开始使用用于 Resource Manager 的 PowerShell 创建具有 IPv6 的面向 Internet 的负载均衡器Get started creating an Internet facing load balancer with IPv6 using PowerShell for Resource Manager

备注

本文介绍了一项简介性的 IPv6 功能,该功能允许基本负载均衡器提供 IPv4 和 IPv6 连接。This article describes an introductory IPv6 feature to allow Basic Load Balancers to provide both IPv4 and IPv6 connectivity. 适用于 Azure VNET 的 IPv6 现在提供综合性 IPv6 连接,可以将 IPv6 连接与虚拟网络集成,包含 IPv6 网络安全组规则、IPv6 用户定义路由、IPv6 基本和标准负载均衡等关键功能。Comprehensive IPv6 connectivity is now available with IPv6 for Azure VNETs which integrates IPv6 connectivity with your Virtual Networks and includes key features such as IPv6 Network Security Group rules, IPv6 User-defined routing, IPv6 Basic and Standard load balancing, and more. 适用于 Azure VNET 的 IPv6 是建议用于 Azure 中的 IPv6 应用程序的标准。IPv6 for Azure VNETs is the recommended standard for IPv6 applications in Azure. 请参阅适用于 Azure VNET PowerShell 部署的 IPv6See IPv6 for Azure VNET Powershell Deployment

Azure load balancer 是位于第 4 层 (TCP, UDP) 的负载均衡器。An Azure load balancer is a Layer-4 (TCP, UDP) load balancer. 该负载均衡器可以在云服务或负载均衡器集的虚拟机中运行状况良好的服务实例之间分配传入流量,从而提供高可用性。The load balancer provides high availability by distributing incoming traffic among healthy service instances in cloud services or virtual machines in a load balancer set. Azure Load Balancer 还可以在多个端口和/或多个 IP 地址上显示这些服务。Azure Load Balancer can also present those services on multiple ports, multiple IP addresses, or both.

备注

本文进行了更新,以便使用新的 Azure PowerShell Az 模块。This article has been updated to use the new Azure PowerShell Az module. 你仍然可以使用 AzureRM 模块,至少在 2020 年 12 月之前,它将继续接收 bug 修补程序。You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. 若要详细了解新的 Az 模块和 AzureRM 兼容性,请参阅新 Azure Powershell Az 模块简介To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. 有关 Az 模块安装说明,请参阅安装 Azure PowerShellFor Az module installation instructions, see Install Azure PowerShell.

示例部署方案Example deployment scenario

下图演示了要在本文中部署的负载均衡解决方案。The following diagram illustrates the load balancing solution being deployed in this article.

负载均衡器方案

在此方案中,将创建以下 Azure 资源:In this scenario you will create the following Azure resources:

  • 已分配 IPv4 和 IPv6 公共 IP 地址的面向 Internet 的负载均衡器an Internet-facing Load Balancer with an IPv4 and an IPv6 Public IP address
  • 两个负载均衡规则,用于将公共 VIP 映射到专用终结点two load balancing rules to map the public VIPs to the private endpoints
  • 包含两个 VM 的可用性集an Availability Set to that contains the two VMs
  • 两个虚拟机 (VM)two virtual machines (VMs)
  • 虚拟网络接口,用于每个已分配 IPv4 和 IPv6 地址的 VMa virtual network interface for each VM with both IPv4 and IPv6 addresses assigned

使用 Azure PowerShell 部署解决方案Deploying the solution using the Azure PowerShell

以下步骤说明如何使用 Azure 资源管理器和 PowerShell 创建面向 Internet 的负载均衡器。The following steps show how to create an Internet facing load balancer using Azure Resource Manager with PowerShell. 借助 Azure 资源管理器,可单独创建和配置每个资源,再将其合成一个新资源。With Azure Resource Manager, each resource is created and configured individually, then put together to create a resource.

若要部署负载均衡器,需要创建并配置以下对象:To deploy a load balancer, you create and configure the following objects:

  • 前端 IP 配置 - 包含传入网络流量的公共 IP 地址。Frontend IP configuration - contains public IP addresses for incoming network traffic.
  • 后端地址池 - 包含从负载均衡器接收网络流量的虚拟机网络接口 (NIC)。Backend address pool - contains network interfaces (NICs) for the virtual machines to receive network traffic from the load balancer.
  • 负载均衡规则 - 包含将负载均衡器上的公共端口映射到后端地址池中的端口的规则。Load balancing rules - contains rules mapping a public port on the load balancer to port in the back-end address pool.
  • 入站 NAT 规则 - 包含将负载均衡器上的公共端口映射到后端地址池中特定虚拟机的端口的规则。Inbound NAT rules - contains rules mapping a public port on the load balancer to a port for a specific virtual machine in the back-end address pool.
  • 探测器 - 包含用于检查后端地址池中虚拟机实例的可用性的运行状况探测器。Probes - contains health probes used to check availability of virtual machines instances in the back-end address pool.

