教程:通过 Azure 门户使用虚拟网络对等互连连接虚拟网络Tutorial: Connect virtual networks with virtual network peering using the Azure portal

可以使用虚拟网络对等互连将虚拟网络互相连接。You can connect virtual networks to each other with virtual network peering. 这些虚拟网络可以位于相同区域或不同区域中(也称为全局 VNet 对等互连)。These virtual networks can be in the same region or different regions (also known as Global VNet peering). 将虚拟网络对等互连后,两个虚拟网络中的资源将能够以相同的延迟和带宽相互通信,就像这些资源位于同一个虚拟网络中一样。Once virtual networks are peered, resources in both virtual networks are able to communicate with each other, with the same latency and bandwidth as if the resources were in the same virtual network. 在本教程中,你将了解如何执行以下操作:In this tutorial, you learn how to:

  • 创建两个虚拟网络Create two virtual networks
  • 使用虚拟网络对等互连连接两个虚拟网络。Connect two virtual networks with a virtual network peering
  • 将虚拟机 (VM) 部署到每个虚拟网络Deploy a virtual machine (VM) into each virtual network
  • VM 之间进行通信Communicate between VMs

如果你愿意,可以使用 Azure CLIAzure PowerShell 完成本教程中的步骤。If you prefer, you can complete this tutorial using the Azure CLI or Azure PowerShell.

先决条件Prerequisites

在开始之前,需要一个包含有效订阅的 Azure 帐户。Before you begin, you require an Azure account with an active subscription. 如果没有,可以创建一个试用版订阅If you do not have one, you can create a trial subscription.

登录 AzureLog in to Azure

通过 https://portal.azure.cn 登录到 Azure 门户。Log in to the Azure portal at https://portal.azure.cn.

创建虚拟网络Create virtual networks

  1. 在 Azure 门户中,选择“创建资源”。 On the Azure portal, select Create a resource.

  2. 选择“网络”,然后选择“虚拟网络” 。Select Networking, and then select Virtual network.

  3. 在“基本信息”选项卡上,输入或选择以下信息并接受其余设置的默认值:On the Basics tab, enter or select the following information and accept the defaults for the remaining settings:

    设置Setting Value
    订阅Subscription 选择订阅。Select your subscription.
    资源组Resource group 选择“新建”,并输入 myResourceGroupSelect Create new and enter myResourceGroup.
    区域Region 选择“中国东部”。Select China East.
    名称Name myVirtualNetwork1myVirtualNetwork1
  4. 在“IP 地址”选项卡上,为“地址空间”字段输入 10.0.0.0/16。On the IP Addresses tab, enter 10.0.0.0/16 for the Address Space field. 单击下面的“添加子网”按钮,并输入 Subnet1 作为 子网名称,输入 10.0.0.0/24 作为 子网地址范围Click the Add subnet button below and enter Subnet1 for Subnet Name and 10.0.0.0/24 for Subnet Address range.

  5. 选择“查看 + 创建”,然后选择“创建”。 Select Review + Create and then select Create.

  6. 再次完成步骤 1-5,但需要做出以下更改:Complete steps 1-5 again, with the following changes:

    设置Setting Value
    名称Name myVirtualNetwork2myVirtualNetwork2
    地址空间Address space 10.1.0.0/1610.1.0.0/16
    资源组Resource group 选择“使用现有”,然后选择“myResourceGroup”。Select Use existing and then select myResourceGroup.
    子网名称Subnet name Subnet2Subnet2
    子网地址范围Subnet Address range 10.1.0.0/2410.1.0.0/24

将虚拟网络对等互连Peer virtual networks

  1. 在 Azure 门户顶部的“搜索”框中,开始键入“MyVirtualNetwork1”。In the Search box at the top of the Azure portal, begin typing MyVirtualNetwork1. 当“myVirtualNetwork1”出现在搜索结果中时,将其选中。When myVirtualNetwork1 appears in the search results, select it.

  2. 在“设置”下选择“对等互连”,然后选择“添加”,如下图所示:Select Peerings, under Settings, and then select Add, as shown in the following picture:

    创建对等互连

  3. 输入或选择以下信息,接受剩下的默认设置,然后选择“确定”。Enter, or select, the following information, accept the defaults for the remaining settings, and then select OK.

