使用 Azure CLI 创建使用 IPv6 的公共负载均衡器Create a public load balancer with IPv6 using Azure CLI
备注
本文介绍了一项简介性的 IPv6 功能,该功能允许基本负载均衡器提供 IPv4 和 IPv6 连接。This article describes an introductory IPv6 feature to allow Basic Load Balancers to provide both IPv4 and IPv6 connectivity. 适用于 Azure VNET 的 IPv6 现在提供综合性 IPv6 连接,可以将 IPv6 连接与虚拟网络集成,包含 IPv6 网络安全组规则、IPv6 用户定义路由、IPv6 基本和标准负载均衡等关键功能。Comprehensive IPv6 connectivity is now available with IPv6 for Azure VNETs which integrates IPv6 connectivity with your Virtual Networks and includes key features such as IPv6 Network Security Group rules, IPv6 User-defined routing, IPv6 Basic and Standard load balancing, and more. 适用于 Azure VNET 的 IPv6 是建议用于 Azure 中的 IPv6 应用程序的标准。IPv6 for Azure VNETs is the recommended standard for IPv6 applications in Azure. 请参阅适用于 Azure VNET PowerShell 部署的 IPv6See IPv6 for Azure VNET Powershell Deployment
Azure load balancer 是位于第 4 层 (TCP, UDP) 的负载均衡器。An Azure load balancer is a Layer-4 (TCP, UDP) load balancer. 该负载均衡器可以在云服务或负载均衡器集的虚拟机中运行状况良好的服务实例之间分配传入流量,从而提供高可用性。Load balancers provide high availability by distributing incoming traffic among healthy service instances in cloud services or virtual machines in a load balancer set. 负载均衡器还可以在多个端口和/或多个 IP 地址上显示这些服务。Load balancers can also present these services on multiple ports or multiple IP addresses or both.
示例部署方案Example deployment scenario
下图演示了使用本文所述示例模板部署的负载均衡解决方案。The following diagram illustrates the load balancing solution that's deployed by using the example template described in this article.
在此方案中,将创建以下 Azure 资源:In this scenario, you create the following Azure resources:
- 两个虚拟机 (VM)Two virtual machines (VMs)
- 虚拟网络接口,用于每个已分配 IPv4 和 IPv6 地址的 VMA virtual network interface for each VM with both IPv4 and IPv6 addresses assigned
- 已分配 IPv4 和 IPv6 公共 IP 地址的公共负载均衡器A public load balancer with an IPv4 and an IPv6 public IP address
- 包含两个 VM 的可用性集An availability set that contains the two VMs
- 两个负载均衡规则,用于将公共 VIP 映射到专用终结点Two load balancing rules to map the public VIPs to the private endpoints
使用 Azure CLI 部署解决方案Deploy the solution by using Azure CLI
以下步骤说明如何使用 Azure CLI 创建公共负载均衡器。The following steps show how to create a public load balancer by using Azure CLI. 使用 CLI,可单独创建和配置每个对象,再将其合成一个新资源。Using CLI, you create and configure each object individually, and then put them together to create a resource.
创建并配置以下对象以部署负载均衡器:To deploy a load balancer, create and configure the following objects:
- 前端 IP 配置:包含传入网络流量的公共 IP 地址。Front-end IP configuration: Contains public IP addresses for incoming network traffic.
- 后端地址池:包含从负载均衡器接收网络流量的虚拟机网络接口 (NIC)。Back-end address pool: Contains network interfaces (NICs) for the virtual machines to receive network traffic from the load balancer.
- 负载均衡规则:所含规则可将负载均衡器上的公共端口映射到后端地址池的端口上。Load balancing rules: Contains rules that map a public port on the load balancer to a port in the back-end address pool.
- 入站 NAT 规则:所含网络地址转换 (NAT) 规则可将负载均衡器上的公共端口映射到后端地址池中特定虚拟机的端口。Inbound NAT rules: Contains network address translation (NAT) rules that map a public port on the load balancer to a port for a specific virtual machine in the back-end address pool.
