在虚拟网络中配置 IPv6 终结点的脚本示例Configure IPv6 endpoints in virtual network script sample

本文介绍如何在 Azure 中部署一个双堆栈 (IPv4 + IPv6) 应用程序,其中包含具有双堆栈子网的双堆栈虚拟网络、采用双重 (IPv4 + IPv6) 前端配置的负载均衡器、具有采用双重 IP 配置的 NIC 的 VM、双重网络安全组规则,以及双重公共 IP。This article shows you how to deploy a dual stack (IPv4 + IPv6) application in Azure that includes a dual stack virtual network with a dual stack subnet, a load balancer with dual (IPv4 + IPv6) front-end configurations, VMs with NICs that have a dual IP configuration, dual network security group rules ,and dual public IPs.

可以通过本地 Azure CLI 安装来执行脚本。You can execute the script from a local Azure CLI installation. 如果在本地使用 CLI,此脚本要求运行版本 2.0.28 或更高版本。If you use the CLI locally, this script requires that you are running version 2.0.28 or later. 要查找已安装的版本,请运行 az --versionTo find the installed version, run az --version. 如需进行安装或升级,请参阅安装 Azure CLIIf you need to install or upgrade, see Install the Azure CLI. 如果在本地运行 CLI,则还需运行 az login 以创建与 Azure 的连接。If you are running the CLI locally, you also need to run az login to create a connection with Azure.

如果没有 Azure 订阅,可在开始前创建一个试用帐户If you don't have an Azure subscription, create a trial account before you begin.

备注

在 Azure China 中使用 Azure CLI 2.0 之前,请首先运行 az cloud set -n AzureChinaCloud 更改云环境。Before you can use Azure CLI 2.0 in Azure China, please run az cloud set -n AzureChinaCloud first to change the cloud environment. 如果要切换回全局 Azure,请再次运行 az cloud set -n AzureCloudIf you want to switch back to Global Azure, run az cloud set -n AzureCloud again.

示例脚本Sample script

# Create a resource group
az group create \
--name DsResourceGroup01 \
--location chinaeast

# Create an IPV4 IP address
az network public-ip create \
--name dsPublicIP_v4  \
--resource-group DsResourceGroup01  \
--location chinaeast  \
--sku BASIC  \
--allocation-method dynamic  \
--version IPv4

# Create an IPV6 IP address
az network public-ip create \
--name dsPublicIP_v6  \
--resource-group DsResourceGroup01  \
--location chinaeast \
--sku BASIC  \
--allocation-method dynamic  \
--version IPv6

# Create public IP addresses for remote access to VMs
az network public-ip create \
--name dsVM0_remote_access  \
--resource-group DsResourceGroup01 \
--location chinaeast  \
--sku BASIC  \
--allocation-method dynamic  \
--version IPv4

# Create load balancer
az network public-ip create \
--name dsVM1_remote_access  \
--resource-group DsResourceGroup01  \
--location chinaeast  \
--sku BASIC  \
--allocation-method dynamic  \
--version IPv4
az network lb create \
--name dsLB  \
--resource-group DsResourceGroup01 \
--sku Basic \
--location chinaeast \
--frontend-ip-name dsLbFrontEnd_v4  \
--public-ip-address dsPublicIP_v4  \
--backend-pool-name dsLbBackEndPool_v4

# Create IPv6 front-end
az network lb frontend-ip create \
--lb-name dsLB  \
--name dsLbFrontEnd_v6  \
--resource-group DsResourceGroup01  \
--public-ip-address dsPublicIP_v6

# Configure IPv6 back-end address pool
az network lb address-pool create \
--lb-name dsLB  \
--name dsLbBackEndPool_v6  \
--resource-group DsResourceGroup01

