公共 IP 地址Public IP addresses

公共 IP 地址允许 Internet 资源与 Azure 资源进行入站通信。Public IP addresses allow Internet resources to communicate inbound to Azure resources. 公共 IP 地址使 Azure 资源能够与 Internet 和面向公众的 Azure 服务进行出站通信。Public IP addresses enable Azure resources to communicate to Internet and public-facing Azure services. 此地址专门用于该资源,直到你对其取消分配。The address is dedicated to the resource, until it's unassigned by you. 无公共 IP 的资源可以进行出站通信。A resource without a public IP assigned can communicate outbound. Azure 会动态分配非专用于该资源的可用 IP 地址。Azure dynamically assigns an available IP address that isn't dedicated to the resource. 有关 Azure 中的出站连接的详细信息,请参阅了解出站连接For more information about outbound connections in Azure, see Understand outbound connections.

在 Azure Resource Manager 中,公共 IP 地址是具有其自身属性的资源。In Azure Resource Manager, a public IP address is a resource that has its own properties. 可与公共 IP 地址资源关联的部分资源包括:Some of the resources you can associate a public IP address resource with:

  • 虚拟机网络接口Virtual machine network interfaces
  • 面向 Internet 的负载均衡器Internet-facing load balancers
  • VPN 网关VPN gateways
  • 应用程序网关Application gateways
  • Azure 防火墙Azure Firewall

IP 地址版本IP address version

公共 IP 地址是使用 IPv4 或 IPv6 地址创建的。Public IP addresses are created with an IPv4 or IPv6 address.

SKUSKU

使用以下 SKU 之一创建公共 IP 地址:Public IP addresses are created with one of the following SKUs:

重要

负载均衡器和公共 IP 资源需要匹配的 SKU。Matching SKUs are required for load balancer and public IP resources. 不能混合使用基本 SKU 资源和标准 SKU 资源。You can't have a mixture of basic SKU resources and standard SKU resources. 无法将独立的虚拟机、可用性集资源中的虚拟机或虚拟机规模集资源同时附加到两个 SKU。You can't attach standalone virtual machines, virtual machines in an availability set resource, or a virtual machine scale set resources to both SKUs simultaneously. 新的设计应当考虑使用标准 SKU 资源。New designs should consider using Standard SKU resources. 有关详细信息,请查看标准负载均衡器Please review Standard Load Balancer for details.

标准Standard

标准 SKU 公共 IP 地址:Standard SKU public IP addresses:

  • 始终使用静态分配方法。Always use static allocation method.
  • 具有可调整的入站发起流空闲超时,范围为 4-30 分钟,默认值为 4 分钟,出站发起流的空闲超时固定为 4 分钟。Have an adjustable inbound originated flow idle timeout of 4-30 minutes, with a default of 4 minutes, and fixed outbound originated flow idle timeout of 4 minutes.
  • 默认情况下为安全的,并且对入站流量关闭。Secure by default and closed to inbound traffic. 允许列出网络安全组的入站流量。Allow list inbound traffic with a network security group.
  • 分配给网络接口、标准公共负载均衡器或应用程序网关。Assigned to network interfaces, standard public load balancers, or Application Gateways. 有关标准负载均衡器的详细信息,请参阅 Azure 标准负载均衡器For more information about Standard load balancer, see Azure Standard Load Balancer.

备注

在创建并关联网络安全组且显式允许所需入站流量之前,到标准 SKU 资源的入站通信将会失败。Inbound communication with a Standard SKU resource fails until you create and associate a network security group and explicitly allow the desired inbound traffic.

备注

使用实例元数据服务 IMDS 时,只有具有基本 SKU 的公共 IP 地址可用。Only Public IP addresses with basic SKU are available when using instance metadata service IMDS. 不支持标准 SKU。Standard SKU is not supported.

基本Basic

推出 SKU 之前创建的所有公共 IP 地址为基本 SKU 公共 IP 地址。All public IP addresses created before the introduction of SKUs are Basic SKU public IP addresses.

随着 SKU 的引入,可指定公共 IP 地址要采用的 SKU。With the introduction of SKUs, specify which SKU you would like the public IP address to be.

