使用 Azure CLI 创建使用 IPv6 的公共负载均衡器Create a public load balancer with IPv6 using Azure CLI

备注

本文介绍了一项简介性的 IPv6 功能,该功能允许基本负载均衡器提供 IPv4 和 IPv6 连接。This article describes an introductory IPv6 feature to allow Basic Load Balancers to provide both IPv4 and IPv6 connectivity. 适用于 Azure VNET 的 IPv6 现在提供综合性 IPv6 连接,可以将 IPv6 连接与虚拟网络集成,包含 IPv6 网络安全组规则、IPv6 用户定义路由、IPv6 基本和标准负载均衡等关键功能。Comprehensive IPv6 connectivity is now available with IPv6 for Azure VNETs which integrates IPv6 connectivity with your Virtual Networks and includes key features such as IPv6 Network Security Group rules, IPv6 User-defined routing, IPv6 Basic and Standard load balancing, and more. 适用于 Azure VNET 的 IPv6 是建议用于 Azure 中的 IPv6 应用程序的标准。IPv6 for Azure VNETs is the recommended standard for IPv6 applications in Azure. 请参阅适用于 Azure VNET PowerShell 部署的 IPv6See IPv6 for Azure VNET Powershell Deployment

Azure load balancer 是位于第 4 层 (TCP, UDP) 的负载均衡器。An Azure load balancer is a Layer-4 (TCP, UDP) load balancer. 该负载均衡器可以在云服务或负载均衡器集的虚拟机中运行状况良好的服务实例之间分配传入流量,从而提供高可用性。Load balancers provide high availability by distributing incoming traffic among healthy service instances in cloud services or virtual machines in a load balancer set. 负载均衡器还可以在多个端口和/或多个 IP 地址上显示这些服务。Load balancers can also present these services on multiple ports or multiple IP addresses or both.

示例部署方案Example deployment scenario

下图演示了使用本文所述示例模板部署的负载均衡解决方案。The following diagram illustrates the load balancing solution that's deployed by using the example template described in this article.

负载均衡器方案

在此方案中,将创建以下 Azure 资源:In this scenario, you create the following Azure resources:

  • 两个虚拟机 (VM)Two virtual machines (VMs)
  • 虚拟网络接口,用于每个已分配 IPv4 和 IPv6 地址的 VMA virtual network interface for each VM with both IPv4 and IPv6 addresses assigned
  • 已分配 IPv4 和 IPv6 公共 IP 地址的公共负载均衡器A public load balancer with an IPv4 and an IPv6 public IP address
  • 包含两个 VM 的可用性集An availability set that contains the two VMs
  • 两个负载均衡规则,用于将公共 VIP 映射到专用终结点Two load balancing rules to map the public VIPs to the private endpoints

使用 Azure CLI 部署解决方案Deploy the solution by using Azure CLI

以下步骤说明如何使用 Azure CLI 创建公共负载均衡器。The following steps show how to create a public load balancer by using Azure CLI. 使用 CLI,可单独创建和配置每个对象,再将其合成一个新资源。Using CLI, you create and configure each object individually, and then put them together to create a resource.

创建并配置以下对象以部署负载均衡器:To deploy a load balancer, create and configure the following objects:

  • 前端 IP 配置:包含传入网络流量的公共 IP 地址。Front-end IP configuration: Contains public IP addresses for incoming network traffic.
  • 后端地址池:包含从负载均衡器接收网络流量的虚拟机网络接口 (NIC)。Back-end address pool: Contains network interfaces (NICs) for the virtual machines to receive network traffic from the load balancer.
  • 负载均衡规则:所含规则可将负载均衡器上的公共端口映射到后端地址池的端口上。Load balancing rules: Contains rules that map a public port on the load balancer to a port in the back-end address pool.
  • 入站 NAT 规则:所含网络地址转换 (NAT) 规则可将负载均衡器上的公共端口映射到后端地址池中特定虚拟机的端口。Inbound NAT rules: Contains network address translation (NAT) rules that map a public port on the load balancer to a port for a specific virtual machine in the back-end address pool.
  • 探测器:包含用于检查后端地址池中虚拟机实例的可用性的运行状况探测器Probes: Contains health probes that are used to check the availability of virtual machine instances in the back-end address pool.

