教程:使用 Azure 门户诊断虚拟机网络路由问题Tutorial: Diagnose a virtual machine network routing problem using the Azure portal

部署虚拟机 (VM) 时,Azure 会为其创建多个默认路由。When you deploy a virtual machine (VM), Azure creates several default routes for it. 可以创建自定义路由来覆盖 Azure 的默认路由。You may create custom routes to override Azure's default routes. 有时候,自定义路由可能导致 VM 无法与其他资源通信。Sometimes, a custom route can result in a VM not being able to communicate with other resources. 本教程介绍如何执行下列操作:In this tutorial, you learn how to:

  • 创建 VMCreate a VM
  • 使用网络观察程序的“下一跃点”功能测试到 URL 的通信Test communication to a URL using the next hop capability of Network Watcher
  • 测试到 IP 地址的通信Test communication to an IP address
  • 诊断路由问题,并了解如何解决该问题Diagnose a routing problem, and learn how you can resolve it

可以根据自己的偏好,使用 Azure CLIAzure PowerShell 诊断虚拟机网络路由问题。If you prefer, you can diagnose a virtual machine network routing problem using the Azure CLI or Azure PowerShell.

如果没有 Azure 订阅,可在开始前创建一个试用帐户If you don't have an Azure subscription, create a trial account before you begin.

登录 AzureLog in to Azure

https://portal.azure.cn 登录 Azure 门户。Log in to the Azure portal at https://portal.azure.cn.

创建 VMCreate a VM

  1. 选择 Azure 门户左上角的“+ 创建资源”。Select + Create a resource found on the upper, left corner of the Azure portal.

  2. 选择“计算”,然后选择“Windows Server 2016 Datacenter”或“Ubuntu Server 17.10 VM”。Select Compute, and then select Windows Server 2016 Datacenter or Ubuntu Server 17.10 VM.

  3. 输入或选择以下信息,保留剩下的默认设置,然后选择“确定”:Enter, or select, the following information, accept the defaults for the remaining settings, and then select OK:

    设置Setting Value
    NameName myVmmyVm
    用户名User name 输入所选用户名。Enter a user name of your choosing.
    密码Password 输入所选密码。Enter a password of your choosing. 密码必须至少 12 个字符长,且符合定义的复杂性要求The password must be at least 12 characters long and meet the defined complexity requirements.
    订阅Subscription 选择订阅。Select your subscription.
    资源组Resource group 选择“新建”,并输入 myResourceGroupSelect Create new and enter myResourceGroup.
    位置Location 选择“中国东部”Select China East
  4. 选择 VM 的大小,然后选择“选择”。Select a size for the VM and then select Select.

  5. 保留“设置”下的所有默认设置,然后选择“确定”。Under Settings, accept all the defaults, and select OK.

  6. 在“摘要”中的“创建”下,选择“创建”以启动 VM 部署。Under Create of the Summary, select Create to start VM deployment. 部署 VM 需要几分钟时间。The VM takes a few minutes to deploy. 在继续余下的步骤之前,请等待 VM 完成部署。Wait for the VM to finish deploying before continuing with the remaining steps.

测试网络通信Test network communication

若要通过网络观察程序测试网络通信,则必须先在至少一个 Azure 区域中启用网络观察程序,然后使用网络观察程序的“下一跃点”功能来测试通信。To test network communication with Network Watcher, you must first enable a network watcher in at least one Azure region and then use Network Watcher's next hop capability to test communication.

启用网络观察程序Enable network watcher

如果已至少在一个区域中启用网络观察程序,请跳到使用下一跃点If you already have a network watcher enabled in at least one region, skip to Use next hop.

  1. 在门户中,选择“所有服务”。In the portal, select All services. 在“筛选器”框中,输入“网络观察程序”。In the Filter box, enter Network Watcher. 结果中出现“网络观察程序”后,将其选中。When Network Watcher appears in the results, select it.

  2. 选择“区域”,以便将其展开,然后选择“中国东部”右侧的“...”,如下图所示:Select Regions, to expand it, and then select ... to the right of China East, as shown in the following picture:

    启用网络观察程序

  3. 选择“启用网络观察程序”。Select Enable Network Watcher.

使用下一跃点Use next hop

Azure 自动创建到默认目标的路由。Azure automatically creates routes to default destinations. 可以创建自定义路由来覆盖默认路由。You may create custom routes that override the default routes. 有时候,自定义路由可能会导致通信故障。Sometimes, custom routes can cause communication to fail. 请使用网络观察程序的“下一跃点”功能来确定 Azure 使用哪个路由来路由流量。Use the next hop capability of Network Watcher to determine which route Azure is using to route traffic.

  1. 在 Azure 门户的“网络观察程序”下选择“下一跃点”。In the Azure portal, select Next hop, under Network Watcher.

  2. 选择订阅,输入或选择以下值,然后选择“下一跃点”,如下图所示:Select your subscription, enter or select the following values, and then select Next hop, as shown in the picture that follows:

    设置Setting Value
    资源组Resource group 选择 myResourceGroupSelect myResourceGroup
    虚拟机Virtual machine 选择 myVmSelect myVm
    LinuxNetwork interface myvm - 你的网络接口名称可能有所不同。myvm - Your network interface name may be different.
    源 IP 地址Source IP address 10.0.0.410.0.0.4
    目标 IP 地址Destination IP address 13.107.21.200 - www.bing.com 的一个地址。13.107.21.200 - One of the addresses for www.bing.com.

