在 Azure 中使用负载均衡服务Using load-balancing services in Azure

简介Introduction

Azure 提供多种服务用于管理网络流量的分发和负载均衡方式。Azure provides multiple services for managing how network traffic is distributed and load balanced. 可以单独使用这些服务,或者根据需要结合使用这些服务提供的方法来构建优化解决方案。You can use these services individually or combine their methods, depending on your needs, to build the optimal solution.

在本教程中,我们首先定义一个客户用例,探讨如何使用以下 Azure 负载均衡产品组合实现更稳健、更高效的解决方案:流量管理器、应用程序网关和负载均衡器。In this tutorial, we first define a customer use case and see how it can be made more robust and performant by using the following Azure load-balancing portfolio: Traffic Manager, Application Gateway, and Load Balancer. 然后,逐步说明如何创建一种地理冗余的、可将流量分发到 VM 且有助于管理各类请求的部署。We then provide step-by-step instructions for creating a deployment that is geographically redundant, distributes traffic to VMs, and helps you manage different types of requests.

从概念上讲,其中的每个服务在负载均衡层次结构中都扮演着不同的角色。At a conceptual level, each of these services plays a distinct role in the load-balancing hierarchy.

  • 流量管理器 提供全局 DNS 负载均衡。Traffic Manager provides global DNS load balancing. 它查找传入的 DNS 请求,并根据客户选择的路由策略使用正常的终结点进行响应。It looks at incoming DNS requests and responds with a healthy endpoint, in accordance with the routing policy the customer has selected. 路由方法选项包括:Options for routing methods are:

    • 性能路由 - 根据延迟将请求者发送到最近的终结点。Performance routing to send the requestor to the closest endpoint in terms of latency.
    • 优先级路由 - 将所有流量定向到一个终结点,其他终结点作为备份。Priority routing to direct all traffic to an endpoint, with other endpoints as backup.
    • 加权轮循机制路由 - 根据分配给每个终结点的权重进行流量分布。Weighted round-robin routing, which distributes traffic based on the weighting that is assigned to each endpoint.
    • 基于地理位置的路由 - 根据用户的地理位置将流量分布到应用程序终结点。Geography-based routing to distribute the traffic to your application endpoints based on geographic location of the user.
    • 基于子网的路由 - 根据用户的子网(IP 地址范围)将流量分布到应用程序终结点。Subnet-based routing to distribute the traffic to your application endpoints based on the subnet (IP address range) of the user.
    • 多值路由 - 允许你在单个 DNS 响应中发送多个应用程序终结点的 IP 地址。Multi Value routing that enable you to send IP addresses of more than one application endpoints in a single DNS response.

    客户端直接连接到由流量管理器返回的终结点。The client connects directly to the endpoint returned by Traffic Manager. 当某个终结点运行不正常时,Azure 流量管理器可以检测到这种状态,并将客户端重定向到另一个正常的实例。Azure Traffic Manager detects when an endpoint is unhealthy and then redirects the clients to another healthy instance. 若要详细了解此服务,请参阅 Azure 流量管理器文档Refer to Azure Traffic Manager documentation to learn more about the service.

  • 应用程序网关以服务形式提供应用程序传送控制器 (ADC),借此为应用程序提供各种第 7 层负载均衡功能。Application Gateway provides application delivery controller (ADC) as a service, offering various Layer 7 load-balancing capabilities for your application. 客户可以用它将 CPU 密集型 TLS 终止卸载到应用程序网关,优化 Web 场工作效率。It allows customers to optimize web farm productivity by offloading CPU-intensive TLS termination to the application gateway. 其他第 7 层路由功能包括传入流量的轮循机制分布、基于 Cookie 的会话相关性、基于 URL 路径的路由,以及在单个应用程序网关后托管多个网站的功能。Other Layer 7 routing capabilities include round-robin distribution of incoming traffic, cookie-based session affinity, URL path-based routing, and the ability to host multiple websites behind a single application gateway. 可以将应用程序网关配置为面向 Internet 的网关、仅限内部访问的网关或二者合一的网关。Application Gateway can be configured as an Internet-facing gateway, an internal-only gateway, or a combination of both. 应用程序网关完全受 Azure 管理,可缩放且高度可用。Application Gateway is fully Azure managed, scalable, and highly available. 它提供丰富的诊断和日志记录功能以改进可管理性。It provides a rich set of diagnostics and logging capabilities for better manageability.