设置 Azure CLISet up Azure CLI

本示例在 PowerShell 命令窗口中运行 Azure CLI 工具。In this example, you run the Azure CLI tools in a PowerShell command window. 此处没有使用 Azure PowerShell cmdlet,而是使用 PowerShell 的脚本功能来改善可读性与重用性。To improve readability and reuse, you use PowerShell's scripting capabilities, not the Azure PowerShell cmdlets.

  1. 按照链接的文章中的步骤安装和配置 Azure CLI,然后登录到 Azure 帐户。Install and Configure the Azure CLI by following the steps in the linked article and sign in to your Azure account.

  2. 设置要与 Azure CLI 命令结合使用的 PowerShell 变量:Set up PowerShell variables for use with the Azure CLI commands:

    $subscriptionid = "########-####-####-####-############"  # enter subscription id
    $location = "chinaeast2"
    $rgName = "pscontosorg1chinaeast209152016"
    $vnetName = "contosoIPv4Vnet"
    $vnetPrefix = "10.0.0.0/16"
    $subnet1Name = "clicontosoIPv4Subnet1"
    $subnet1Prefix = "10.0.0.0/24"
    $subnet2Name = "clicontosoIPv4Subnet2"
    $subnet2Prefix = "10.0.1.0/24"
    $dnsLabel = "contoso09152016"
    $lbName = "myIPv4IPv6Lb"
    

创建资源组、负载均衡器、虚拟网络和子网Create a resource group, a load balancer, a virtual network, and subnets

  1. 创建资源组:Create a resource group:

    az group create --name $rgName --location $location
    
  2. 创建负载均衡器:Create a load balancer:

    $lb = az network lb create --resource-group $rgname --location $location --name $lbName
    
  3. 创建虚拟网络:Create a virtual network:

    $vnet = az network vnet create  --resource-group $rgname --name $vnetName --location $location --address-prefixes $vnetPrefix
    
  4. 在此虚拟网络中创建两个子网:In this virtual network, create two subnets:

    $subnet1 = az network vnet subnet create --resource-group $rgname --name $subnet1Name --address-prefix $subnet1Prefix --vnet-name $vnetName
    $subnet2 = az network vnet subnet create --resource-group $rgname --name $subnet2Name --address-prefix $subnet2Prefix --vnet-name $vnetName
    

创建前端池的公共 IP 地址Create public IP addresses for the front-end pool

  1. 设置 PowerShell 变量:Set up the PowerShell variables:

    $publicIpv4Name = "myIPv4Vip"
    $publicIpv6Name = "myIPv6Vip"
    
  2. 创建前端池的公共 IP 地址:Create a public IP address for the front-end IP pool:

    $publicipV4 = az network public-ip create --resource-group $rgname --name $publicIpv4Name --location $location --version IPv4 --allocation-method Dynamic --dns-name $dnsLabel
    $publicipV6 = az network public-ip create --resource-group $rgname --name $publicIpv6Name --location $location --version IPv6 --allocation-method Dynamic --dns-name $dnsLabel
    

    重要

    负载均衡器使用公共 IP 的域标签作为其完全限定的域名 (FQDN)。The load balancer uses the domain label of the public IP as its fully qualified domain name (FQDN). 这与经典部署不同,后者使用云服务名称作为负载均衡器 FQDN。This a change from classic deployment, which uses the cloud service name as the load balancer FQDN.

    在此实例中,FQDN 是 contoso09152016.chinaeast2.chinacloudapp.cnIn this example, the FQDN is contoso09152016.chinaeast2.chinacloudapp.cn.

创建前端和后端池Create front-end and back-end pools

在本部分中创建以下 IP 池:In this section, you create the following IP pools:

  • 前端 IP 池:在负载均衡器上接收传入网络流量。The front-end IP pool that receives the incoming network traffic on the load balancer.
  • 后端的 IP 池:其中的前端池发送负载均衡的网络流量。The back-end IP pool where the front-end pool sends the load-balanced network traffic.
  1. 设置 PowerShell 变量:Set up the PowerShell variables:

    $frontendV4Name = "FrontendVipIPv4"
    $frontendV6Name = "FrontendVipIPv6"
    $backendAddressPoolV4Name = "BackendPoolIPv4"
    $backendAddressPoolV6Name = "BackendPoolIPv6"
    
  2. 创建前端 IP 池,它与负载均衡器和上一步中创建的公共 IP 相关联。Create a front-end IP pool, and associate it with the public IP that you created in the previous step and the load balancer.