基本 SKU 地址:Basic SKU addresses:

  • 使用静态或动态分配方法分配。Assigned with the static or dynamic allocation method.
  • 具有可调整的入站发起流空闲超时,范围为 4-30 分钟,默认值为 4 分钟,出站发起流的空闲超时固定为 4 分钟。Have an adjustable inbound originated flow idle timeout of 4-30 minutes, with a default of 4 minutes, and fixed outbound originated flow idle timeout of 4 minutes.
  • 默认情况下处于打开状态。Are open by default. 建议使用网络安全组来对入站或出站流量进行限制,但这是可选的。Network security groups are recommended but optional for restricting inbound or outbound traffic.
  • 分配给可接收公共 IP 地址的任何 Azure 资源,例如:Assigned to any Azure resource that can be assigned a public IP address, such as:
    • 网络接口Network interfaces
    • VPN 网关VPN Gateways
    • 应用程序网关Application Gateways
    • 公共负载均衡器Public load balancers

分配方法Allocation method

基本和标准公共 IP 支持静态分配。Basic and standard public IPs support static assignment. 创建资源时,会为资源分配一个 IP 地址。The resource is assigned an IP address at the time it's created. 删除该资源时,将释放此 IP 地址。The IP address is released when the resource is deleted.

基本 SKU 公共 IP 地址支持动态分配。Basic SKU public IP addresses support a dynamic assignment. 动态分配是默认的分配方法。Dynamic is the default assignment method. 如果选择了动态分配,不会在创建资源时向资源提供 IP 地址。The IP address isn't given to the resource at the time of creation when selecting dynamic.

会在将公共 IP 地址资源与以下内容关联时分配 IP:The IP is assigned when you associate the public IP address resource with a:

  • 虚拟机Virtual machine
  • 第一个虚拟机与负载均衡器的后端池相关联。The first virtual machine is associated with the backend pool of a load balancer.

停止(或删除)该资源时,就会释放该 IP 地址。The IP address is released when you stop (or delete) the resource.

例如,从名为“资源 A”的资源释放公共 IP 资源。如果重新分配了公共 IP 资源,则“资源 A”将在启动时接收另一个 IP。For example, a public IP resource is released from a resource named Resource A. Resource A receives a different IP on start-up if the public IP resource is reassigned.

当分配方法从“静态”更改为“动态”时,就会释放该 IP 地址 。The IP address is released when the allocation method is changed from static to dynamic. 要确保所关联资源的 IP 地址保持不变,请将分配方法显式设置为“静态”。To ensure the IP address for the associated resource remains the same, set the allocation method explicitly to static. 静态 IP 地址是立即分配的。A static IP address is assigned immediately.

备注

即使将分配方法设置为“静态”,也无法通过指定方式将实际 IP 地址分配到公共 IP 地址资源。Even when you set the allocation method to static, you cannot specify the actual IP address assigned to the public IP address resource. Azure 会从创建资源时所在的 Azure 位置的可用 IP 地址池中分配 IP 地址。Azure assigns the IP address from a pool of available IP addresses in the Azure location the resource is created in.

以下情况通常使用静态公共 IP 地址:Static public IP addresses are commonly used in the following scenarios:

  • 必须更新防火墙规则才能与 Azure 资源通信。When you must update firewall rules to communicate with your Azure resources.
  • 对 DNS 名称进行解析时,如果更改了 IP 地址,则需更新 A 记录。DNS name resolution, where a change in IP address would require updating A records.
  • Azure 资源可与使用基于 IP 地址的安全模型的其他应用或服务通信。Your Azure resources communicate with other apps or services that use an IP address-based security model.
  • 使用链接到 IP 地址的 TLS/SSL 证书。You use TLS/SSL certificates linked to an IP address.

备注

Azure 会从每个 Azure 云中每个区域的唯一地址范围中分配公共 IP 地址。Azure allocates public IP addresses from a range unique to each region in each Azure cloud. 可以下载 Azure 中国云的范围(前缀)列表。You can download the list of ranges (prefixes) for the Azure China cloud.

DNS 主机名解析DNS hostname resolution

选择该选项为公共 IP 资源指定 DNS 域名标签。Select the option to specify a DNS domain name label for a public IP resource.

选择后,会为 domainnamelabel.location.cloudapp.chinacloudapi.cn 创建一个到 Azure 托管 DNS 中的公共 IP 的映射 。This selection creates a mapping for domainnamelabel.location.cloudapp.chinacloudapi.cn to the public IP in the Azure-managed DNS.

例如,创建公共 IP,其中:For instance, creation of a public IP with:

  • 将 contoso 作为 domainnamelabel contoso as a domainnamelabel
  • 中国北部 Azure 位置 China North Azure location

完全限定的域名 (FQDN) contoso.chinanorth.cloudapp.chinacloudapi.cn 解析为该资源的公共 IP 地址。The fully qualified domain name (FQDN) contoso.chinanorth.cloudapp.chinacloudapi.cn resolves to the public IP address of the resource.

重要

所创建的每个域名标签在其 Azure 位置必须是唯一的。Each domain name label created must be unique within its Azure location.