有关详细信息,请参阅 Azure 负载均衡器组件For more information, see Azure Load Balancer components.

将 PowerShell 设置为使用 Resource ManagerSet up PowerShell to use Resource Manager

确保具备 Azure 资源管理器模块的最新生产版本才可用于 PowerShell。Make sure you have the latest production version of the Azure Resource Manager module for PowerShell.

  1. 登录 AzureSign into Azure

    Connect-AzAccount -Environment AzureChinaCloud
    

    在系统提示时输入凭据。Enter your credentials when prompted.

  2. 检查帐户的订阅Check the subscriptions for the account

     Get-AzSubscription
    
  3. 选择要使用的 Azure 订阅。Choose which of your Azure subscriptions to use.

    Select-AzSubscription -SubscriptionId 'GUID of subscription'
    
  4. 创建资源组(如果要使用现有的资源组,请跳过此步骤)Create a resource group (skip this step if using an existing resource group)

    New-AzResourceGroup -Name NRP-RG -location "China East 2"
    

为前端 IP 池创建虚拟网络和公共 IP 地址Create a virtual network and a public IP address for the front-end IP pool

  1. 创建一个包含子网的虚拟网络。Create a virtual network with a subnet.

    $backendSubnet = New-AzVirtualNetworkSubnetConfig -Name LB-Subnet-BE -AddressPrefix 10.0.2.0/24
    $vnet = New-AzvirtualNetwork -Name VNet -ResourceGroupName NRP-RG -Location 'China East 2' -AddressPrefix 10.0.0.0/16 -Subnet $backendSubnet
    
  2. 为前端 IP 地址池创建 Azure 公共 IP 地址 (PIP) 资源。Create Azure Public IP address (PIP) resources for the front-end IP address pool. 运行以下命令之前,请务必更改 -DomainNameLabel 的值。Be sure to change the value for -DomainNameLabel before running the following commands. 该值在 Azure 区域中必须唯一。The value must be unique within the Azure region.

    $publicIPv4 = New-AzPublicIpAddress -Name 'pub-ipv4' -ResourceGroupName NRP-RG -Location 'China East 2' -AllocationMethod Static -IpAddressVersion IPv4 -DomainNameLabel lbnrpipv4
    $publicIPv6 = New-AzPublicIpAddress -Name 'pub-ipv6' -ResourceGroupName NRP-RG -Location 'China East 2' -AllocationMethod Dynamic -IpAddressVersion IPv6 -DomainNameLabel lbnrpipv6
    

    重要

    负载均衡器将公共 IP 的域标签用作 FQDN 的前缀。The load balancer uses the domain label of the public IP as prefix for its FQDN. 在此示例中,FQDN 为“lbnrpipv4.chinaeast2.chinacloudapp.cn” 和“lbnrpipv6.chinaeast2.chinacloudapp.cn” 。In this example, the FQDNs are lbnrpipv4.chinaeast2.chinacloudapp.cn and lbnrpipv6.chinaeast2.chinacloudapp.cn.

创建前端 IP 配置和后端地址池Create a Front-End IP configurations and a Back-End Address Pool

  1. 创建使用所创建公共 IP 地址的前端地址配置。Create front-end address configuration that uses the Public IP addresses you created.

    $FEIPConfigv4 = New-AzLoadBalancerFrontendIpConfig -Name "LB-Frontendv4" -PublicIpAddress $publicIPv4
    $FEIPConfigv6 = New-AzLoadBalancerFrontendIpConfig -Name "LB-Frontendv6" -PublicIpAddress $publicIPv6
    
  2. 创建后端地址池Create back-end address pools.

    $backendpoolipv4 = New-AzLoadBalancerBackendAddressPoolConfig -Name "BackendPoolIPv4"
    $backendpoolipv6 = New-AzLoadBalancerBackendAddressPoolConfig -Name "BackendPoolIPv6"
    

创建 LB 规则、NAT 规则、探测器和负载均衡器Create LB rules, NAT rules, a probe, and a load balancer

下例会创建以下项:This example creates the following items:

  • 用于将端口 443 上的所有传入流量转换到端口 4443 的 NAT 规则a NAT rule to translate all incoming traffic on port 443 to port 4443
  • 用于将端口 80 上的所有传入流量平衡到后端池中的地址端口 80 的负载均衡器规则。a load balancer rule to balance all incoming traffic on port 80 to port 80 on the addresses in the back-end pool.
  • 一个负载均衡器规则,用来与端口 3389 上的 VM 建立 RDP 连接。a load balancer rule to allow RDP connection to the VMs on port 3389.
  • 一个探测规则,用于检查名为 HealthProbe.aspx 的页面上或者端口 8080 上的服务的运行状况a probe rule to check the health status on a page named HealthProbe.aspx or a service on port 8080
  • 使用上述所有对象的负载均衡器a load balancer that uses all these objects
  1. 创建 NAT 规则。Create the NAT rules.