    下一跃点

    数秒钟后,结果指示下一跃点类型为“Internet”,“路由表 ID”为“系统路由”。After a few seconds, the result informs you that the next hop type is Internet, and that the Route table ID is System Route. 此结果指示存在有效的通往目标的系统路由。This result lets you know that there is a valid system route to the destination.

  3. 将“目标 IP 地址”更改为“172.31.0.100”,然后再次选择“下一跃点”。Change the Destination IP address to 172.31.0.100 and select Next hop again. 返回的结果指示“下一跃点类型”为“无”,“路由表 ID”仍为“系统路由”。The result returned informs you that None is the Next hop type, and that the Route table ID is also System Route. 此结果指示,虽然存在有效的通往目标的系统路由,但是没有将流量路由到目标的下一跃点。This result lets you know that, while there is a valid system route to the destination, there is no next hop to route the traffic to the destination.

查看路由详细信息View details of a route

  1. 若要进一步分析路由情况,请查看网络接口的有效路由。To analyze routing further, review the effective routes for the network interface. 在门户顶部的搜索框中,输入“myvm”(或勾选的网络接口的任何其他名称)。In the search box at the top of the portal, enter myvm (or whatever the name was of the network interface you checked). 当“myvm”出现在搜索结果中时,将其选中。When myvm appears in the search results, select it.

  2. 在“支持 + 故障排除”下选择“有效路由”,如下图所示:Select Effective routes under SUPPORT + TROUBLESHOOTING, as shown in the following picture:

    有效路由

    使用使用下一跃点中的 13.107.21.200 运行测试时,地址前缀为 0.0.0.0/0 的路由用于将流量路由到该地址,因为没有其他路由包含该地址。When you ran the test using 13.107.21.200 in Use next hop, the route with the address prefix 0.0.0.0/0 was used to route traffic to the address, since no other route includes the address. 默认情况下,未在另一路由的地址前缀中指定的所有地址都会路由到 Internet。By default, all addresses not specified within the address prefix of another route are routed to the internet.

    但在使用 172.31.0.100 运行测试时,结果指示没有下一跃点类型。When you ran the test using 172.31.0.100 however, the result informed you that there was no next hop type. 在上图中可以看到,虽然有一个到 172.16.0.0/12 前缀的默认路由(其中包括地址 172.31.0.100),但“下一跃点类型”为“无”。As you can see in the previous picture, though there is a default route to the 172.16.0.0/12 prefix, which includes the 172.31.0.100 address, the NEXT HOP TYPE is None. Azure 会创建到 172.16.0.0/12 的默认路由,但不会无缘无故地指定下一跃点类型。Azure creates a default route to 172.16.0.0/12, but doesn't specify a next hop type until there is a reason to. 在特定情况下,例如在已将 172.16.0.0/12 地址范围添加到虚拟网络的地址空间的情况下,Azure 会将路由的“下一跃点类型”更改为“虚拟网络”。If, for example, you added the 172.16.0.0/12 address range to the address space of the virtual network, Azure changes the NEXT HOP TYPE to Virtual network for the route. 此时进行检查会显示“下一跃点类型”为“虚拟网络”。A check would then show Virtual network as the NEXT HOP TYPE.

清理资源Clean up resources

不再需要资源组时,可将资源组及其包含的所有资源一并删除:When no longer needed, delete the resource group and all of the resources it contains:

  1. 在门户顶部的“搜索”框中输入“myResourceGroup”。Enter myResourceGroup in the Search box at the top of the portal. 当在搜索结果中看到“myResourceGroup”时,将其选中。When you see myResourceGroup in the search results, select it.
  2. 选择“删除资源组”。Select Delete resource group.
  3. 对于“键入资源组名称:”,输入“myResourceGroup”,然后选择“删除”。Enter myResourceGroup for TYPE THE RESOURCE GROUP NAME: and select Delete.

后续步骤Next steps

本教程介绍了如何创建 VM 并根据该 VM 诊断网络路由问题,In this tutorial, you created a VM and diagnosed network routing from the VM. 同时还介绍了 Azure 可以创建多个默认路由,并且还测试了到两个不同目标的路由。You learned that Azure creates several default routes and tested routing to two different destinations. 详细了解 Azure 中的路由以及如何创建自定义路由Learn more about routing in Azure and how to create custom routes.

对于出站 VM 连接,还可以使用网络观察程序的连接故障排除功能来确定延迟、VM 和终结点之间获得允许的和被拒绝的网络流量,以及所使用的通往某个终结点的路由。For outbound VM connections, you can also determine the latency, allowed and denied network traffic between the VM and an endpoint, and the route used to an endpoint, using Network Watcher's connection troubleshoot capability. 了解如何使用网络观察程序的连接监视器功能监视 VM 和终结点(例如 IP 地址或 URL)之间在某段时间的通信情况。Learn how you can monitor communication between a VM and an endpoint, such as an IP address or URL, over time using the Network Watcher connection monitor capability.