  • 负载均衡器 是 Azure SDN 堆栈的组成部分,为所有 UDP 和 TCP 协议提供高性能、低延迟的第 4 层负载均衡服务。Load Balancer is an integral part of the Azure SDN stack, providing high-performance, low-latency Layer 4 load-balancing services for all UDP and TCP protocols. 它管理入站和出站连接。It manages inbound and outbound connections. 可以配置公共和内部负载均衡终结点,定义规则将入站连接映射到后端池目标,并在其中包含 TCP 和 HTTP 运行状况探测选项来管理服务的可用性。You can configure public and internal load-balanced endpoints and define rules to map inbound connections to back-end pool destinations by using TCP and HTTP health-probing options to manage service availability.

方案Scenario

本示例方案使用一个简单的网站,该网站提供两种类型的内容:图像和动态呈现的网页。In this example scenario, we use a simple website that serves two types of content: images and dynamically rendered webpages. 此网站必须在地理上冗余,应从最靠近用户的位置(延迟最低的位置)为用户提供服务。The website must be geographically redundant, and it should serve its users from the closest (lowest latency) location to them. 应用程序开发人员决定通过一个专用的 VM 池(不同于 Web 场中的其他池)来提供与模式 /images/* 匹配的所有 URL。The application developer has decided that any URLs that match the pattern /images/* are served from a dedicated pool of VMs that are different from the rest of the web farm.

此外,提供动态内容的默认 VM 池需要与高可用性群集上托管的后端数据库通信。Additionally, the default VM pool serving the dynamic content needs to talk to a back-end database that is hosted on a high-availability cluster. 整个部署是通过 Azure Resource Manager 设置的。The entire deployment is set up through Azure Resource Manager.

使用流量管理器、应用程序网关和负载均衡器,可以在此网站中实现以下设计目标:Using Traffic Manager, Application Gateway, and Load Balancer allows this website to achieve these design goals:

  • 多地冗余:如果一个区域出现故障,流量管理器会将流量无缝路由到最近的区域,无需应用程序所有者做出任何干预。Multi-geo redundancy: If one region goes down, Traffic Manager routes traffic seamlessly to the closest region without any intervention from the application owner.
  • 降低延迟:由于流量管理器自动将客户定向到最近的区域,因此在请求网页内容时,客户遇到的延迟较低。Reduced latency: Because Traffic Manager automatically directs the customer to the closest region, the customer experiences lower latency when requesting the webpage contents.
  • 独立的可伸缩性:由于是根据内容类型隔离 Web 应用程序工作负荷,应用程序所有者可以独立伸缩请求工作负荷。Independent scalability: Because the web application workload is separated by type of content, the application owner can scale the request workloads independent of each other. 应用程序网关确保根据指定的规则以及应用程序的运行状况将流量路由到适当的池。Application Gateway ensures that the traffic is routed to the right pools based on the specified rules and the health of the application.
  • 内部负载均衡:由于是在高可用性群集的前面部署负载均衡器,因此只会向应用程序公开数据库的活动终结点和正常终结点。Internal load balancing: Because Load Balancer is in front of the high-availability cluster, only the active and healthy endpoint for a database is exposed to the application. 此外,数据库管理员可以独立于前端应用程序在群集之间分散主动和被动副本,从而优化工作负荷。Additionally, a database administrator can optimize the workload by distributing active and passive replicas across the cluster independent of the front-end application. 负载均衡器提供与高可用性群集的连接,确保只有正常的数据库接收连接请求。Load Balancer delivers connections to the high-availability cluster and ensures that only healthy databases receive connection requests.