    $inboundNATRule1v4 = New-AzLoadBalancerInboundNatRuleConfig -Name "NicNatRulev4" -FrontendIpConfiguration $FEIPConfigv4 -Protocol TCP -FrontendPort 443 -BackendPort 4443
    $inboundNATRule1v6 = New-AzLoadBalancerInboundNatRuleConfig -Name "NicNatRulev6" -FrontendIpConfiguration $FEIPConfigv6 -Protocol TCP -FrontendPort 443 -BackendPort 4443
    
  2. 创建运行状况探测器。Create a health probe. 有两种方法可以配置探测器:There are two ways to configure a probe:

    HTTP 探测器HTTP probe

    $healthProbe = New-AzLoadBalancerProbeConfig -Name 'HealthProbe-v4v6' -RequestPath 'HealthProbe.aspx' -Protocol http -Port 80 -IntervalInSeconds 15 -ProbeCount 2
    

    或 TCP 探测or TCP probe

    $healthProbe = New-AzLoadBalancerProbeConfig -Name 'HealthProbe-v4v6' -Protocol Tcp -Port 8080 -IntervalInSeconds 15 -ProbeCount 2
    $RDPprobe = New-AzLoadBalancerProbeConfig -Name 'RDPprobe' -Protocol Tcp -Port 3389 -IntervalInSeconds 15 -ProbeCount 2
    

    对于本示例,我们将使用 TCP 探测。For this example, we are going to use the TCP probes.

  3. 创建负载均衡器规则。Create a load balancer rule.

    $lbrule1v4 = New-AzLoadBalancerRuleConfig -Name "HTTPv4" -FrontendIpConfiguration $FEIPConfigv4 -BackendAddressPool $backendpoolipv4 -Probe $healthProbe -Protocol Tcp -FrontendPort 80 -BackendPort 8080
    $lbrule1v6 = New-AzLoadBalancerRuleConfig -Name "HTTPv6" -FrontendIpConfiguration $FEIPConfigv6 -BackendAddressPool $backendpoolipv6 -Probe $healthProbe -Protocol Tcp -FrontendPort 80 -BackendPort 8080
    $RDPrule = New-AzLoadBalancerRuleConfig -Name "RDPrule" -FrontendIpConfiguration $FEIPConfigv4 -BackendAddressPool $backendpoolipv4 -Probe $RDPprobe -Protocol Tcp -FrontendPort 3389 -BackendPort 3389
    
  4. 使用前面创建的对象创建负载均衡器。Create the load balancer using the previously created objects.

    $NRPLB = New-AzLoadBalancer -ResourceGroupName NRP-RG -Name 'myNrpIPv6LB' -Location 'China East 2' -FrontendIpConfiguration $FEIPConfigv4,$FEIPConfigv6 -InboundNatRule $inboundNATRule1v6,$inboundNATRule1v4 -BackendAddressPool $backendpoolipv4,$backendpoolipv6 -Probe $healthProbe,$RDPprobe -LoadBalancingRule $lbrule1v4,$lbrule1v6,$RDPrule
    

为后端 VM 创建 NICCreate NICs for the back-end VMs

  1. 获取需要创建 NIC 的虚拟网络和虚拟网络子网。Get the Virtual Network and Virtual Network Subnet, where the NICs need to be created.

    $vnet = Get-AzVirtualNetwork -Name VNet -ResourceGroupName NRP-RG
    $backendSubnet = Get-AzVirtualNetworkSubnetConfig -Name LB-Subnet-BE -VirtualNetwork $vnet
    
  2. 为 VM 创建 IP 配置和 NIC。Create IP configurations and NICs for the VMs.