# Create a load balancer rule

az network lb rule create \
--lb-name dsLB  \
--name dsLBrule_v4  \
--resource-group DsResourceGroup01  \
--frontend-ip-name dsLbFrontEnd_v4  \
--protocol Tcp  \
--frontend-port 80  \
--backend-port 80  \
--backend-pool-name dsLbBackEndPool_v4

az network lb rule create 
--lb-name dsLB  \
--name dsLBrule_v6  \
--resource-group DsResourceGroup01 \
--frontend-ip-name dsLbFrontEnd_v6  \
--protocol Tcp  \
--frontend-port 80 \
--backend-port 80  \
--backend-pool-name dsLbBackEndPool_v6

# Create an availability set
az vm availability-set create \
--name dsAVset  \
--resource-group DsResourceGroup01  \
--location chinaeast \
--platform-fault-domain-count 2  \
--platform-update-domain-count 2

# Create network security group

az network nsg create \
--name dsNSG1  \
--resource-group DsResourceGroup01  \
--location chinaeast

# Create inbound rule for port 3389
az network nsg rule create \
--name allowRdpIn  \
--nsg-name dsNSG1  \
--resource-group DsResourceGroup01  \
--priority 100  \
--description "Allow Remote Desktop In"  \
--access Allow  \
--protocol "*"  \
--direction Inbound  \
--source-address-prefixes "*"  \
--source-port-ranges 3389  \
--destination-address-prefixes "*"  \
--destination-port-ranges 3389

# Create outbound rule

az network nsg rule create \
--name allowAllOut  \
--nsg-name dsNSG1  \
--resource-group DsResourceGroup01  \
--priority 100  \
--description "Allow All Out"  \
--access Allow  \
--protocol "*"  \
--direction Outbound  \
--source-address-prefixes "*"  \
--source-port-ranges "*"  \
--destination-address-prefixes "*"  \
--destination-port-ranges "*"

# Create the virtual network
az network vnet create \
--name dsVNET \
--resource-group DsResourceGroup01 \
--location chinaeast  \
--address-prefixes "10.0.0.0/16" "ace:cab:deca::/48"

# Create a single dual stack subnet

az network vnet subnet create \
--name dsSubNET \
--resource-group DsResourceGroup01 \
--vnet-name dsVNET \
--address-prefix 10.0.0.0/24 \
--address-prefix "ace:cab:deca:deed::/64" \
--network-security-group dsNSG1

# Create NICs
az network nic create \
--name dsNIC0  \
--resource-group DsResourceGroup01 \
--network-security-group dsNSG1  \
--vnet-name dsVNET  \
--subnet dsSubNet  \
--private-ip-address-version IPv4 \
--lb-address-pools dsLbBackEndPool_v4  \
--lb-name dsLB  \
--public-ip-address dsVM0_remote_access

az network nic create \
--name dsNIC1 \
--resource-group DsResourceGroup01 \
--network-security-group dsNSG1 \
--vnet-name dsVNET \
--subnet dsSubNet \
--private-ip-address-version IPv4 \
--lb-address-pools dsLbBackEndPool_v4 \
--lb-name dsLB \
--public-ip-address dsVM1_remote_access

# Create IPV6 configurations for each NIC

az network nic ip-config create \
--name dsIp6Config_NIC0  \
--nic-name dsNIC0  \
--resource-group DsResourceGroup01 \
--vnet-name dsVNET \
--subnet dsSubNet \
--private-ip-address-version IPv6 \
--lb-address-pools dsLbBackEndPool_v6 \
--lb-name dsLB

az network nic ip-config create \
--name dsIp6Config_NIC1 \
--nic-name dsNIC1 \
--resource-group DsResourceGroup01 \
--vnet-name dsVNET \
--subnet dsSubNet \
--private-ip-address-version IPv6 \
--lb-address-pools dsLbBackEndPool_v6 
--lb-name dsLB

# Create virtual machines
 az vm create \
--name dsVM0 \
--resource-group DsResourceGroup01 \
--nics dsNIC0 \
--size Standard_A2 \
--availability-set dsAVset \
--image MicrosoftWindowsServer:WindowsServer:2016-Datacenter:latest  

az vm create \
--name dsVM1 \
--resource-group DsResourceGroup01 \
--nics dsNIC1 \
--size Standard_A2 \
--availability-set dsAVset \
--image MicrosoftWindowsServer:WindowsServer:2016-Datacenter:latest

清理部署Clean up deployment

运行以下命令来删除资源组、VM 和所有相关资源:Run the following command to remove the resource group, VM, and all related resources:

az group delete --name <resourcegroupname> --yes

脚本说明Script explanation

此脚本使用以下命令创建资源组、虚拟机、可用性集、负载均衡器和所有相关资源。This script uses the following commands to create a resource group, virtual machine, availability set, load balancer, and all related resources. 表中的每条命令均链接到特定于命令的文档。Each command in the table links to command specific documentation.

