一起:Create the load balancer and combine the rule objects (inbound NAT for RDP, load balancer, and health probe):

$NRPLB = New-AzLoadBalancer -ResourceGroupName "NRP-RG" -Name "NRP-LB" -Location "China North" -FrontendIpConfiguration $frontendIP -InboundNatRule $inboundNATRule1,$inboundNatRule2 -LoadBalancingRule $lbrule -BackendAddressPool $beAddressPool -Probe $healthProbe

创建网络接口Create the network interfaces

创建内部负载均衡器后,请定义网络接口 (NIC),以便接收传入的负载均衡网络流量、NAT 规则和探测。After creating the internal load balancer, define the network interfaces (NICs) that will receive the incoming load-balanced network traffic, NAT rules, and probe. 每个网络接口单独进行配置,随后分配给虚拟机。Each network interface is configured individually and is assigned later to a virtual machine.

步骤 1:创建第一个网络接口Step 1: Create the first network interface

获取资源虚拟网络和子网。Get the resource virtual network and subnet. 以下值用于创建网络接口:These values are used to create the network interfaces:

$vnet = Get-AzVirtualNetwork -Name NRPVNet -ResourceGroupName NRP-RG

$backendSubnet = Get-AzVirtualNetworkSubnetConfig -Name LB-Subnet-BE -VirtualNetwork $vnet

创建第一个网络接口,其名称为 lb-nic1-be。Create the first network interface with the name lb-nic1-be. 将接口分配给负载均衡器后端池。Assign the interface to the load balancer back-end pool. 将第一个适用于 RDP 的 NAT 规则与此 NIC 相关联:Associate the first NAT rule for RDP with this NIC:

$backendnic1= New-AzNetworkInterface -ResourceGroupName "NRP-RG" -Name lb-nic1-be -Location "China North" -PrivateIpAddress 10.0.2.6 -Subnet $backendSubnet -LoadBalancerBackendAddressPool $nrplb.BackendAddressPools[0] -LoadBalancerInboundNatRule $nrplb.InboundNatRules[0]

步骤 2:创建第二个网络接口Step 2: Create the second network interface

创建第二个网络接口,其名称为 lb-nic2-be。Create the second network interface with the name lb-nic2-be. 将第二个接口分配到第一个接口所分配到的负载均衡器后端池。Assign the second interface to the same load balancer back-end pool as the first interface. 将第二个 NIC 与第二个适用于 RDP 的 NAT 规则相关联:Associate the second NIC with the second NAT rule for RDP:

$backendnic2= New-AzNetworkInterface -ResourceGroupName "NRP-RG" -Name lb-nic2-be -Location "China North" -PrivateIpAddress 10.0.2.7 -Subnet $backendSubnet -LoadBalancerBackendAddressPool $nrplb.BackendAddressPools[0] -LoadBalancerInboundNatRule $nrplb.InboundNatRules[1]

查看配置:Review the configuration:

$backendnic1

设置应如下所示:The settings should be as follows:

Name                 : lb-nic1-be
ResourceGroupName    : NRP-RG
Location             : chinanorth
Id                   : /subscriptions/[Id]/resourceGroups/NRP-RG/providers/Microsoft.Network/networkInterfaces/lb-nic1-be
Etag                 : W/"d448256a-e1df-413a-9103-a137e07276d1"
ProvisioningState    : Succeeded
Tags                 :
VirtualMachine       : null
IpConfigurations     : [
                     {
                       "PrivateIpAddress": "10.0.2.6",
                       "PrivateIpAllocationMethod": "Static",
                       "Subnet": {
                         "Id": "/subscriptions/[Id]/resourceGroups/NRP-RG/providers/Microsoft.Network/virtualNetworks/NRPVNet/subnets/LB-Subnet-BE"
                       },
                       "PublicIpAddress": {
                         "Id": null
                       },
                       "LoadBalancerBackendAddressPools": [
                         {
                           "Id": "/subscriptions/[Id]/resourceGroups/NRP-RG/providers/Microsoft.Network/loadBalancers/NRPlb/backendAddressPools/LB-backend"
                         }
                       ],
                       "LoadBalancerInboundNatRules": [
                         {
                           "Id": "/subscriptions/[Id]/resourceGroups/NRP-RG/providers/Microsoft.Network/loadBalancers/NRPlb/inboundNatRules/RDP1"
                         }
                       ],
                       "ProvisioningState": "Succeeded",
                       "Name": "ipconfig1",
                       "Etag": "W/\"d448256a-e1df-413a-9103-a137e07276d1\"",
                       "Id": "/subscriptions/[Id]/resourceGroups/NRP-RG/providers/Microsoft.Network/networkInterfaces/lb-nic1-be/ipConfigurations/ipconfig1"
                     }
                   ]
DnsSettings          : {
                     "DnsServers": [],
                     "AppliedDnsServers": []
                   }
AppliedDnsSettings   :
NetworkSecurityGroup : null
Primary              : False

步骤 3:将 NIC 分配到 VMStep 3: Assign the NIC to a VM

使用 Add-AzVMNetworkInterface 命令将 NIC 分配到虚拟机。Assign the NIC to a virtual machine by using the Add-AzVMNetworkInterface command.