    设置Setting Value
    本虚拟网络对等互连链接名称This virtual network Peering link name myVirtualNetwork1-myVirtualNetwork2 - 当页面首次加载时,将在此处看到短语“remote virtual network”。myVirtualNetwork1-myVirtualNetwork2 - When the page first loads, you'll see the phrase "remote virtual network" here. 选择远程虚拟网络后,短语“远程虚拟网络”将替换为远程虚拟网络的名称。After you choose the remote virtual network, the phrase "remote virtual network" will be replaced with the name of the remote virtual network.
    远程虚拟网络对等互连链接名称Remote virtual network Peering link name myVirtualNetwork2-myVirtualNetwork1myVirtualNetwork2-myVirtualNetwork1
    订阅Subscription 选择订阅。Select your subscription.
    虚拟网络Virtual network myVirtualNetwork2 - 若要选择 myVirtualNetwork2 虚拟网络,请依次选择“虚拟网络”、“myVirtualNetwork2 (myResourceGroup)”。myVirtualNetwork2 - To select the myVirtualNetwork2 virtual network, select Virtual network, then select myVirtualNetwork2 (myResourceGroup). 可以在相同区域或不同区域中选择虚拟网络。You can select a virtual network in the same region or in a different region.

    对等互连设置

    “对等互连状态”为“已连接”,如下图所示:The PEERING STATUS is Connected, as shown in the following picture:

    对等互连状态

    如果看不到状态,请刷新浏览器。If you don't see the status, refresh your browser.

创建虚拟机Create virtual machines

在稍后的步骤中,会在每个虚拟网络中创建一个 VM,以便可以在它们之间进行通信。Create a VM in each virtual network so that you can communicate between them in a later step.

创建第一个 VMCreate the first VM

  1. 在 Azure 门户中,选择“创建资源”。 On the Azure portal, select Create a resource.

  2. 选择“虚拟机”,然后选择“Windows Server 2016 Datacenter”。 Select Virtual Machines, and then select Windows Server 2016 Datacenter. 可以选择不同的操作系统,但剩余步骤假定你选择了“Windows Server 2016 Datacenter”。You can select a different operating system, but the remaining steps assume you selected Windows Server 2016 Datacenter.

  3. 对于“基本信息”输入或选择以下信息,接受剩下的默认设置,然后选择“创建” :Enter, or select, the following information for Basics, accept the defaults for the remaining settings, and then select Create:

    设置Setting Value
    资源组Resource group 选择“使用现有”,然后选择“myResourceGroup”。Select Use existing and then select myResourceGroup.
    名称Name myVM1myVm1
    位置Location 选择“中国东部”。Select China East.
    用户名User name 输入所选用户名。Enter a user name of your choosing.
    密码Password 输入所选密码。Enter a password of your choosing. 密码必须至少 12 个字符长,且符合定义的复杂性要求The password must be at least 12 characters long and meet the defined complexity requirements.
  4. 为“大小”选项选择 VM 大小。Select a VM size for the Size option.

  5. 在“网络”下选择以下值:Select the following values for under Networking:

    设置Setting Value
    虚拟网络Virtual network myVirtualNetwork1 - 如果尚未选择它,请选择“虚拟网络”,然后选择“myVirtualNetwork1”。myVirtualNetwork1 - If it's not already selected, select Virtual network and then select myVirtualNetwork1.
    子网Subnet Subnet1 - 如果尚未选择它,请选择“子网”,然后选择“Subnet1”。Subnet1 - If it's not already selected, select Subnet and then select Subnet1.
  6. 选择“网络”。Select Networking. 为“公共入站端口”选项选择“允许选定端口”。Choose Allow selected ports for the Public inbound ports option. 为此下面的“选择入站端口”选项选择 RDPChoose RDP for the Select inbound ports option below this.

  7. 选择左下角的“查看 + 创建”按钮开始 VM 部署。Select the Review + Create button in the lower, left-hand corner to start the VM deployment.

创建第二个 VMCreate the second VM

再次完成步骤 1-6,并做出以下更改:Complete steps 1-6 again, with the following changes:

设置Setting Value
名称Name myVm2myVm2
虚拟网络Virtual network myVirtualNetwork2myVirtualNetwork2

创建 VM 可能需要数分钟的时间。The VMs take a few minutes to create. 在两个 VM 完成创建之前,不要继续执行剩余的步骤。Do not continue with the remaining steps until both VMs are created.

备注

Azure 为未获得公共 IP 地址或位于内部基本 Azure 负载均衡器后端池中的 Azure 虚拟机提供临时 IP。Azure provides an ephemeral IP for Azure Virtual Machines which aren't assigned a public IP address, or are in the backend pool of an internal Basic Azure Load Balancer. 临时 IP 机制可提供无法配置的出站 IP 地址。The ephemeral IP mechanism provides an outbound IP address that isn't configurable.