- 探测器:包含用于检查后端地址池中虚拟机实例的可用性的运行状况探测器Probes: Contains health probes that are used to check the availability of virtual machine instances in the back-end address pool.
设置 Azure CLISet up Azure CLI
本示例在 PowerShell 命令窗口中运行 Azure CLI 工具。In this example, you run the Azure CLI tools in a PowerShell command window. 此处没有使用 Azure PowerShell cmdlet,而是使用 PowerShell 的脚本功能来改善可读性与重用性。To improve readability and reuse, you use PowerShell's scripting capabilities, not the Azure PowerShell cmdlets.
按照链接的文章中的步骤安装和配置 Azure CLI,然后登录到 Azure 帐户。Install and Configure the Azure CLI by following the steps in the linked article and sign in to your Azure account.
设置要与 Azure CLI 命令结合使用的 PowerShell 变量:Set up PowerShell variables for use with the Azure CLI commands:
$subscriptionid = "########-####-####-####-############" # enter subscription id $location = "chinaeast2" $rgName = "pscontosorg1chinaeast209152016" $vnetName = "contosoIPv4Vnet" $vnetPrefix = "10.0.0.0/16" $subnet1Name = "clicontosoIPv4Subnet1" $subnet1Prefix = "10.0.0.0/24" $subnet2Name = "clicontosoIPv4Subnet2" $subnet2Prefix = "10.0.1.0/24" $dnsLabel = "contoso09152016" $lbName = "myIPv4IPv6Lb"
创建资源组、负载均衡器、虚拟网络和子网Create a resource group, a load balancer, a virtual network, and subnets
创建资源组:Create a resource group:
az group create --name $rgName --location $location
创建负载均衡器:Create a load balancer:
$lb = az network lb create --resource-group $rgname --location $location --name $lbName
创建虚拟网络:Create a virtual network:
$vnet = az network vnet create --resource-group $rgname --name $vnetName --location $location --address-prefixes $vnetPrefix
在此虚拟网络中创建两个子网:In this virtual network, create two subnets:
$subnet1 = az network vnet subnet create --resource-group $rgname --name $subnet1Name --address-prefix $subnet1Prefix --vnet-name $vnetName $subnet2 = az network vnet subnet create --resource-group $rgname --name $subnet2Name --address-prefix $subnet2Prefix --vnet-name $vnetName
创建前端池的公共 IP 地址Create public IP addresses for the front-end pool
设置 PowerShell 变量:Set up the PowerShell variables:
$publicIpv4Name = "myIPv4Vip" $publicIpv6Name = "myIPv6Vip"
创建前端池的公共 IP 地址:Create a public IP address for the front-end IP pool:
$publicipV4 = az network public-ip create --resource-group $rgname --name $publicIpv4Name --location $location --version IPv4 --allocation-method Dynamic --dns-name $dnsLabel $publicipV6 = az network public-ip create --resource-group $rgname --name $publicIpv6Name --location $location --version IPv6 --allocation-method Dynamic --dns-name $dnsLabel
重要
负载均衡器使用公共 IP 的域标签作为其完全限定的域名 (FQDN)。The load balancer uses the domain label of the public IP as its fully qualified domain name (FQDN). 这与经典部署不同,后者使用云服务名称作为负载均衡器 FQDN。This a change from classic deployment, which uses the cloud service name as the load balancer FQDN.
在此实例中,FQDN 是 contoso09152016.chinaeast2.chinacloudapp.cn。In this example, the FQDN is contoso09152016.chinaeast2.chinacloudapp.cn.
创建前端和后端池Create front-end and back-end pools
在本部分中创建以下 IP 池:In this section, you create the following IP pools:
- 前端 IP 池:在负载均衡器上接收传入网络流量。The front-end IP pool that receives the incoming network traffic on the load balancer.
- 后端的 IP 池:其中的前端池发送负载均衡的网络流量。The back-end IP pool where the front-end pool sends the load-balanced network traffic.