有关如何创建虚拟机和分配 NIC 的分步说明,请参阅使用 PowerShell 创建 Azure VMFor step-by-step instructions to create a virtual machine and assign the NIC, see Create an Azure VM by using PowerShell.

添加网络接口Add the network interface

创建虚拟机后,请添加网络接口。After the virtual machine has been created, add the network interface.

步骤 1:存储负载均衡器资源Step 1: Store the load balancer resource

将负载均衡器资源存储到变量中(如果还没有这样做)。Store the load balancer resource in a variable (if you haven't done that yet). 我们将使用变量名称 $lb。对于脚本中的属性值,请使用在前述步骤中创建的负载均衡器资源的名称。We're using the variable name $lb. For the attribute values in the script, use the names for the load balancer resources that were created in the previous steps.

$lb = Get-AzLoadBalancer -name NRP-LB -resourcegroupname NRP-RG

步骤 2:存储后端配置Step 2: Store the back-end configuration

将后端配置存储到 $backend 变量中。Store the back-end configuration into the $backend variable.

$backend = Get-AzLoadBalancerBackendAddressPoolConfig -name LB-backend -LoadBalancer $lb

步骤 3:存储网络接口Step 3: Store the network interface

在另一个变量中存储网络接口。Store the network interface in another variable. 此接口已在“创建网络接口(步骤 1)”中创建。This interface was created in "Create the network interfaces, Step 1." 我们将使用变量名称 $nic1。We're using the variable name $nic1. 请使用前一示例中的网络接口名称。Use the same network interface name from the previous example.

$nic = Get-AzNetworkInterface -name lb-nic1-be -resourcegroupname NRP-RG

步骤 4:更改后端配置Step 4: Change the back-end configuration

更改网络接口上的后端配置。Change the back-end configuration on the network interface.

$nic.IpConfigurations[0].LoadBalancerBackendAddressPools=$backend

步骤 5:保存网络接口对象Step 5: Save the network interface object

保存网络接口对象。Save the network interface object.

Set-AzNetworkInterface -NetworkInterface $nic

将接口添加到后端池以后,系统会根据规则对网络流量进行负载均衡。After the interface is added to the back-end pool, network traffic is load-balanced according to the rules. 这些规则已在“创建配置规则、探测和负载均衡器”中配置。These rules were configured in "Create the configuration rules, probe, and load balancer."

更新现有的负载均衡器Update an existing load balancer

步骤 1:将负载均衡器对象分配给一个变量Step 1: Assign the load balancer object to a variable

使用 Get-AzLoadBalancer 命令将负载均衡器对象(取自前一示例)分配到 $slb 变量:Assign the load balancer object (from the previous example) to the $slb variable by using the Get-AzLoadBalancer command:

$slb = Get-AzLoadBalancer -Name NRP-LB -ResourceGroupName NRP-RG

步骤 2:添加 NAT 规则Step 2: Add a NAT rule

将新的入站 NAT 规则添加到现有的负载均衡器。Add a new inbound NAT rule to an existing load balancer. 将端口 81 用于前端池,端口 8181 用于后端池:Use port 81 for the front-end pool and port 8181 for the back-end pool:

$slb | Add-AzLoadBalancerInboundNatRuleConfig -Name NewRule -FrontendIpConfiguration $slb.FrontendIpConfigurations[0] -FrontendPort 81  -BackendPort 8181 -Protocol Tcp

步骤 3:保存配置Step 3: Save the configuration

使用 Set-AzureLoadBalancer 命令保存新配置:Save the new configuration by using the Set-AzureLoadBalancer command:

$slb | Set-AzLoadBalancer

删除现有的负载均衡器Remove an existing load balancer

使用 Remove-AzLoadBalancer 命令删除 NRP-RG 资源组中的 NRP-LB 负载均衡器:Delete the NRP-LB load balancer in the NRP-RG resource group by using the Remove-AzLoadBalancer command:

Remove-AzLoadBalancer -Name NRP-LB -ResourceGroupName NRP-RG

备注

使用可选的 -Force 开关,防止针对删除操作的确认提示符出现。Use the optional -Force switch to prevent the confirmation prompt for the deletion.

后续步骤Next steps