专用 IP 地址Private IP addresses

使用专用 IP 可在 Azure 中的资源之间进行通信。Private IPs allow communication between resources in Azure.

资源可以是:Resources can be:

  • Azure 服务,例如:Azure Services such as:
    • 虚拟机网络接口Virtual machine network interfaces
    • 内部负载均衡器 (ILB)Internal load balancers (ILBs)
    • 应用程序网关Application gateways
  • 虚拟网络中)。In a virtual network.
  • 使用 VPN 网关或 ExpressRoute 线路的本地网络。On-premises network through a VPN gateway or ExpressRoute circuit.

使用专用 IP,无需使用公共 IP 地址即可与这些资源通信。Private IPs allow communication to these resources without the use of a public IP address.

分配方法Allocation method

Azure 从资源所在的虚拟网络子网的地址范围中为资源分配专用 IP 地址。Azure assigns private IP addresses to resources from the address range of the virtual network subnet where the resource is.

Azure 保留每个子网地址范围中的前四个地址。Azure reserves the first four addresses in each subnet address range. 不能将这些地址分配给资源。The addresses can't be assigned to resources. 例如,如果子网的地址范围是 10.0.0.0/16,则地址 10.0.0.0-10.0.0.3 和 10.0.255.255 不可用。For example, if the subnet's address range is 10.0.0.0/16, addresses 10.0.0.0-10.0.0.3 and 10.0.255.255 are unavailable. 子网的地址范围内的 IP 地址一次只能分配给一个资源。IP addresses within the subnet's address range can only be assigned to one resource at a time.

提供专用 IP 地址有两种方法:There are two methods in which a private IP address is given:

  • 动态:Azure 会分配子网的地址范围内下一个未分配或未保留的可用 IP 地址。Dynamic: Azure assigns the next available unassigned or unreserved IP address in the subnet's address range. 例如,如果地址 10.0.0.4-10.0.0.9 已分配给其他资源,Azure 会将 10.0.0.10 分配给新资源。For example, Azure assigns 10.0.0.10 to a new resource, if addresses 10.0.0.4-10.0.0.9 are already assigned to other resources.

    动态方法是默认的分配方法。Dynamic is the default allocation method. 分配后,如果网络接口为以下情况,则会释放动态 IP 地址:Once assigned, dynamic IP addresses are released if a network interface is:

    • DeletedDeleted
    • 重新分配到同一虚拟网络中的其他子网。Reassigned to a different subnet within the same virtual network.
    • 分配方法更改为静态,并指定另一个 IP 地址。The allocation method is changed to static, and a different IP address is specified.

    默认情况下,当分配方法从动态更改为静态时,Azure 会将以前动态分配的地址作为静态地址分配。By default, Azure assigns the previous dynamically assigned address as the static address when you change the allocation method from dynamic to static.

  • 静态:选择并分配子网的地址范围内任何未分配或未保留的 IP 地址。Static: You select and assign any unassigned or unreserved IP address in the subnet's address range.

    例如,子网的地址范围是 10.0.0.0/16,地址 10.0.0.4-10.0.0.9 分配给其他资源。For example, a subnet's address range is 10.0.0.0/16 and addresses 10.0.0.4-10.0.0.9 are assigned to other resources. 可以分配 10.0.0.10 - 10.0.255.254 之间的任何地址。You can assign any address between 10.0.0.10 - 10.0.255.254. 只有在删除网络接口之后,静态地址才会释放。Static addresses are only released if a network interface is deleted.

    更改分配方法后,Azure 会将静态 IP 分配为动态 IP。Azure assigns the static IP as the dynamic IP when the allocation method is changed. 即使该地址不是子网中的下一个可用地址,也会重新分配。The reassignment occurs even if the address isn't the next available in the subnet. 将网络接口分配给其他子网时,地址会发生更改。The address changes when the network interface is assigned to a different subnet.

    若要将网络接口分配给其他子网,可将分配方法从静态更改为动态。To assign the network interface to a different subnet, you change the allocation method from static to dynamic. 将网络接口分配给其他子网,然后将分配方法更改回静态。Assign the network interface to a different subnet, then change the allocation method back to static. 分配新子网地址范围中的 IP 地址。Assign an IP address from the new subnet's address range.

虚拟机Virtual machines

将一个或多个专用 IP 地址分配给一个或多个网络接口。One or more private IP addresses are assigned to one or more network interfaces. 将网络接口分配给 WindowsLinux 虚拟机。The network interfaces are assigned to a Windows or Linux virtual machine. 可将每个专用 IP 地址的分配方法指定为动态或静态。You can specify the allocation method as either dynamic or static for each private IP address.

内部 DNS 主机名解析(针对虚拟机)Internal DNS hostname resolution (for virtual machines)

默认情况下,使用 Azure 托管的 DNS 服务器配置 Azure 虚拟机。Azure virtual machines are configured with Azure-managed DNS servers by default. 可以显式配置自定义 DNS 服务器。You can explicitly configure custom DNS servers. 这些 DNS 服务器为同一个虚拟网络内的虚拟机提供内部名称解析。These DNS servers provide internal name resolution for virtual machines that are within the same virtual network.

将向 Azure 托管的 DNS 服务器添加主机名到虚拟机的专用 IP 地址的映射。A mapping for the hostname to a virtual machine's private IP address is added to the Azure-managed DNS servers.

当 VM 具有以下内容时,主机名将映射到主网络接口的主 IP:A hostname is mapped to the primary IP of the main network interface when a VM has:

  • 多个网络接口Multiple network interfaces
  • 多个 IP 地址Multiple IP addresses
  • 推送、请求和匿名Both

配置了 Azure 托管 DNS 的 VM 会解析同一虚拟网络中的主机名。VMs configured with Azure-managed DNS resolve the hostnames within the same virtual network. 使用自定义 DNS 服务器解析连接的虚拟网络中的 VM 的主机名。Use a custom DNS server to resolve host names of VMs in connected virtual networks.

内部负载均衡器 (ILB) 和应用程序网关Internal load balancers (ILB) & Application gateways

可以将专用 IP 地址分配到以下服务的前端配置:You can assign a private IP address to the front-end configuration of an:

此专用 IP 地址将用作内部终结点。This private IP address serves as an internal endpoint. 内部终结点仅供其虚拟网络和连接到它的远程网络中的资源访问。The internal endpoint is accessible only to the resources within its virtual network and the remote networks connected to it. 可以分配动态或静态 IP。A dynamic or static IP can be assigned.

概览At-a-glance

下表显示了可通过其将专用 IP 与资源关联的属性。The following table shows the property through which a private IP can be associated to a resource.

还显示可以使用的可能的分配方法:The possible allocation methods that can be used are also displayed:

  • 动态Dynamic
  • 静态Static
顶级资源Top-level resource IP 地址关联IP address association 动态Dynamic 静态Static
虚拟机Virtual machine LinuxNetwork interface Yes Yes
负载均衡器Load balancer 前端配置Front-end configuration Yes Yes
应用程序网关Application gateway 前端配置Front-end configuration Yes Yes

限制Limits

可在 Azure 中的完整网络限制中找到对 IP 寻址的限制。The limits on IP addressing are found in the full set of limits for networking in Azure. 这些限制根据区域和订阅设置。The limits are per region and per subscription. 联系支持部门,根据业务需要将默认限制提高到最大限制。Contact support to increase the default limits up to the maximum limits based on your business needs.

后续步骤Next steps

了解 Azure 中的公共 IP 地址Learn about Public IP Addresses in Azure