Azure 虚拟网络 IPv6 是什么?What is IPv6 for Azure Virtual Network?

Azure 虚拟网络 (VNet) IPv6 可让你通过虚拟网络内部的以及与 Internet 之间的 IPv6 和 IPv4 连接,在 Azure 中托管应用程序。IPv6 for Azure Virtual Network (VNet) enables you to host applications in Azure with IPv6 and IPv4 connectivity both within a virtual network and to and from the Internet. 由于公共 IPv4 地址即将耗尽,面向移动应用和物联网 (IoT) 的新网络通常构建在 IPv6 上的基础之上。Due to the exhaustion of public IPv4 addresses, new networks for mobility and Internet of Things (IoT) are often built on IPv6. 甚至是建立了很久的 ISP 和移动网络也正在过渡到 IPv6。Even long established ISP and mobile networks are being transformed to IPv6. 在现有市场和新兴市场中,仅使用 IPv4 的服务可能会处于真正的劣势。IPv4-only services can find themselves at a real disadvantage in both existing and emerging markets. 双堆栈 IPv4/IPv6 连接使得 Azure 托管的服务能够通过全球可用的、随时可连接现有 IPv4 和这些新 IPv6 设备与网络的双堆栈服务来弥补这种技术缺口。Dual stack IPv4/IPv6 connectivity enables Azure-hosted services to traverse this technology gap with globally available, dual-stacked services that readily connect with both the existing IPv4 and these new IPv6 devices and networks.

借助 Azure 的原始 IPv6 连接,可以轻松为 Azure 中托管的应用程序提供双堆栈 (IPv4/IPv6) Internet 连接。Azure's original IPv6 connectivity makes it easy to provide dual stack (IPv4/IPv6) Internet connectivity for applications hosted in Azure. 它可以通过入站和出站发起连接的负载均衡 IPv6 连接简化 VM 的部署。It allows for simple deployment of VMs with load balanced IPv6 connectivity for both inbound and outbound initiated connections. 此功能仍可用,详细信息请参阅此处This feature is still available and more information is available here. Azure 虚拟网络 IPv6 的功能要全面得多,它可以实现在 Azure 中部署完整的 IPv6 解决方案体系结构。IPv6 for Azure virtual network is much more full featured- enabling full IPv6 solution architectures to be deployed in Azure.

下图描绘了 Azure 中的简单双堆栈 (IPv4/IPv6) 部署:The following diagram depicts a simple dual stack (IPv4/IPv6) deployment in Azure:

IPv6 网络部署示意图

优点Benefits

Azure VNET IPv6 的优势:IPv6 for Azure VNET benefits:

  • 帮助将 Azure 托管应用程序的覆盖范围延伸到不断发展的移动和物联网市场。Helps expand the reach of your Azure-hosted applications into the growing mobile and Internet of Things markets.
  • 双堆积 IPv4/IPv6 VM 提供最高的服务部署灵活性。Dual stacked IPv4/IPv6 VMs provide maximum service deployment flexibility. 单个服务实例可以连接支持 IPv4 和 IPv6 的 Internet 客户端。A single service instance can connect with both IPv4 and IPv6-capable Internet clients.
  • 基于长时间建立的稳定 Azure VM 到 Internet IPv6 连接。Builds on long-established, stable Azure VM-to-Internet IPv6 connectivity.
  • 默认情况下是安全的,因为仅当在部署中明确请求与 Internet 建立 IPv6 连接时,才建立这种连接。Secure by default since IPv6 connectivity to the Internet is only established when you explicitly request it in your deployment.

功能Capabilities

Azure VNet IPv6 提供以下功能:IPv6 for Azure VNet includes the following capabilities:

  • Azure 客户可以根据其应用程序和客户的需求定义自己的 IPv6 虚拟网络地址空间,或者无缝集成到其本地 IP 空间。Azure customers can define their own IPv6 virtual network address space to meet the needs of their applications, customers, or seamlessly integrate into their on-premises IP space.

  • 使用具有双堆栈子网的双堆栈(IPv4 和 IPv6)虚拟网络,应用程序可以连接到其虚拟网络或 Internet 中的 IPv4 和 IPv6 资源。Dual stack (IPv4 and IPv6) virtual networks with dual stack subnets enable applications to connect with both IPv4 and IPv6 resources in their virtual network or - the Internet.