下图显示了此方案的体系结构:The following diagram shows the architecture of this scenario:

负载均衡体系结构关系图

Note

此示例只是 Azure 提供的负载均衡服务的众多可能配置之一。This example is only one of many possible configurations of the load-balancing services that Azure offers. 可以根据负载均衡需求混合搭配使用流量管理器、应用程序网关和负载均衡器。Traffic Manager, Application Gateway, and Load Balancer can be mixed and matched to best suit your load-balancing needs. 例如,如果不需要 TLS 卸载或第 7 层处理,则可以使用负载均衡器来代替应用程序网关。For example, if TLS offload or Layer 7 processing is not necessary, Load Balancer can be used in place of Application Gateway.

设置负载均衡堆栈Setting up the load-balancing stack

步骤 1:创建流量管理器配置文件Step 1: Create a Traffic Manager profile

  1. 在 Azure 门户中,单击“创建资源” > “网络” > “全部查看” > “流量管理器配置文件” > “创建” 。In the Azure portal, click Create a resource > Networking > See All > Traffic Manager profile > Create.

  2. 输入以下基本信息:Enter the following basic information:

    • 名称:为流量管理器配置文件提供 DNS 前缀名称。Name: Give your Traffic Manager profile a DNS prefix name.
    • 路由方法:选择流量路由方法策略。Routing method: Select the traffic-routing method policy. 有关这些方法的详细信息,请参阅关于流量管理器流量路由方法For more information about the methods, see About Traffic Manager traffic routing methods.
    • 订阅:选择包含配置文件的订阅。Subscription: Select the subscription that contains the profile.
    • 资源组:选择包含配置文件的资源组。Resource group: Select the resource group that contains the profile. 可以是新的或现有的资源组。It can be a new or existing resource group.
    • 资源组位置:流量管理器服务是全局服务,不绑定到某个位置。Resource group location: Traffic Manager service is global and not bound to a location. 但是,用户必须指定组的区域,其中驻留了与流量管理器配置文件关联的元数据。However, you must specify a region for the group where the metadata associated with the Traffic Manager profile resides. 此位置不影响配置文件的运行时可用性。This location has no impact on the runtime availability of the profile.
  3. 单击“创建”,生成流量管理器配置文件。Click Create to generate the Traffic Manager profile.

    “创建流量管理器”边栏选项卡

步骤 2:创建应用程序网关Step 2: Create the application gateways

  1. 在 Azure 门户的右侧窗格中,单击“创建资源” > “网络” > “应用程序网关” 。In the Azure portal, in the left pane, click Create a resource > Networking > Application Gateway.

  2. 输入有关应用程序网关的下述基本信息:Enter the following basic information about the application gateway:

    • 名称:应用程序网关的名称。Name: The name of the application gateway.
    • SKU 大小:应用程序网关的大小,可用选项包括:“小”、“中”和“大”。SKU size: The size of the application gateway, available as Small, Medium, or Large.
    • 实例计数:实例的数目,其值为 2 到 10。Instance count: The number of instances, a value from 2 through 10.
    • 资源组:包含应用程序网关的资源组。Resource group: The resource group that holds the application gateway. 可以是现有资源组,也可以是新的资源组。It can be an existing resource group or a new one.
    • 位置:应用程序网关的区域,与资源组的位置相同。Location: The region for the application gateway, which is the same location as the resource group. 位置很重要,因为虚拟网络和公共 IP 必须与网关位于同一位置。The location is important, because the virtual network and public IP must be in the same location as the gateway.
  3. 单击 “确定”Click OK.

