教程:通过 Azure 门户使用虚拟网络对等互连连接虚拟网络Tutorial: Connect virtual networks with virtual network peering using the Azure portal

可以使用虚拟网络对等互连将虚拟网络互相连接。You can connect virtual networks to each other with virtual network peering. 这些虚拟网络可以位于相同区域或不同区域中(也称为全局 VNet 对等互连)。These virtual networks can be in the same region or different regions (also known as Global VNet peering). 将虚拟网络对等互连后,两个虚拟网络中的资源将能够以相同的延迟和带宽相互通信,就像这些资源位于同一个虚拟网络中一样。Once virtual networks are peered, resources in both virtual networks are able to communicate with each other, with the same latency and bandwidth as if the resources were in the same virtual network. 在本教程中,你将了解如何执行以下操作:In this tutorial, you learn how to:

  • 创建两个虚拟网络Create two virtual networks
  • 使用虚拟网络对等互连连接两个虚拟网络。Connect two virtual networks with a virtual network peering
  • 将虚拟机 (VM) 部署到每个虚拟网络Deploy a virtual machine (VM) into each virtual network
  • VM 之间进行通信Communicate between VMs

如果你愿意,可以使用 Azure CLIAzure PowerShell 完成本教程中的步骤。If you prefer, you can complete this tutorial using the Azure CLI or Azure PowerShell.

如果没有 Azure 订阅,可在开始前创建一个 试用帐户If you don't have an Azure subscription, create a trial account before you begin.

登录 AzureLog in to Azure

通过 https://portal.azure.cn 登录到 Azure 门户。Log in to the Azure portal at https://portal.azure.cn.

创建虚拟网络Create virtual networks

  1. 在 Azure 门户中,选择“创建资源”。 On the Azure portal, select Create a resource.

  2. 选择“网络”,然后选择“虚拟网络” 。Select Networking, and then select Virtual network.

  3. 输入或选择以下信息,接受剩下的默认设置,然后选择“创建” :Enter, or select, the following information, accept the defaults for the remaining settings, and then select Create:

    设置Setting Value
    名称Name myVirtualNetwork1myVirtualNetwork1
    地址空间Address space 10.0.0.0/1610.0.0.0/16
    订阅Subscription 选择订阅。Select your subscription.
    资源组Resource group 选择“新建”,并输入 myResourceGroup Select Create new and enter myResourceGroup.
    位置Location 选择“中国东部”。 Select China East.
    子网名称Subnet Name Subnet1Subnet1
    子网地址范围Subnet Address range 10.0.0.0/2410.0.0.0/24

    创建虚拟网络

  4. 再次完成步骤 1-3,并做出以下更改:Complete steps 1-3 again, with the following changes:

    设置Setting Value
    名称Name myVirtualNetwork2myVirtualNetwork2
    地址空间Address space 10.1.0.0/1610.1.0.0/16
    资源组Resource group 选择“使用现有”,然后选择“myResourceGroup” 。Select Use existing and then select myResourceGroup.
    子网名称Subnet name Subnet2Subnet2
    子网地址范围Subnet Address range 10.1.0.0/2410.1.0.0/24

将虚拟网络对等互连Peer virtual networks

  1. 在 Azure 门户顶部的“搜索” 框中,开始键入“MyVirtualNetwork1”。In the Search box at the top of the Azure portal, begin typing MyVirtualNetwork1. 当“myVirtualNetwork1”出现在搜索结果中时,将其选中。 When myVirtualNetwork1 appears in the search results, select it.

  2. 在“设置”下选择“对等互连”,然后选择“+ 添加”,如下图所示: Select Peerings, under Settings, and then select + Add, as shown in the following picture:

    创建对等互连

  3. 输入或选择以下信息,接受剩下的默认设置,然后选择“确定” 。Enter, or select, the following information, accept the defaults for the remaining settings, and then select OK.

    设置Setting Value
    从 myVirtualNetwork1 到远程虚拟网络的对等互连的名称Name of the peering from myVirtualNetwork1 to remote virtual network myVirtualNetwork1-myVirtualNetwork2 - 当页面首次加载时,将在此处看到短语“remote virtual network”。myVirtualNetwork1-myVirtualNetwork2 - When the page first loads, you'll see the phrase "remote virtual network" here. 选择远程虚拟网络后,短语“远程虚拟网络”将替换为远程虚拟网络的名称。After you choose the remote virtual network, the phrase "remote virtual network" will be replaced with the name of the remote virtual network.
    订阅Subscription 选择订阅。Select your subscription.
    虚拟网络Virtual network myVirtualNetwork2 - 若要选择 myVirtualNetwork2 虚拟网络,请依次选择“虚拟网络”、“myVirtualNetwork2 (myResourceGroup)” 。myVirtualNetwork2 - To select the myVirtualNetwork2 virtual network, select Virtual network, then select myVirtualNetwork2 (myResourceGroup). 可以在相同区域或不同区域中选择虚拟网络。You can select a virtual network in the same region or in a different region.

    对等互连设置

  4. 在 Azure 门户顶部的“搜索” 框中,开始键入“MyVirtualNetwork2” 。In the Search box at the top of the Azure portal, begin typing MyVirtualNetwork2. 当“myVirtualNetwork2”出现在搜索结果中时,将其选中。 When myVirtualNetwork2 appears in the search results, select it.