设置 PowerShell 变量:Set up the PowerShell variables:
$frontendV4Name = "FrontendVipIPv4" $frontendV6Name = "FrontendVipIPv6" $backendAddressPoolV4Name = "BackendPoolIPv4" $backendAddressPoolV6Name = "BackendPoolIPv6"
创建前端 IP 池,它与负载均衡器和上一步中创建的公共 IP 相关联。Create a front-end IP pool, and associate it with the public IP that you created in the previous step and the load balancer.
$frontendV4 = az network lb frontend-ip create --resource-group $rgname --name $frontendV4Name --public-ip-address $publicIpv4Name --lb-name $lbName $frontendV6 = az network lb frontend-ip create --resource-group $rgname --name $frontendV6Name --public-ip-address $publicIpv6Name --lb-name $lbName $backendAddressPoolV4 = az network lb address-pool create --resource-group $rgname --name $backendAddressPoolV4Name --lb-name $lbName $backendAddressPoolV6 = az network lb address-pool create --resource-group $rgname --name $backendAddressPoolV6Name --lb-name $lbName
创建探测、NAT 规则和负载均衡器规则Create the probe, NAT rules, and load balancer rules
下例会创建以下项:This example creates the following items:
- 一个探测规则,用于检查与 TCP 端口 80 的连接。A probe rule to check for connectivity to TCP port 80.
- 一个 NAT 规则,用于将端口 3389 上的所有传入流量转换为 RDP 的端口 3389。*A NAT rule to translate all incoming traffic on port 3389 to port 3389 for RDP.*
- 一个 NAT 规则,用于将端口 3391 上的所有传入流量转换为远程桌面协议 (RDP) 的端口 3389。*A NAT rule to translate all incoming traffic on port 3391 to port 3389 for remote desktop protocol (RDP).*
- 用于将端口 80 上的所有传入流量均衡到后端池中的地址端口 80 的负载均衡器规则。A load balancer rule to balance all incoming traffic on port 80 to port 80 on the addresses in the back-end pool.
* NAT 规则将关联到负载均衡器后面的特定虚拟机实例。* NAT rules are associated with a specific virtual-machine instance behind the load balancer. 抵达端口 3389 的网络流量将发送给特定虚拟机以及与 NAT 规则关联的端口。The network traffic that arrives on port 3389 is sent to the specific virtual machine and port that's associated with the NAT rule. 必须为 NAT 规则指定协议(UDP 或 TCP)。You must specify a protocol (UDP or TCP) for a NAT rule. 这两种协议不能分配给同一个端口。You cannot assign both protocols to the same port.
设置 PowerShell 变量:Set up the PowerShell variables:
$probeV4V6Name = "ProbeForIPv4AndIPv6" $natRule1V4Name = "NatRule-For-Rdp-VM1" $natRule2V4Name = "NatRule-For-Rdp-VM2" $lbRule1V4Name = "LBRuleForIPv4-Port80" $lbRule1V6Name = "LBRuleForIPv6-Port80"
创建探测。Create the probe.
以下示例创建 TCP 探测,该探测每隔 15 秒检查与后端 TCP 端口 80 的连接。The following example creates a TCP probe that checks for connectivity to the back-end TCP port 80 every 15 seconds. 连续两次失败后,它会将后端资源标记为不可用。After two consecutive failures, it marks the back-end resource as unavailable.
$probeV4V6 = az network lb probe create --resource-group $rgname --name $probeV4V6Name --protocol tcp --port 80 --interval 15 --threshold 2 --lb-name $lbName
创建入站 NAT 规则,以便与后端资源建立 RDP 连接:Create inbound NAT rules that allow RDP connections to the back-end resources:
$inboundNatRuleRdp1 = az network lb inbound-nat-rule create --resource-group $rgname --name $natRule1V4Name --frontend-ip-name $frontendV4Name --protocol Tcp --frontend-port 3389 --backend-port 3389 --lb-name $lbName $inboundNatRuleRdp2 = az network lb inbound-nat-rule create --resource-group $rgname --name $natRule2V4Name --frontend-ip-name $frontendV4Name --protocol Tcp --frontend-port 3391 --backend-port 3389 --lb-name $lbName
创建负载均衡器规则,根据接收请求的前端将流量发送到不同的后端端口。Create load balancer rules that send traffic to different back-end ports, depending on the front end that received the request.