命令Command 注释Notes
az group createaz group create 创建用于存储所有资源的资源组。Creates a resource group in which all resources are stored.
az network vnet createaz network vnet create 创建 Azure 虚拟网络和子网。Creates an Azure virtual network and subnet.
az network public-ip createaz network public-ip create 使用静态 IP 地址和关联的 DNS 名称创建公共 IP 地址。Creates a public IP address with a static IP address and an associated DNS name.
az network lb createaz network lb create 创建 Azure 负载均衡器。Creates an Azure load balancer.
az network lb probe createaz network lb probe create 创建负载均衡器探测。Creates a load balancer probe. 负载均衡器探测用于监视负载均衡器集中的每个 VM。A load balancer probe is used to monitor each VM in the load balancer set. 如果任何 VM 无法访问,流量不会路由到该 VM。If any VM becomes inaccessible, traffic is not routed to the VM.
az network lb rule createaz network lb rule create 创建负载均衡器规则。Creates a load balancer rule. 在此示例中,为端口 80 创建一个规则。In this sample, a rule is created for port 80. 当 HTTP 流量到达负载均衡器时,它会路由到 LB 集中某个 VM 的端口 80。As HTTP traffic arrives at the load balancer, it is routed to port 80 one of the VMs in the LB set.
az network lb inbound-nat-rule createaz network lb inbound-nat-rule create 创建负载均衡器网络地址转换 (NAT) 规则。Creates load balancer Network Address Translation (NAT) rule. NAT 规则将负载均衡器的端口映射到 VM 上的端口。NAT rules map a port of the load balancer to a port on a VM. 在本示例中,将为发往负载均衡器集中的每个 VM 的 SSH 流量创建 NAT 规则。In this sample, a NAT rule is created for SSH traffic to each VM in the load balancer set.
az network nsg createaz network nsg create 创建网络安全组 (NSG),这是 Internet 和虚拟机之间的安全边界。Creates a network security group (NSG), which is a security boundary between the internet and the virtual machine.
az network nsg rule createaz network nsg rule create 创建 NSG 规则以允许入站流量。Creates an NSG rule to allow inbound traffic. 在此示例中,为 SSH 流量打开端口 22。In this sample, port 22 is opened for SSH traffic.
az network nic createaz network nic create 创建虚拟网卡并将其连接到虚拟网络、子网和 NSG。Creates a virtual network card and attaches it to the virtual network, subnet, and NSG.
az vm availability-set createaz vm availability-set create 创建可用性集。Creates an availability set. 可用性集通过将虚拟机分布到各个物理资源上(以便发生故障时,不会影响整个集)来确保应用程序运行时间。Availability sets ensure application uptime by spreading the virtual machines across physical resources such that if failure occurs, the entire set is not effected.
az vm createaz vm create 创建虚拟机并将其连接到网卡、虚拟网络、子网和 NSG。Creates the virtual machine and connects it to the network card, virtual network, subnet, and NSG. 此命令还指定要使用的虚拟机映像和管理凭据。This command also specifies the virtual machine image to be used and administrative credentials.
az group deleteaz group delete 删除资源组,包括所有嵌套的资源。Deletes a resource group including all nested resources.

后续步骤Next steps

有关 Azure CLI 的详细信息,请参阅 Azure CLI 文档For more information on the Azure CLI, see Azure CLI documentation.

可在 Azure 网络文档中找到其他 Azure 网络 CLI 脚本示例。Additional Azure Networking CLI script samples can be found in the Azure Networking documentation.