如果将公共 IP 地址分配给某个虚拟机或将该虚拟机置入具有或不具有出站规则的标准负载均衡器的后端池中时,将禁用其原有的临时 IP。The ephemeral IP is disabled when a public IP address is assigned to the virtual machine or the virtual machine is placed in the backend pool of a Standard Load Balancer with or without outbound rules. 如果向虚拟机的子网分配 Azure 虚拟网络 NAT 网关资源,也会禁用其临时 IP。If a Azure Virtual Network NAT gateway resource is assigned to the subnet of the virtual machine, the ephemeral IP is disabled.

有关 Azure 中出站连接的详细信息,请参阅为出站连接使用源网络地址转换 (SNAT)For more information on outbound connections in Azure, see Using Source Network Address Translation (SNAT) for outbound connections.

VM 之间进行通信Communicate between VMs

  1. 在门户顶部的“搜索”框中,开始键入“myVm1”。In the Search box at the top of the portal, begin typing myVm1. 当“myVm1”出现在搜索结果中时,请选择它。When myVm1 appears in the search results, select it.

  2. 通过选择“连接”创建到 myVm1 VM 的远程桌面连接,如下图中所示:Create a remote desktop connection to the myVm1 VM by selecting Connect, as shown in the following picture:

    连接到虚拟机

  3. 若要连接到 VM,请打开已下载的 RDP 文件。To connect to the VM, open the downloaded RDP file. 出现提示时,选择“连接”。If prompted, select Connect.

  4. 输入在创建 VM 时指定的用户名和密码(可能需要选择“更多选择”,然后选择“使用其他帐户”,以便指定在创建 VM 时输入的凭据),然后选择“确定”。Enter the user name and password you specified when creating the VM (you may need to select More choices, then Use a different account, to specify the credentials you entered when you created the VM), then select OK.

  5. 你可能会在登录过程中收到证书警告。You may receive a certificate warning during the sign-in process. 选择“是”以继续进行连接。Select Yes to proceed with the connection.

  6. 在后面的步骤中,将使用 ping 从 myVm1 VM 与 myVm2 VM 进行通信。In a later step, ping is used to communicate with the myVm2 VM from the myVm1 VM. Ping 使用 Internet 控制消息协议 (ICMP),默认情况下会拒绝 ICMP 通过 Windows 防火墙。Ping uses the Internet Control Message Protocol (ICMP), which is denied through the Windows Firewall, by default. myVm1 VM 上,允许 ICMP 穿过 Windows 防火墙,以便在稍后的步骤中可以使用 PowerShell 从 myVm2 对此 VM 执行 ping 命令:On the myVm1 VM, enable ICMP through the Windows firewall, so that you can ping this VM from myVm2 in a later step, using PowerShell:

    New-NetFirewallRule -DisplayName "Allow ICMPv4-In" -Protocol ICMPv4
    

    虽然本教程中使用 ping 在 VM 之间进行通信,但在进行生产部署时,不建议允许 ICMP 通过 Windows 防火墙。Though ping is used to communicate between VMs in this tutorial, allowing ICMP through the Windows Firewall for production deployments is not recommended.

  7. 若要连接到 myVm2 VM,请在 myVm1 VM 上通过命令提示符输入以下命令:To connect to the myVm2 VM, enter the following command from a command prompt on the myVm1 VM:

    mstsc /v:10.1.0.4
    
  8. 由于启用了对 myVm1 的 ping,现在可以按 IP 地址 ping 它:Since you enabled ping on myVm1, you can now ping it by IP address:

    ping 10.0.0.4
    
  9. 断开到 myVm1myVm2 的 RDP 会话。Disconnect your RDP sessions to both myVm1 and myVm2.

清理资源Clean up resources

不再需要资源组时,可将资源组及其包含的所有资源一并删除:When no longer needed, delete the resource group and all resources it contains:

  1. 在门户顶部的“搜索”框中输入“myResourceGroup”。Enter myResourceGroup in the Search box at the top of the portal. 当在搜索结果中看到“myResourceGroup”时,将其选中。When you see myResourceGroup in the search results, select it.
  2. 选择“删除资源组”。Select Delete resource group.
  3. 对于“键入资源组名称:”,输入“myResourceGroup”,然后选择“删除”。 Enter myResourceGroup for TYPE THE RESOURCE GROUP NAME: and select Delete.

后续步骤Next steps