    $nic1IPv4 = New-AzNetworkInterfaceIpConfig -Name "IPv4IPConfig" -PrivateIpAddressVersion "IPv4" -Subnet $backendSubnet -LoadBalancerBackendAddressPool $backendpoolipv4 -LoadBalancerInboundNatRule $inboundNATRule1v4
    $nic1IPv6 = New-AzNetworkInterfaceIpConfig -Name "IPv6IPConfig" -PrivateIpAddressVersion "IPv6" -LoadBalancerBackendAddressPool $backendpoolipv6 -LoadBalancerInboundNatRule $inboundNATRule1v6
    $nic1 = New-AzNetworkInterface -Name 'myNrpIPv6Nic0' -IpConfiguration $nic1IPv4,$nic1IPv6 -ResourceGroupName NRP-RG -Location 'China East 2'
    
    $nic2IPv4 = New-AzNetworkInterfaceIpConfig -Name "IPv4IPConfig" -PrivateIpAddressVersion "IPv4" -Subnet $backendSubnet -LoadBalancerBackendAddressPool $backendpoolipv4
    $nic2IPv6 = New-AzNetworkInterfaceIpConfig -Name "IPv6IPConfig" -PrivateIpAddressVersion "IPv6" -LoadBalancerBackendAddressPool $backendpoolipv6
    $nic2 = New-AzNetworkInterface -Name 'myNrpIPv6Nic1' -IpConfiguration $nic2IPv4,$nic2IPv6 -ResourceGroupName NRP-RG -Location 'China East 2'
    

创建虚拟机并分配新建的 NICCreate virtual machines and assign the newly created NICs

有关创建 VM 的详细信息,请参阅使用 Resource Manager 和 Azure PowerShell 创建并预先配置 Windows 虚拟机For more information about creating a VM, see Create and preconfigure a Windows Virtual Machine with Resource Manager and Azure PowerShell

  1. 创建可用性集和存储帐户Create an Availability Set and Storage account

    New-AzAvailabilitySet -Name 'myNrpIPv6AvSet' -ResourceGroupName NRP-RG -location 'China East 2'
    $availabilitySet = Get-AzAvailabilitySet -Name 'myNrpIPv6AvSet' -ResourceGroupName NRP-RG
    New-AzStorageAccount -ResourceGroupName NRP-RG -Name 'mynrpipv6stacct' -Location 'China East 2' -SkuName "Standard_LRS"
    $CreatedStorageAccount = Get-AzStorageAccount -ResourceGroupName NRP-RG -Name 'mynrpipv6stacct'
    
  2. 创建每个 VM 并分配前面创建的 NICCreate each VM and assign the previous created NICs

    $mySecureCredentials= Get-Credential -Message "Type the username and password of the local administrator account."
    
    $vm1 = New-AzVMConfig -VMName 'myNrpIPv6VM0' -VMSize 'Standard_B1s' -AvailabilitySetId $availabilitySet.Id
    $vm1 = Set-AzVMOperatingSystem -VM $vm1 -Windows -ComputerName 'myNrpIPv6VM0' -Credential $mySecureCredentials -ProvisionVMAgent -EnableAutoUpdate
    $vm1 = Set-AzVMSourceImage -VM $vm1 -PublisherName MicrosoftWindowsServer -Offer WindowsServer -Skus 2012-R2-Datacenter -Version "latest"
    $vm1 = Add-AzVMNetworkInterface -VM $vm1 -Id $nic1.Id -Primary
    $osDisk1Uri = $CreatedStorageAccount.PrimaryEndpoints.Blob.ToString() + "vhds/myNrpIPv6VM0osdisk.vhd"
    $vm1 = Set-AzVMOSDisk -VM $vm1 -Name 'myNrpIPv6VM0osdisk' -VhdUri $osDisk1Uri -CreateOption FromImage
    New-AzVM -ResourceGroupName NRP-RG -Location 'China East 2' -VM $vm1
    
    $vm2 = New-AzVMConfig -VMName 'myNrpIPv6VM1' -VMSize 'Standard_B1s' -AvailabilitySetId $availabilitySet.Id
    $vm2 = Set-AzVMOperatingSystem -VM $vm2 -Windows -ComputerName 'myNrpIPv6VM1' -Credential $mySecureCredentials -ProvisionVMAgent -EnableAutoUpdate
    $vm2 = Set-AzVMSourceImage -VM $vm2 -PublisherName MicrosoftWindowsServer -Offer WindowsServer -Skus 2012-R2-Datacenter -Version "latest"
    $vm2 = Add-AzVMNetworkInterface -VM $vm2 -Id $nic2.Id -Primary
    $osDisk2Uri = $CreatedStorageAccount.PrimaryEndpoints.Blob.ToString() + "vhds/myNrpIPv6VM1osdisk.vhd"
    $vm2 = Set-AzVMOSDisk -VM $vm2 -Name 'myNrpIPv6VM1osdisk' -VhdUri $osDisk2Uri -CreateOption FromImage
    New-AzVM -ResourceGroupName NRP-RG -Location 'China East 2' -VM $vm2