$lbruleIPv4 = az network lb rule create --resource-group $rgname --name $lbRule1V4Name --frontend-ip-name $frontendV4Name --backend-pool-name $backendAddressPoolV4Name --probe-name $probeV4V6Name --protocol Tcp --frontend-port 80 --backend-port 80 --lb-name $lbName $lbruleIPv6 = az network lb rule create --resource-group $rgname --name $lbRule1V6Name --frontend-ip-name $frontendV6Name --backend-pool-name $backendAddressPoolV6Name --probe-name $probeV4V6Name --protocol Tcp --frontend-port 80 --backend-port 8080 --lb-name $lbName
检查设置:Check your settings:
az network lb show --resource-group $rgName --name $lbName
预期输出:Expected output:
info: Executing command network lb show info: Looking up the load balancer "myIPv4IPv6Lb" data: Id : /subscriptions/########-####-####-####-############/resourceGroups/pscontosorg1southctrlus09152016/providers/Microsoft.Network/loadBalancers/myIPv4IPv6Lb data: Name : myIPv4IPv6Lb data: Type : Microsoft.Network/loadBalancers data: Location : chinaeast2 data: Provisioning state : Succeeded data: data: Frontend IP configurations: data: Name Provisioning state Private IP allocation Private IP Subnet Public IP data: --------------- ------------------ --------------------- ----------- ------ --------- data: FrontendVipIPv4 Succeeded Dynamic myIPv4Vip data: FrontendVipIPv6 Succeeded Dynamic myIPv6Vip data: data: Probes: data: Name Provisioning state Protocol Port Path Interval Count data: ------------------- ------------------ -------- ---- ---- -------- ----- data: ProbeForIPv4AndIPv6 Succeeded Tcp 80 15 2 data: data: Backend Address Pools: data: Name Provisioning state data: --------------- ------------------ data: BackendPoolIPv4 Succeeded data: BackendPoolIPv6 Succeeded data: data: Load Balancing Rules: data: Name Provisioning state Load distribution Protocol Frontend port Backend port Enable floating IP Idle timeout in minutes data: -------------------- ------------------ ----------------- -------- ------------- ------------ ------------------ ----------------------- data: LBRuleForIPv4-Port80 Succeeded Default Tcp 80 80 false 4 data: LBRuleForIPv6-Port80 Succeeded Default Tcp 80 8080 false 4 data: data: Inbound NAT Rules: data: Name Provisioning state Protocol Frontend port Backend port Enable floating IP Idle timeout in minutes data: ------------------- ------------------ -------- ------------- ------------ ------------------ ----------------------- data: NatRule-For-Rdp-VM1 Succeeded Tcp 3389 3389 false 4 data: NatRule-For-Rdp-VM2 Succeeded Tcp 3391 3389 false 4 info: network lb show
创建 NICCreate NICs
创建 NIC 并将其关联到 NAT 规则、负载均衡器规则和探测。Create NICs and associate them with NAT rules, load balancer rules, and probes.