  4. 定义应用程序网关的虚拟网络、子网、前端 IP 和侦听器配置。Define the virtual network, subnet, front-end IP, and listener configurations for the application gateway. 在本方案中,前端 IP 地址是公共地址,因此稍后可将它作为终结点添加到流量管理器配置文件中。In this scenario, the front-end IP address is Public, which allows it to be added as an endpoint to the Traffic Manager profile later on.

  5. 使用以下选项之一配置侦听器:Configure the listener with one of the following options:

    • 如果使用 HTTP,则无须进行任何配置。If you use HTTP, there is nothing to configure. 单击 “确定”Click OK.

    • 如果使用 HTTPS,则需进一步配置。If you use HTTPS, further configuration is required. 请参阅创建应用程序网关,从第 9 步开始。Refer to Create an application gateway, starting at step 9. 完成配置以后,单击“确定”。When you have completed the configuration, click OK.

为应用程序网关配置 URL 路由Configure URL routing for application gateways

选择后端池时,使用基于路径的规则配置的应用程序网关采用请求 URL 加轮循机制分配法的路径模式。When you choose a back-end pool, an application gateway that's configured with a path-based rule takes a path pattern of the request URL in addition to round-robin distribution. 在此方案中,我们要添加基于路径的规则,将包含“/images/*”的任意 URL 定向到映像服务器池。In this scenario, we are adding a path-based rule to direct any URL with "/images/*" to the image server pool. 如需详细了解如何为应用程序网关配置基于 URL 路径的路由,请参阅为应用程序网关创建基于路径的规则For more information about configuring URL path-based routing for an application gateway, refer to Create a path-based rule for an application gateway.

应用程序网关 Web 层关系图

  1. 从资源组转到在前面部分创建的应用程序网关实例。From your resource group, go to the instance of the application gateway that you created in the preceding section.

  2. 在“设置”下面选择“后端池”,然后选择“添加”,添加要与 Web 层后端池关联的 VM。 Under Settings, select Backend pools, and then select Add to add the VMs that you want to associate with the web-tier back-end pools.

  3. 输入后端池的名称,以及驻留在池中的计算机的所有 IP 地址。Enter the name of the back-end pool and all the IP addresses of the machines that reside in the pool. 在此方案中,我们将连接虚拟机的两个后端服务器池。In this scenario, we are connecting two back-end server pools of virtual machines.

    应用程序网关的“添加后端池”

  4. 在应用程序网关的“设置”下面选择“规则”,然后单击“基于路径”按钮添加规则。 Under Settings of the application gateway, select Rules, and then click the Path based button to add a rule.

    应用程序网关规则“基于路径”按钮

  5. 请提供以下信息来配置规则。Configure the rule by providing the following information.

    基本设置:Basic settings:

    • 名称:可在门户中访问的规则的友好名称。Name: The friendly name of the rule that is accessible in the portal.
    • 侦听器:是用于规则的侦听器。Listener: The listener that is used for the rule.
    • 默认后端池:默认规则使用的后端池。Default backend pool: The back-end pool to be used with the default rule.
    • 默认 HTTP 设置:用于默认规则的 HTTP 设置。Default HTTP settings: The HTTP settings to be used with the default rule.

    基于路径的规则:Path-based rules:

    • 名称:基于路径的规则的友好名称。Name: The friendly name of the path-based rule.
    • 路径:用于转发流量的路径规则。Paths: The path rule that is used for forwarding traffic.
    • 后端池:要在此规则中使用的后端池。Backend Pool: The back-end pool to be used with this rule.
    • HTTP 设置:要在此规则中使用的 HTTP 设置。HTTP Setting: The HTTP settings to be used with this rule.

    Important

    路径:有效的路径必须以“/”开头。Paths: Valid paths must start with "/". 只允许在末尾使用通配符“*”。The wildcard "*" is allowed only at the end. 有效示例包括 /xyz、/xyz* 或 /xyz/*。Valid examples are /xyz, /xyz*, or /xyz/*.