    $frontendV4 = az network lb frontend-ip create --resource-group $rgname --name $frontendV4Name --public-ip-address $publicIpv4Name --lb-name $lbName
    $frontendV6 = az network lb frontend-ip create --resource-group $rgname --name $frontendV6Name --public-ip-address $publicIpv6Name --lb-name $lbName
    $backendAddressPoolV4 = az network lb address-pool create --resource-group $rgname --name $backendAddressPoolV4Name --lb-name $lbName
    $backendAddressPoolV6 = az network lb address-pool create --resource-group $rgname --name $backendAddressPoolV6Name --lb-name $lbName
    

创建探测、NAT 规则和负载均衡器规则Create the probe, NAT rules, and load balancer rules

下例会创建以下项:This example creates the following items:

  • 一个探测规则,用于检查与 TCP 端口 80 的连接。A probe rule to check for connectivity to TCP port 80.
  • 一个 NAT 规则,用于将端口 3389 上的所有传入流量转换为 RDP 的端口 3389。*A NAT rule to translate all incoming traffic on port 3389 to port 3389 for RDP.*
  • 一个 NAT 规则,用于将端口 3391 上的所有传入流量转换为远程桌面协议 (RDP) 的端口 3389。*A NAT rule to translate all incoming traffic on port 3391 to port 3389 for remote desktop protocol (RDP).*
  • 用于将端口 80 上的所有传入流量均衡到后端池中的地址端口 80 的负载均衡器规则。A load balancer rule to balance all incoming traffic on port 80 to port 80 on the addresses in the back-end pool.

* NAT 规则将关联到负载均衡器后面的特定虚拟机实例。* NAT rules are associated with a specific virtual-machine instance behind the load balancer. 抵达端口 3389 的网络流量将发送给特定虚拟机以及与 NAT 规则关联的端口。The network traffic that arrives on port 3389 is sent to the specific virtual machine and port that's associated with the NAT rule. 必须为 NAT 规则指定协议(UDP 或 TCP)。You must specify a protocol (UDP or TCP) for a NAT rule. 这两种协议不能分配给同一个端口。You cannot assign both protocols to the same port.

  1. 设置 PowerShell 变量:Set up the PowerShell variables:

    $probeV4V6Name = "ProbeForIPv4AndIPv6"
    $natRule1V4Name = "NatRule-For-Rdp-VM1"
    $natRule2V4Name = "NatRule-For-Rdp-VM2"
    $lbRule1V4Name = "LBRuleForIPv4-Port80"
    $lbRule1V6Name = "LBRuleForIPv6-Port80"
    
  2. 创建探测。Create the probe.

    以下示例创建 TCP 探测,该探测每隔 15 秒检查与后端 TCP 端口 80 的连接。The following example creates a TCP probe that checks for connectivity to the back-end TCP port 80 every 15 seconds. 连续两次失败后,它会将后端资源标记为不可用。After two consecutive failures, it marks the back-end resource as unavailable.

    $probeV4V6 = az network lb probe create --resource-group $rgname --name $probeV4V6Name --protocol tcp --port 80 --interval 15 --threshold 2 --lb-name $lbName
    
  3. 创建入站 NAT 规则,以便与后端资源建立 RDP 连接:Create inbound NAT rules that allow RDP connections to the back-end resources:

    $inboundNatRuleRdp1 = az network lb inbound-nat-rule create --resource-group $rgname --name $natRule1V4Name --frontend-ip-name $frontendV4Name --protocol Tcp --frontend-port 3389 --backend-port 3389 --lb-name $lbName
    $inboundNatRuleRdp2 = az network lb inbound-nat-rule create --resource-group $rgname --name $natRule2V4Name --frontend-ip-name $frontendV4Name --protocol Tcp --frontend-port 3391 --backend-port 3389 --lb-name $lbName
    
  4. 创建负载均衡器规则,根据接收请求的前端将流量发送到不同的后端端口。Create load balancer rules that send traffic to different back-end ports, depending on the front end that received the request.

