排查 Azure 负载均衡器问题Troubleshoot Azure Load Balancer

此页介绍基本和标准 Azure 负载均衡器的常见问题的疑难解答信息。This page provides troubleshooting information for Basic and Standard common Azure Load Balancer questions. 有关标准负载均衡器的详细信息,请参阅标准负载均衡器概述For more information about Standard Load Balancer, see Standard Load Balancer overview.

当负载均衡器连接不可用时,最常见的症状如下:When the Load Balancer connectivity is unavailable, the most common symptoms are as follows:

  • 负载均衡器后端的 VM 不响应运行状况探测VMs behind the Load Balancer aren't responding to health probes
  • 负载均衡器后端的 VM 不响应已配置端口上的流量VMs behind the Load Balancer aren't responding to the traffic on the configured port

当后端 VM 的外部客户端通过负载均衡器时,将使用客户端的 IP 地址进行通信。When the external clients to the backend VMs go through the load balancer, the IP address of the clients will be used for the communication. 请确保将客户端的 IP 地址添加到 NSG 允许列表中。Make sure the IP address of the clients are added into the NSG allow list.

没有来自标准内部负载均衡器 (ILB) 的出站连接No outbound connectivity from Standard internal Load Balancers (ILB)

验证及解决方法Validation and resolution

标准 ILB 在默认情况下是安全的。Standard ILBs are secure by default. 基本 ILB 允许通过隐藏的公共 IP 地址连接到 Internet。Basic ILBs allowed connecting to the internet via a hidden Public IP address. 不建议将其用于生产工作负载,因为该 IP 地址既不是静态的,也不是通过你拥有的 NSG 进行锁定的。This isn't recommended for production workloads as the IP address is neither static nor locked down via NSGs that you own. 如果你最近从基本 ILB 迁移到了标准 ILB,则应通过仅出站配置显式创建公共 IP,该配置会通过 NSG 锁定 IP。If you recently moved from a Basic ILB to a Standard ILB, you should create a Public IP explicitly via Outbound only configuration, which locks down the IP via NSGs. 你还可以在子网上使用 NAT 网关You can also use a NAT Gateway on your subnet.

无法更改已在后端池中部署了虚拟机规模集的负载均衡器的现有 LB 规则的后端端口。Can't change backend port for existing LB rule of a load balancer that has virtual machine scale set deployed in the backend pool.

原因:无法针对虚拟机规模集引用的负载均衡器的运行状况探测所使用的负载均衡规则修改后端端口Cause: The backend port cannot be modified for a load balancing rule that's used by a health probe for load balancer referenced by virtual machine scale set

解决方案:为了更改端口,可以通过更新虚拟机规模集来删除运行状况探测,更新端口,然后重新配置运行状况探测。Resolution In order to change the port, you can remove the health probe by updating the virtual machine scale set, update the port and then configure the health probe again.

从负载均衡器的后端池中删除 VM 后,仍有少量流量通过负载均衡器。Small traffic is still going through load balancer after removing VMs from backend pool of the load balancer.

若要进行验证,可以执行网络跟踪。To verify, you can conduct a network trace. 用于 blob 存储帐户的 FQDN 会列在每个存储帐户的属性中。The FQDN used for your blob storage accounts are listed within the properties of each storage account. 在 Azure 订阅中的虚拟机上,可以执行 nslookup 以确定分配给该存储帐户的 Azure IP。From a virtual machine within your Azure subscription, you can perform nslookup to determine the Azure IP assigned to that storage account.

附加网络捕获Additional network captures

如果决定打开支持案例,请收集下列信息,以更快获得解决方案。If you decide to open a support case, collect the following information for a quicker resolution. 选择单个后端 VM 执行下列测试:Choose a single backend VM to perform the following tests:

  • 使用来自 VNet 的某个后端 VM 的 ps ping 进行探测端口响应测试(例如 ps ping 10.0.0.4:3389)并记录结果。Use ps ping from one of the backend VMs within the VNet to test the probe port response (example: ps ping 10.0.0.4:3389) and record results.
  • 如果这些 ping 测试未收到响应,请在运行 PsPing 时,在后端 VM 和 VNet 测试 VM 上同时运行 Netsh 跟踪,并停止 Netsh 跟踪。If no response is received in these ping tests, run a simultaneous Netsh trace on the backend VM and the VNet test VM while you run PsPing then stop the Netsh trace.

后续步骤Next steps

如果上述步骤无法解决问题,请开具支持票证If the preceding steps don't resolve the issue, open a support ticket.