DNS 建议DNS Recommendations

如果需要移动区域,不能迁移公共 IP 的 FQDN。If a region move is needed, you can't migrate the FQDN of your public IP. 使用 FQDN 创建指向公共 IP 地址的自定义域 CNAME 记录。Use the FQDN to create a custom CNAME record pointing to the public IP address.

如果需要移动到其他公共 IP,请更新 CNAME 记录而不是更新 FQDN。If a move to a different public IP is required, update the CNAME record instead of updating the FQDN.

可以将 Azure DNS 或外部 DNS 提供程序用于 DNS 记录。You can use Azure DNS or an external DNS provider for your DNS Record.

虚拟机Virtual machines

将公共 IP 地址分配到其网络接口可将其与 WindowsLinux 虚拟机相关联。You can associate a public IP address with a Windows or Linux virtual machine by assigning it to its network interface.

为公共 IP 地址选择“动态”或“静态” 。Choose dynamic or static for the public IP address. 详细了解如何将 IP 地址分配到网络接口Learn more about assigning IP addresses to network interfaces.

面向 Internet 的负载均衡器Internet-facing load balancers

可将通过任一 SKU 的公共 IP 地址与 Azure 负载均衡器相关联,只需将其分配给负载均衡器前端配置即可。You can associate a public IP address of either SKU with an Azure Load Balancer, by assigning it to the load balancer frontend configuration. 公共 IP 充当负载均衡 IP。The public IP serves as a load-balanced IP.

可以向负载均衡器前端分配动态或静态公共 IP 地址。You can assign either a dynamic or a static public IP address to a load balancer front end. 可将多个公共 IP 地址分配到负载均衡器前端。You can assign multiple public IP addresses to a load balancer front end. 此配置可实现多 VIP 方案,如包含基于 TLS 的网站的多租户环境。This configuration enables multi-VIP scenarios like a multi-tenant environment with TLS-based websites.

有关 Azure 负载均衡器 SKU 的详细信息,请参阅 Azure 负载均衡器标准 SKUFor more information about Azure load balancer SKUs, see Azure load balancer standard SKU.

VPN 网关VPN gateways

Azure VPN 网关将 Azure 虚拟网络连接到:Azure VPN Gateway connects an Azure virtual network to:

  • Azure 虚拟网络Azure virtual networks
  • 本地网络。On-premises network(s).

需将公共 IP 地址分配到 VPN 网关才能与远程网络通信。A public IP address is assigned to the VPN Gateway to enable communication with the remote network. 只能向 VPN 网关分配”动态”基本的公共 IP 地址。You can only assign a dynamic basic public IP address to a VPN gateway.

应用程序网关Application gateways

将公共 IP 地址分配给网关的前端配置可以将其与 Azure 应用程序网关相关联。You can associate a public IP address with an Azure Application Gateway, by assigning it to the gateway's frontend configuration. 此公共 IP 地址充当负载均衡型 VIP。This public IP address serves as a load-balanced VIP. 只能将动态基本公共 IP 地址分配给应用网关 V1 前端配置,并且只能将静态标准 SKU 地址分配给 V2 前端配置。You can only assign a dynamic basic public IP address to an application gateway V1 front-end configuration, and only a static standard SKU address to a V2 front-end configuration.

  • 将“动态”基本公共 IP 地址分配给应用程序网关 V1 前端配置。Assign a dynamic basic public IP to an application gateway V1 front-end configuration.

概览At-a-glance

下表显示了将公共 IP 关联到顶级资源时所依据的属性,以及可使用的分配方法。The following table shows the property through which a public IP can be associated to a top-level resource and the possible allocation methods.

顶级资源Top-level resource IP 地址关联IP Address association 动态Dynamic 静态Static
虚拟机Virtual machine LinuxNetwork interface Yes Yes
面向 Internet 的负载均衡器Internet-facing Load balancer 前端配置Front-end configuration Yes Yes
VPN 网关VPN gateway 网关 IP 配置Gateway IP configuration Yes No
应用程序网关Application gateway 前端配置Front-end configuration 是(仅限 V1)Yes (V1 only) 是(仅限 V2)Yes (V2 only)

限制Limits

Azure 中的网络限制全面列出了 IP 寻址的限制。The limits for IP addressing are listed in the full set of limits for networking in Azure.

这些限制根据区域和订阅设置。The limits are per region and per subscription. 联系支持部门,根据业务需要将默认限制提高到最大限制。Contact support to increase the default limits up to the maximum limits based on your business needs.

定价Pricing

公共 IP 地址可能会产生少许费用。Public IP addresses may have a nominal charge. 有关 Azure 中 IP 地址定价的详细信息,请阅读 IP 地址定价页。To learn more about IP address pricing in Azure, review the IP address pricing page.

后续步骤Next steps