    重要

    IPv6 的子网大小只能是 /64。The subnets for IPv6 must be exactly /64 in size. 将来当你决定将子网路由到本地网络时,这种大小可以确保兼容性,因为某些路由器只能接受 /64 IPv6 路由。This ensures future compatibility should you decide to enable routing of the subnet to an on-premises network since some routers can only accept /64 IPv6 routes.

  • 使用网络安全组的 IPv6 规则保护资源。Protect your resources with IPv6 rules for Network Security Groups.

    • Azure 平台的分布式拒绝服务 (DDoS) 防护已扩展到面向 Internet 的公共 IPAnd the Azure platform's Distributed Denial of Service (DDoS) protections are extended to Internet-facing Public IP's
  • 使用用户定义的路由在虚拟网络中自定义 IPv6 流量的路由 - 尤其是利用网络虚拟设备增强应用程序时。Customize the routing of IPv6 traffic in your virtual network with User-Defined Routes- especially when leveraging Network Virtual Appliances to augment your application.

  • Linux 和 Windows 虚拟机都可以使用 Azure VNET IPv6Linux and Windows Virtual Machines can all use IPv6 for Azure VNET

  • 标准 IPv6 公共负载均衡器支持创建弹性可缩放的应用程序,包括:Standard IPv6 public Load Balancer support to create resilient, scalable applications, which include:

    • 可选的 IPv6 运行状况探测可以确定哪些后端池实例是正常的,因而可以接收新流。Optional IPv6 health probe to determine which backend pool instances are health and thus can receive new flows.
    • 可选的出站规则可以根据具体的需求,以完全声明性的方式控制出站连接,以缩放和优化此功能。Optional outbound rules which provide full declarative control over outbound connectivity to scale and tune this ability to your specific needs.
    • 可选的多种前端配置可让单个负载均衡器使用多个 IPv6 公共 IP 地址 - 可在不同的前端地址中重复使用相同的前端协议和端口。Optional multiple front-end configurations which enable a single load balancer to use multiple IPv6 public IP addresses- the same frontend protocol and port can be reused across frontend addresses.
    • 可以通过负载均衡规则的“浮动 IP”功能,在后端实例上重复使用可选的 IPv6 端口**Optional IPv6 ports can be reused on backend instances using the Floating IP feature of load-balancing rules
    • 注意:负载均衡不执行任何协议转换(无 NAT64)。Note: Load balancing does not perform any protocol translation (no NAT64).
  • 标准 IPv6 内部负载均衡器支持在 Azure VNET 内部创建弹性多层应用程序。Standard IPv6 internal Load Balancer support to create resilient multi-tier applications within Azure VNETs.

  • 基本 IPv6 公共负载均衡器支持与传统部署实现兼容Basic IPv6 public Load Balancer support for compatibility with legacy deployments

  • 保留的 IPv6 公共 IP 地址和地址范围提供稳定、可预测的 IPv6 地址,方便将公司和客户的 Azure 托管应用程序列入允许列表。Reserved IPv6 Public IP addresses and address ranges provide stable, predictable IPv6 addresses which ease whitelisting of your azure-hosted applications for your company and your customers.

  • 实例级公共 IP 提供与单个 VM 的 IPv6 Internet 直接连接。Instance-level Public IP provides IPv6 Internet connectivity directly to individual VMs.

  • 将 IPv6 添加到现有的仅使用 IPv4 的部署 - 使用此功能可以轻松将 IPv6 连接添加到现有的仅使用 IPv4 的部署,而无需重新创建部署。Add IPv6 to Existing IPv4-only deployments- this feature enables you to easily add IPv6 connectivity to existing IPv4-only deployments without the need to recreate deployments. 在此过程中 IPv4 网络流量不受影响,因此,根据应用程序和 OS,有时甚至可以将 IPv6 添加到实时服务。The IPv4 network traffic is unaffected during this process so depending on your application and OS you may be able to add IPv6 even to live services.