    $lbruleIPv4 = az network lb rule create --resource-group $rgname --name $lbRule1V4Name --frontend-ip-name $frontendV4Name --backend-pool-name $backendAddressPoolV4Name --probe-name $probeV4V6Name --protocol Tcp --frontend-port 80 --backend-port 80 --lb-name $lbName
    $lbruleIPv6 = az network lb rule create --resource-group $rgname --name $lbRule1V6Name --frontend-ip-name $frontendV6Name --backend-pool-name $backendAddressPoolV6Name --probe-name $probeV4V6Name --protocol Tcp --frontend-port 80 --backend-port 8080 --lb-name $lbName
    
  5. 检查设置:Check your settings:

    az network lb show --resource-group $rgName --name $lbName
    

    预期输出:Expected output:

    info:    Executing command network lb show
    info:    Looking up the load balancer "myIPv4IPv6Lb"
    data:    Id                              : /subscriptions/########-####-####-####-############/resourceGroups/pscontosorg1southctrlus09152016/providers/Microsoft.Network/loadBalancers/myIPv4IPv6Lb
    data:    Name                            : myIPv4IPv6Lb
    data:    Type                            : Microsoft.Network/loadBalancers
    data:    Location                        : chinaeast2
    data:    Provisioning state              : Succeeded
    data:
    data:    Frontend IP configurations:
    data:    Name             Provisioning state  Private IP allocation  Private IP   Subnet  Public IP
    data:    ---------------  ------------------  ---------------------  -----------  ------  ---------
    data:    FrontendVipIPv4  Succeeded           Dynamic                                     myIPv4Vip
    data:    FrontendVipIPv6  Succeeded           Dynamic                                     myIPv6Vip
    data:
    data:    Probes:
    data:    Name                 Provisioning state  Protocol  Port  Path  Interval  Count
    data:    -------------------  ------------------  --------  ----  ----  --------  -----
    data:    ProbeForIPv4AndIPv6  Succeeded           Tcp       80          15        2
    data:
    data:    Backend Address Pools:
    data:    Name             Provisioning state
    data:    ---------------  ------------------
    data:    BackendPoolIPv4  Succeeded
    data:    BackendPoolIPv6  Succeeded
    data:
    data:    Load Balancing Rules:
    data:    Name                  Provisioning state  Load distribution  Protocol  Frontend port  Backend port  Enable floating IP  Idle timeout in minutes
    data:    --------------------  ------------------  -----------------  --------  -------------  ------------  ------------------  -----------------------
    data:    LBRuleForIPv4-Port80  Succeeded           Default            Tcp       80             80            false               4
    data:    LBRuleForIPv6-Port80  Succeeded           Default            Tcp       80             8080          false               4
    data:
    data:    Inbound NAT Rules:
    data:    Name                 Provisioning state  Protocol  Frontend port  Backend port  Enable floating IP  Idle timeout in minutes
    data:    -------------------  ------------------  --------  -------------  ------------  ------------------  -----------------------
    data:    NatRule-For-Rdp-VM1  Succeeded           Tcp       3389           3389          false               4
    data:    NatRule-For-Rdp-VM2  Succeeded           Tcp       3391           3389          false               4
    info:    network lb show
    

创建 NICCreate NICs

创建 NIC 并将其关联到 NAT 规则、负载均衡器规则和探测。Create NICs and associate them with NAT rules, load balancer rules, and probes.

  1. 设置 PowerShell 变量:Set up the PowerShell variables:

