Azure Database for PostgreSQL 中的连接体系结构Connectivity architecture in Azure Database for PostgreSQL

本文介绍 Azure Database for PostgreSQL 的连接体系结构,以及如何在 Azure 内部和外部将流量从客户端定向到 Azure Database for PostgreSQL 数据库实例。This article explains the Azure Database for PostgreSQL connectivity architecture as well as how the traffic is directed to your Azure Database for PostgreSQL database instance from clients both within and outside Azure.

连接体系结构Connectivity architecture

可以通过网关连接到 Azure Database for PostgreSQL,该网关负责将传入连接路由到服务器在群集中的物理位置。Connection to your Azure Database for PostgreSQL is established through a gateway that is responsible for routing incoming connections to the physical location of your server in our clusters. 下图演示了流量流。The following diagram illustrates the traffic flow.


当客户端连接到数据库时,指向服务器的连接字符串将解析为网关 IP 地址。As client connects to the database, the connection string to the server resolves to the gateway IP address. 网关在端口 5432 上侦听 IP 地址。The gateway listens on the IP address on port 5432. 在数据库群集中,流量会转发到相应的 Azure Database for PostgreSQL。Inside the database cluster, traffic is forwarded to appropriate Azure Database for PostgreSQL. 因此,为了通过某种方式(例如,公司网络)连接到服务器,必须打开客户端防火墙,使出站流量能够到达我们的网关。Therefore, in order to connect to your server, such as from corporate networks, it is necessary to open up the client-side firewall to allow outbound traffic to be able to reach our gateways. 下面是一个按区域分类的可供我们的网关使用的 IP 地址的完整列表。Below you can find a complete list of the IP addresses used by our gateways per region.

Azure Database for PostgreSQL 网关 IP 地址Azure Database for PostgreSQL gateway IP addresses

网关服务托管在一个 IP 地址后面的一组无状态计算节点上,当你的客户端尝试连接到 Azure Database for PostgreSQL 服务器时,将首先访问该 IP 地址。The gateway service is hosted on group of stateless compute nodes sitting behind an IP address, which your client would reach first when trying to connect to an Azure Database for PostgreSQL server.

在持续的服务维护过程中,我们会定期刷新托管网关的计算硬件,确保提供最安全和性能最佳的体验。As part of ongoing service maintenance, we will periodically refresh compute hardware hosting the gateways to ensure we provide the most secure and performant connectivity experience. 刷新网关硬件后,将首先生成一个新的计算节点通道。When the gateway hardware is refreshed, a new ring of the compute nodes is built out first. 这一新通道为所有新创建的 Azure Database for PostgreSQL 服务器提供流量,在同一区域中,它采用的 IP 地址将与较旧的网关通道采用的地址不同,目的在于使流量区分开来。This new ring serves the traffic for all the newly created Azure Database for PostgreSQL servers and it will have a different IP address from older gateway rings in the same region to differentiate the traffic. 旧的网关硬件将继续为现有服务器提供服务,但将来会被停用。The older gateway hardware continues serving existing servers but are planned for decommissioning in future. 在解除网关硬件的授权之前,运行其服务器并连接到较旧网关通道的客户可通过电子邮件和 Azure 门户提前三个月收到通知。Before decommissioning a gateway hardware, customers running their servers and connecting to older gateway rings will be notified via email and in the Azure portal, three months in advance before decommissioning. 如果你在应用程序的连接字符串中硬编码网关 IP 地址,The decommissioning of gateways can impact the connectivity to your servers if

  • 网关的解除授权可能会影响与服务器的连接。You hard code the gateway IP addresses in the connection string of your application. 不建议这样做。应在应用程序的连接字符串中使用服务器的完全限定的域名 (FQDN),格式为。It is not recommended.You should use fully qualified domain name (FQDN) of your server in the format, in the connection string for your application.
  • 请勿为使出站流量能够到达新的网关通道而在客户端防火墙中更新较新的网关 IP 地址。You do not update the newer gateway IP addresses in the client-side firewall to allow outbound traffic to be able to reach our new gateway rings.

下表列出了所有数据区域的 Azure Database for PostgreSQL 网关的网关 IP 地址。The following table lists the gateway IP addresses of the Azure Database for PostgreSQL gateway for all data regions. 下表中保留了每个区域的网关 IP 地址的最新信息。The most up-to-date information of the gateway IP addresses for each region is maintained in the table below. 在下表中,列表示以下内容:In the table below, the columns represent following:

区域名称Region name 网关 IP 地址Gateway IP addresses
中国东部China East
中国东部 2China East 2
中国北部China North
中国北部 2China North 2

后续步骤Next steps