  • 可让 Internet 客户端使用所选的协议,凭借 Azure DNS 对 IPv6 (AAAA) 记录的支持无缝访问双堆栈应用程序。Let Internet clients seamlessly access your dual stack application using their protocol of choice with Azure DNS support for IPv6 (AAAA) records.

  • 创建可以通过虚拟机规模集和 IPv6 根据负载自动缩放的双堆栈应用程序。Create dual stack applications that automatically scale to your load with virtual machine scale sets with IPv6.

  • 虚拟网络 (VNET) 对等互连 - 区域内部和全球对等互连 - 可以无缝连接双堆栈 VNET - 对等互连网络中的 VM 上的 IPv4 和 IPv6 终结点能够相互通信。Virtual Network (VNET) Peering - both within-regional and global peering - enables you to seemlessly connect dual stack VNETs- both the IPv4 and IPv6 endpoints on VMs in the peered networks will be able to communicate with each other. 将部署过渡到双堆栈时,甚至可以将双堆栈对等互连到仅使用 IPv4 的 VNET。You can even peer dual stack with IPv4-only VNETs as you are transitioning your deployments to dual stack.

  • 可以使用负载均衡器指标/警报与网络观察程序功能(例如数据包捕获、NSG 流日志、连接故障排除和连接监视)实现 IPv6 故障排除与诊断。IPv6 Troubleshooting and Diagnostics are available with load balancer metrics/alerting and Network Watcher features such as packet capture, NSG flow logs, connection troubleshooting and connection monitoring.

作用域Scope

Azure VNET IPv6 是一个基础功能集,可让客户在 Azure 中托管双堆栈 (IPv4 + IPv6) 应用程序。IPv6 for Azure VNET is a foundational feature set which enables customers to host dual stack (IPv4+IPv6) applications in Azure. 我们有意不断地将 IPv6 支持添加到更多的 Azure 网络功能,最终提供 Azure PaaS 服务的双堆栈版本,但在此过程中,仍可以通过双堆栈虚拟机上的 IPv4 终结点访问所有 Azure PaaS 服务。We intend to add IPv6 support to more Azure networking features over time and eventually to offer dual stack versions of Azure PaaS services but in the meantime all Azure PaaS services can be accessed via the IPv4 endpoints on dual stack Virtual Machines.

限制Limitations

当前的 Azure 虚拟网络 IPv6 版本存在以下限制:The current IPv6 for Azure virtual network release has the following limitations:

  • 使用所有部署方法,适用于 Azure 虚拟网络的 IPv6 已在全球所有 Azure 商业版区域中提供。IPv6 for Azure virtual network is available in all global Azure Commercial regions using all deployment methods. 美国政府云中的部署暂时仅限于 ARM (JSON) 模板、命令行接口 (CLI) 和 Powershell。Deployment in the US Government cloud is temporarily limited to ARM (JSON) template, Command Line Interface (CLI) and Powershell. 美国政府云门户不久将会提供 IPv6 支持。IPv6 support in the US Government cloud portal will be available shortly.
  • 在启用了 IPv6 的 VNET 中,ExpressRoute 网关可以用于仅 IPv4 通信。ExpressRoute gateways CAN be used for IPv4-only traffic in a VNET with IPv6 enabled. 我们的路线图展示了对 IPv6 通信的支持。Support for IPv6 traffic is on our roadmap.
  • VPN 网关不能在启用了 IPv6 的 VNET 中使用,其可以直接进行使用,或通过“UseRemoteGateway”对等互连使用。VPN gateways CANNOT be used in a VNET with IPv6 enabled, either directly or peered with "UseRemoteGateway".
  • Azure 平台(AKS 等)不支持容器的 IPv6 通信。The Azure platform (AKS, etc.) does not support IPv6 communication for Containers.

定价Pricing

IPv6 Azure 资源和带宽按照与 IPv4 相同的费率收费。IPv6 Azure resources and bandwidth are charged at the same rates as IPv4. IPv6 不收取额外的费用或不同的费用。There are no additional or different charges for IPv6. 可以查找有关公共 IP 地址网络带宽负载均衡器的定价详细信息。You can find details about pricing for public IP addresses, network bandwidth, or Load Balancer.

后续步骤Next steps