使用 Azure 网络观察程序 Azure CLI 对虚拟网络网关和连接进行故障排除Troubleshoot Virtual Network Gateway and Connections using Azure Network Watcher Azure CLI

网络观察程序提供了许多功能,因为它关系到了解 Azure 中的网络资源。Network Watcher provides many capabilities as it relates to understanding your network resources in Azure. 其中一项功能就是资源故障排除。One of these capabilities is resource troubleshooting. 可以通过门户、PowerShell、CLI 或 REST API 调用资源故障排除。Resource troubleshooting can be called through the portal, PowerShell, CLI, or REST API. 调用后,网络观察程序会检查虚拟网络网关或连接的运行状况,并返回调查结果。When called, Network Watcher inspects the health of a Virtual Network Gateway or a Connection and returns its findings.

若要执行本文中的步骤,需要安装适用于 Mac、Linux 和 Windows 的 Azure 命令行接口 (CLI)To perform the steps in this article, you need to install the Azure command-line interface for Mac, Linux, and Windows (CLI).

准备阶段Before you begin

此方案假定已按照创建网络观察程序中的步骤创建网络观察程序。This scenario assumes you have already followed the steps in Create a Network Watcher to create a Network Watcher.

有关支持的网关类型列表,请访问支持的网关类型For a list of supported gateway types visit, Supported Gateway types.

概述Overview

“资源故障排除”提供对使用虚拟网络网关和连接时发生的问题进行故障排除的功能。Resource troubleshooting provides the ability troubleshoot issues that arise with Virtual Network Gateways and Connections. 发出资源故障排除请求时,系统将查询并检查日志。When a request is made to resource troubleshooting, logs are being queried and inspected. 检查完成后,将返回结果。When inspection is complete, the results are returned. 资源故障排除请求是长时间运行的请求,可能需要好几分钟才能返回结果。Resource troubleshooting requests are long running requests, which could take multiple minutes to return a result. 故障排除日志存储在指定的存储帐户上的容器中。The logs from troubleshooting are stored in a container on a storage account that is specified.

检索虚拟网络网关连接Retrieve a Virtual Network Gateway Connection

在此示例中,将针对连接运行资源故障排除。In this example, resource troubleshooting is being ran on a Connection. 还可以向其传递虚拟网络网关。You can also pass it a Virtual Network Gateway. 以下 cmdlet 将列出资源组中的 vpn 连接。The following cmdlet lists the vpn-connections in a resource group.

az network vpn-connection list --resource-group resourceGroupName

知道连接名称后,可以运行此命令来获取其资源 ID:Once you have the name of the connection, you can run this command to get its resource Id:

az network vpn-connection show --resource-group resourceGroupName --ids vpnConnectionIds

创建存储帐户Create a storage account

资源故障排除返回有关资源运行状况的数据,还将日志保存到要查看的存储帐户中。Resource troubleshooting returns data about the health of the resource, it also saves logs to a storage account to be reviewed. 在此步骤中,我们将创建一个存储帐户(如果存在现有的存储帐户,可以使用它)。In this step, we create a storage account, if an existing storage account exists you can use it.

  1. 创建存储帐户Create the storage account

    az storage account create --name storageAccountName --location chinaeast --resource-group resourceGroupName --sku Standard_LRS
    
  2. 获取存储帐户密钥Get the storage account keys

    az storage account keys list --resource-group resourcegroupName --account-name storageAccountName
    
  3. 创建容器Create the container

    az storage container create --account-name storageAccountName --account-key {storageAccountKey} --name logs
    

运行网络观察程序资源故障排除Run Network Watcher resource troubleshooting

将使用 az network watcher troubleshooting cmdlet 对资源进行故障排除。You troubleshoot resources with the az network watcher troubleshooting cmdlet. 我们将向该 cmdlet 传递资源组、网络观察程序的名称、连接的 ID、存储帐户 的 ID 以及要在其中存储故障排除结果的 blob 的路径。We pass the cmdlet the resource group, the name of the Network Watcher, the Id of the connection, the Id of the storage account, and the path to the blob to store the troubleshoot results in.

az network watcher troubleshooting start --resource-group resourceGroupName --resource resourceName --resource-type {vnetGateway/vpnConnection} --storage-account storageAccountName  --storage-path https://{storageAccountName}.blob.core.chinacloudapi.cn/{containerName}

运行 cmdlet 后,网络观察程序将查看资源以确认运行状况。Once you run the cmdlet, Network Watcher reviews the resource to verify the health. 它将结果返回到 shell,并将结果的日志存储在指定的存储帐户中。It returns the results to the shell and stores logs of the results in the storage account specified.

了解结果Understanding the results

操作文本提供有关如何解决问题的常规指导。The action text provides general guidance on how to resolve the issue. 如果可以对问题采取措施,将提供一个包含更多指导的链接。If an action can be taken for the issue, a link is provided with additional guidance. 如果没有更多指导,响应将提供一个用于建立支持案例的 URL。In the case where there is no additional guidance, the response provides the url to open a support case. 有关响应的属性及其包含的内容的详细信息,请访问网络观察程序故障排除概述For more information about the properties of the response and what is included, visit Network Watcher Troubleshoot overview

有关从 Azure 存储帐户下载文件的说明,请参阅通过 .NET 开始使用 Azure Blob 存储For instructions on downloading files from azure storage accounts, refer to Get started with Azure Blob storage using .NET. 可以使用的另一个工具是存储资源管理器。Another tool that can be used is Storage Explorer. 有关存储资源管理器的详细信息可以在此链接中找到:存储资源管理器More information about Storage Explorer can be found here at the following link: Storage Explorer

后续步骤Next steps

如果停止 VPN 连接的设置已更改,请参阅管理网络安全组找到可能有问题的网络安全组和安全规则。If settings have been changed that stop VPN connectivity, see Manage Network Security Groups to track down the network security group and security rules that may be in question.