设置 PowerShell 变量:Set up the PowerShell variables:
$nic1Name = "myIPv4IPv6Nic1" $nic2Name = "myIPv4IPv6Nic2" $subnet1Id = "/subscriptions/$subscriptionid/resourceGroups/$rgName/providers/Microsoft.Network/VirtualNetworks/$vnetName/subnets/$subnet1Name" $subnet2Id = "/subscriptions/$subscriptionid/resourceGroups/$rgName/providers/Microsoft.Network/VirtualNetworks/$vnetName/subnets/$subnet2Name" $backendAddressPoolV4Id = "/subscriptions/$subscriptionid/resourceGroups/$rgname/providers/Microsoft.Network/loadbalancers/$lbName/backendAddressPools/$backendAddressPoolV4Name" $backendAddressPoolV6Id = "/subscriptions/$subscriptionid/resourceGroups/$rgname/providers/Microsoft.Network/loadbalancers/$lbName/backendAddressPools/$backendAddressPoolV6Name" $natRule1V4Id = "/subscriptions/$subscriptionid/resourceGroups/$rgname/providers/Microsoft.Network/loadbalancers/$lbName/inboundNatRules/$natRule1V4Name" $natRule2V4Id = "/subscriptions/$subscriptionid/resourceGroups/$rgname/providers/Microsoft.Network/loadbalancers/$lbName/inboundNatRules/$natRule2V4Name"
为每个后端创建一个 NIC,并添加 IPv6 配置:Create a NIC for each back end, and add an IPv6 configuration:
$nic1 = az network nic create --name $nic1Name --resource-group $rgname --location $location --private-ip-address-version "IPv4" --subnet $subnet1Id --lb-address-pools $backendAddressPoolV4Id --lb-inbound-nat-rules $natRule1V4Id $nic1IPv6 = az network nic ip-config create --resource-group $rgname --name "IPv6IPConfig" --private-ip-address-version "IPv6" --lb-address-pools $backendAddressPoolV6Id --nic-name $nic1Name $nic2 = az network nic create --name $nic2Name --resource-group $rgname --location $location --private-ip-address-version "IPv4" --subnet $subnet2Id --lb-address-pools $backendAddressPoolV4Id --lb-inbound-nat-rules $natRule2V4Id $nic2IPv6 = az network nic ip-config create --resource-group $rgname --name "IPv6IPConfig" --private-ip-address-version "IPv6" --lb-address-pools $backendAddressPoolV6Id --nic-name $nic2Name
创建后端 VM 资源并附加每个 NICCreate the back-end VM resources, and attach each NIC
若要创建 VM,必须有一个存储帐户。To create VMs, you must have a storage account. 若要实现负载均衡,VM 必须是可用性集的成员。For load balancing, the VMs need to be members of an availability set. 有关创建 VM 的详细信息,请参阅使用 PowerShell 创建 Azure VM。For more information about creating VMs, see Create an Azure VM by using PowerShell.
设置 PowerShell 变量:Set up the PowerShell variables:
$availabilitySetName = "myIPv4IPv6AvailabilitySet" $vm1Name = "myIPv4IPv6VM1" $vm2Name = "myIPv4IPv6VM2" $nic1Id = "/subscriptions/$subscriptionid/resourceGroups/$rgname/providers/Microsoft.Network/networkInterfaces/$nic1Name" $nic2Id = "/subscriptions/$subscriptionid/resourceGroups/$rgname/providers/Microsoft.Network/networkInterfaces/$nic2Name" $imageurn = "MicrosoftWindowsServer:WindowsServer:2012-R2-Datacenter:latest" $vmUserName = "vmUser" $mySecurePassword = "PlainTextPassword*1"
警告
本示例为 VM 使用了明文用户名和密码。This example uses the username and password for the VMs in cleartext. 以明文形式使用这些凭据时请保持适当的谨慎。Take appropriate care when you use these credentials in cleartext. 有关在 PowerShell 中更安全处理凭据的方法,请参阅
Get-Credential
cmdlet。For a more secure method of handling credentials in PowerShell, see theGet-Credential
cmdlet.创建可用性集:Create the availability set:
$availabilitySet = az vm availability-set create --name $availabilitySetName --resource-group $rgName --location $location
创建具有关联 NIC 的虚拟机:Create the virtual machines with the associated NICs:
az vm create --resource-group $rgname --name $vm1Name --image $imageurn --admin-username $vmUserName --admin-password $mySecurePassword --nics $nic1Id --location $location --availability-set $availabilitySetName --size "Standard_A1" az vm create --resource-group $rgname --name $vm2Name --image $imageurn --admin-username $vmUserName --admin-password $mySecurePassword --nics $nic2Id --location $location --availability-set $availabilitySetName --size "Standard_A1"