    应用程序网关“添加基于路径的规则”边栏选项卡

步骤 3:将应用程序网关添加到流量管理器终结点Step 3: Add application gateways to the Traffic Manager endpoints

在此方案中,流量管理器将连接到驻留在不同区域的应用程序网关(在前面步骤中配置)。In this scenario, Traffic Manager is connected to application gateways (as configured in the preceding steps) that reside in different regions. 配置应用程序网关后,下一步是将它们连接到流量管理器配置文件。Now that the application gateways are configured, the next step is to connect them to your Traffic Manager profile.

  1. 打开流量管理器配置文件。Open your Traffic Manager profile. 为此,请在资源组中查看,或者在“所有资源”中搜索流量管理器配置文件的名称。To do so, look in your resource group or search for the name of the Traffic Manager profile from All Resources.

  2. 在左窗格中选择“终结点”,然后单击“添加”来添加终结点 。In the left pane, select Endpoints, and then click Add to add an endpoint.

    流量管理器终结点“添加”按钮

  3. 输入以下信息来创建一个终结点:Create an endpoint by entering the following information:

    • 类型:选择要进行负载均衡的终结点的类型。Type: Select the type of endpoint to load-balance. 在此方案中,请选择“Azure 终结点”,因为我们会将其连接到以前配置的应用程序网关实例。In this scenario, select Azure endpoint because we are connecting it to the application gateway instances that were configured previously.
    • 名称:输入终结点的名称。Name: Enter the name of the endpoint.
    • 目标资源类型:选择“公共 IP 地址”,然后在“目标资源”下选择以前配置的应用程序网关的公共 IP。 Target resource type: Select Public IP address and then, under Target resource, select the public IP of the application gateway that was configured previously.

    流量管理器的“添加终结点”

  4. 现在可以通过使用流量管理器配置文件的 DNS(在本示例中为TrafficManagerScenario.trafficmanager.cn)访问设置,对设置进行测试。Now you can test your setup by accessing it with the DNS of your Traffic Manager profile (in this example: TrafficManagerScenario.trafficmanager.cn). 测试设置时,可以重新发送请求、打开/关闭在不同区域中创建的 VM 和 Web 服务器,以及更改流量管理器配置文件设置。You can resend requests, bring up or bring down VMs and web servers that were created in different regions, and change the Traffic Manager profile settings to test your setup.

步骤 4:创建负载均衡器Step 4: Create a load balancer

在此方案中,负载均衡器将连接从 Web 层分发到高可用性群集中的数据库。In this scenario, Load Balancer distributes connections from the web tier to the databases within a high-availability cluster.

如果高可用性数据库群集使用 SQL Server AlwaysOn,请参阅配置一个或多个 Always On 可用性组侦听器了解分步说明。If your high-availability database cluster is using SQL Server AlwaysOn, refer to Configure one or more Always On Availability Group Listeners for step-by-step instructions.

有关配置内部负载均衡器的详细信息,请参阅在 Azure 门户中创建内部负载均衡器For more information about configuring an internal load balancer, see Create an Internal load balancer in the Azure portal.

  1. 在 Azure 门户的左侧窗格中,单击“创建资源” > “网络” > “负载均衡器” 。In the Azure portal, in the left pane, click Create a resource > Networking > Load balancer.
  2. 为负载均衡器选择一个名称。Choose a name for your load balancer.
  3. 将“类型”设置为“内部”,然后选择相应的虚拟网络和子网以供负载均衡器驻留在其中。 Set the Type to Internal, and choose the appropriate virtual network and subnet for the load balancer to reside in.
  4. 在“IP 地址分配”下,选择“动态”或“静态”。 Under IP address assignment, select either Dynamic or Static.
  5. 在“资源组”下面,选择负载均衡器的资源组 。Under Resource group, choose the resource group for the load balancer.
  6. 在“位置”下面,为负载均衡器选择适当的区域 。Under Location, choose the appropriate region for the load balancer.
  7. 单击“创建”生成负载均衡器 。Click Create to generate the load balancer.