    $nic1Name = "myIPv4IPv6Nic1"
    $nic2Name = "myIPv4IPv6Nic2"
    $subnet1Id = "/subscriptions/$subscriptionid/resourceGroups/$rgName/providers/Microsoft.Network/VirtualNetworks/$vnetName/subnets/$subnet1Name"
    $subnet2Id = "/subscriptions/$subscriptionid/resourceGroups/$rgName/providers/Microsoft.Network/VirtualNetworks/$vnetName/subnets/$subnet2Name"
    $backendAddressPoolV4Id = "/subscriptions/$subscriptionid/resourceGroups/$rgname/providers/Microsoft.Network/loadbalancers/$lbName/backendAddressPools/$backendAddressPoolV4Name"
    $backendAddressPoolV6Id = "/subscriptions/$subscriptionid/resourceGroups/$rgname/providers/Microsoft.Network/loadbalancers/$lbName/backendAddressPools/$backendAddressPoolV6Name"
    $natRule1V4Id = "/subscriptions/$subscriptionid/resourceGroups/$rgname/providers/Microsoft.Network/loadbalancers/$lbName/inboundNatRules/$natRule1V4Name"
    $natRule2V4Id = "/subscriptions/$subscriptionid/resourceGroups/$rgname/providers/Microsoft.Network/loadbalancers/$lbName/inboundNatRules/$natRule2V4Name"
    
  2. 为每个后端创建一个 NIC,并添加 IPv6 配置:Create a NIC for each back end, and add an IPv6 configuration:

    $nic1 = az network nic create --name $nic1Name --resource-group $rgname --location $location --private-ip-address-version "IPv4" --subnet $subnet1Id --lb-address-pools $backendAddressPoolV4Id --lb-inbound-nat-rules $natRule1V4Id
    $nic1IPv6 = az network nic ip-config create --resource-group $rgname --name "IPv6IPConfig" --private-ip-address-version "IPv6" --lb-address-pools $backendAddressPoolV6Id --nic-name $nic1Name
    
    $nic2 = az network nic create --name $nic2Name --resource-group $rgname --location $location --private-ip-address-version "IPv4" --subnet $subnet2Id --lb-address-pools $backendAddressPoolV4Id --lb-inbound-nat-rules $natRule2V4Id
    $nic2IPv6 = az network nic ip-config create --resource-group $rgname --name "IPv6IPConfig" --private-ip-address-version "IPv6" --lb-address-pools $backendAddressPoolV6Id --nic-name $nic2Name
    

创建后端 VM 资源并附加每个 NICCreate the back-end VM resources, and attach each NIC

若要创建 VM,必须有一个存储帐户。To create VMs, you must have a storage account. 若要实现负载均衡,VM 必须是可用性集的成员。For load balancing, the VMs need to be members of an availability set. 有关创建 VM 的详细信息,请参阅使用 PowerShell 创建 Azure VMFor more information about creating VMs, see Create an Azure VM by using PowerShell.

  1. 设置 PowerShell 变量:Set up the PowerShell variables:

    $availabilitySetName = "myIPv4IPv6AvailabilitySet"
    $vm1Name = "myIPv4IPv6VM1"
    $vm2Name = "myIPv4IPv6VM2"
    $nic1Id = "/subscriptions/$subscriptionid/resourceGroups/$rgname/providers/Microsoft.Network/networkInterfaces/$nic1Name"
    $nic2Id = "/subscriptions/$subscriptionid/resourceGroups/$rgname/providers/Microsoft.Network/networkInterfaces/$nic2Name"
    $imageurn = "MicrosoftWindowsServer:WindowsServer:2012-R2-Datacenter:latest"
    $vmUserName = "vmUser"
    $mySecurePassword = "PlainTextPassword*1"
    

    警告

    本示例为 VM 使用了明文用户名和密码。This example uses the username and password for the VMs in cleartext. 以明文形式使用这些凭据时请保持适当的谨慎。Take appropriate care when you use these credentials in cleartext. 有关在 PowerShell 中更安全处理凭据的方法,请参阅 Get-Credential cmdlet。For a more secure method of handling credentials in PowerShell, see the Get-Credential cmdlet.

  2. 创建可用性集:Create the availability set:

    $availabilitySet = az vm availability-set create --name $availabilitySetName --resource-group $rgName --location $location
    
  3. 创建具有关联 NIC 的虚拟机:Create the virtual machines with the associated NICs:

    az vm create --resource-group $rgname --name $vm1Name --image $imageurn --admin-username $vmUserName --admin-password $mySecurePassword --nics $nic1Id --location $location --availability-set $availabilitySetName --size "Standard_B1s" 
    
    az vm create --resource-group $rgname --name $vm2Name --image $imageurn --admin-username $vmUserName --admin-password $mySecurePassword --nics $nic2Id --location $location --availability-set $availabilitySetName --size "Standard_B1s"