将后端数据库层连接到负载均衡器Connect a back-end database tier to the load balancer

  1. 在资源组中,找到在前面步骤中创建的负载均衡器。From your resource group, find the load balancer that was created in the previous steps.

  2. 在“设置”下面,单击“后端池”,然后单击“添加”添加后端池。 Under Settings, click Backend pools, and then click Add to add a back-end pool.

    负载均衡器的“添加后端池”

  3. 输入后端池的名称。Enter the name of the back-end pool.

  4. 项后端池添加单独的计算机或可用性集。Add either individual machines or an availability set to the back-end pool.

配置探测Configure a probe

  1. 在负载均衡器的“设置”下面选择“探测”,然后单击“添加”添加探测 。In your load balancer, under Settings, select Probes, and then click Add to add a probe.

    负载均衡器的“添加探测”

  2. 输入探测的名称。Enter the name for the probe.

  3. 选择探测的 协议Select the Protocol for the probe. 对于数据库,可能需要使用 TCP 探测而不是 HTTP 探测。For a database, you might want a TCP probe rather than an HTTP probe. 若要详细了解负载均衡器探测,请参阅了解负载均衡器探测To learn more about load-balancer probes, refer to Understand load balancer probes.

  4. 输入访问探测时使用的数据库 端口Enter the Port of your database to be used for accessing the probe.

  5. 在“间隔”下面,指定探测应用程序的频率 。Under Interval, specify how frequently to probe the application.

  6. 在“不正常阈值”下,指定必须连续发生多少次探测故障才能将后端 VM 视为不正常运行。Under Unhealthy threshold, specify the number of continuous probe failures that must occur for the back-end VM to be considered unhealthy.

  7. 单击“确定”创建探测 。Click OK to create the probe.

配置负载均衡规则Configure the load-balancing rules

  1. 在负载均衡器的“设置”下面选择“负载均衡规则”,然后单击“添加”创建规则 。Under Settings of your load balancer, select Load balancing rules, and then click Add to create a rule.
  2. 输入负载均衡规则的“名称”。Enter the Name for the load-balancing rule.
  3. 选择负载均衡器的前端 IP 地址协议端口Choose the Frontend IP Address of the load balancer, Protocol, and Port.
  4. 在“后端端口”下面,指定要在后端池中使用的端口 。Under Backend port, specify the port to be used in the back-end pool.
  5. 选择在前面步骤中创建的后端池探测,对其应用规则。Select the Backend pool and the Probe that were created in the previous steps to apply the rule to.
  6. 在“会话持久性”下面,选择会话的保存方式 。Under Session persistence, choose how you want the sessions to persist.
  7. 在“空闲超时”下面,指定经过几分钟后发生空闲超时 。Under Idle timeouts, specify the number of minutes before an idle timeout.
  8. 在“浮动 IP”下选择“禁用”或“启用” 。Under Floating IP, select either Disabled or Enabled.
  9. 单击“确定”创建规则 。Click OK to create the rule.

步骤 5:将 Web 层 VM 连接到负载均衡器Step 5: Connect web-tier VMs to the load balancer

现在,已在 Web 层 VM 上运行的应用程序中配置了 IP 地址和负载均衡器前端端口,可建立任何数据库连接。Now we configure the IP address and load-balancer front-end port in the applications that are running on your web-tier VMs for any database connections. 此配置特定于这些 VM 上运行的应用程序。This configuration is specific to the applications that run on these VMs. 若要配置目标 IP 地址和端口,请参阅应用程序文档。To configure the destination IP address and port, refer to the application documentation. 若要查找前端的 IP 地址,请在 Azure 门户中转到“负载均衡器设置”上的前端 IP 池。To find the IP address of the front end, in the Azure portal, go to the front-end IP pool on the Load balancer settings.

负载均衡器“前端 IP 池”导航窗格

后续步骤Next steps