  5. 再次完成步骤 2-3,并做出以下更改,然后选择“确定” :Complete steps 2-3 again, with the following changes, and then select OK:

    设置Setting Value
    创建从 myVirtualNetwork2 到 myVirtualNetwork1 的对等互连名称Name of the peering from myVirtualNetwork2 to myVirtualNetwork1 myVirtualNetwork2-myVirtualNetwork1myVirtualNetwork2-myVirtualNetwork1
    虚拟网络Virtual network myVirtualNetwork1myVirtualNetwork1

    “对等互连状态”为“已连接”,如下图所示: The PEERING STATUS is Connected, as shown in the following picture:

    对等互连状态

    如果看不到状态,请刷新浏览器。If you don't see the status, refresh your browser.

创建虚拟机Create virtual machines

在稍后的步骤中,会在每个虚拟网络中创建一个 VM,以便可以在它们之间进行通信。Create a VM in each virtual network so that you can communicate between them in a later step.

创建第一个 VMCreate the first VM

  1. 在 Azure 门户中,选择“创建资源”。 On the Azure portal, select Create a resource.

  2. 选择“虚拟机”,然后选择“Windows Server 2016 Datacenter”。 Select Virtual Machines, and then select Windows Server 2016 Datacenter. 可以选择不同的操作系统,但剩余步骤假定你选择了“Windows Server 2016 Datacenter”。 You can select a different operating system, but the remaining steps assume you selected Windows Server 2016 Datacenter.

  3. 对于“基本信息”输入或选择以下信息,接受剩下的默认设置,然后选择“创建” :Enter, or select, the following information for Basics, accept the defaults for the remaining settings, and then select Create:

    设置Setting Value
    资源组Resource group 选择“使用现有”,然后选择“myResourceGroup” 。Select Use existing and then select myResourceGroup.
    名称Name myVM1myVm1
    位置Location 选择“中国东部”。 Select China East.
    用户名User name 输入所选用户名。Enter a user name of your choosing.
    密码Password 输入所选密码。Enter a password of your choosing. 密码必须至少 12 个字符长,且符合定义的复杂性要求The password must be at least 12 characters long and meet the defined complexity requirements.
  4. 为“大小” 选项选择 VM 大小。Select a VM size for the Size option.

  5. 在“网络” 下选择以下值:Select the following values for under Networking:

    设置Setting Value
    虚拟网络Virtual network myVirtualNetwork1 - 如果尚未选择它,请选择“虚拟网络”,然后选择“myVirtualNetwork1”。 myVirtualNetwork1 - If it's not already selected, select Virtual network and then select myVirtualNetwork1.
    子网Subnet Subnet1 - 如果尚未选择它,请选择“子网” ,然后选择“Subnet1” 。Subnet1 - If it's not already selected, select Subnet and then select Subnet1.
  6. 选择“网络” 。Select Networking. 为“公共入站端口”选项选择“允许选定端口”。Choose Allow selected ports for the Public inbound ports option. 为此下面的“选择入站端口”选项选择 RDPChoose RDP for the Select inbound ports option below this.

  7. 选择左下角的“查看 + 创建” 按钮开始 VM 部署。Select the Review + Create button in the lower, left-hand corner to start the VM deployment.

创建第二个 VMCreate the second VM

再次完成步骤 1-6,并做出以下更改:Complete steps 1-6 again, with the following changes:

设置Setting Value
名称Name myVm2myVm2
虚拟网络Virtual network myVirtualNetwork2myVirtualNetwork2

创建 VM 可能需要数分钟的时间。The VMs take a few minutes to create. 在两个 VM 完成创建之前,不要继续执行剩余的步骤。Do not continue with the remaining steps until both VMs are created.

VM 之间进行通信Communicate between VMs

  1. 在门户顶部的“搜索” 框中,开始键入“myVm1”。 In the Search box at the top of the portal, begin typing myVm1. 当“myVm1”出现在搜索结果中时,请选择它。 When myVm1 appears in the search results, select it.

  2. 通过选择“连接”创建到 myVm1 VM 的远程桌面连接 ,如下图中所示:Create a remote desktop connection to the myVm1 VM by selecting Connect, as shown in the following picture:

    连接到虚拟机

  3. 若要连接到 VM,请打开已下载的 RDP 文件。To connect to the VM, open the downloaded RDP file. 出现提示时,选择“连接” 。If prompted, select Connect.

  4. 输入在创建 VM 时指定的用户名和密码(可能需要选择“更多选择”,然后选择“使用其他帐户”,以便指定在创建 VM 时输入的凭据),然后选择“确定”。 Enter the user name and password you specified when creating the VM (you may need to select More choices, then Use a different account, to specify the credentials you entered when you created the VM), then select OK.

  5. 你可能会在登录过程中收到证书警告。You may receive a certificate warning during the sign-in process. 选择“是”以继续进行连接。 Select Yes to proceed with the connection.

  6. 在后面的步骤中,将使用 ping 从 myVm1 VM 与 myVm2 VM 进行通信。In a later step, ping is used to communicate with the myVm2 VM from the myVm1 VM. Ping 使用 Internet 控制消息协议 (ICMP),默认情况下会拒绝 ICMP 通过 Windows 防火墙。Ping uses the Internet Control Message Protocol (ICMP), which is denied through the Windows Firewall, by default. myVm1 VM 上,允许 ICMP 穿过 Windows 防火墙,以便在稍后的步骤中可以使用 PowerShell 从 myVm2 对此 VM 执行 ping 命令:On the myVm1 VM, enable ICMP through the Windows firewall, so that you can ping this VM from myVm2 in a later step, using PowerShell:

    New-NetFirewallRule -DisplayName "Allow ICMPv4-In" -Protocol ICMPv4
    

    虽然本教程中使用 ping 在 VM 之间进行通信,但在进行生产部署时,不建议允许 ICMP 通过 Windows 防火墙。Though ping is used to communicate between VMs in this tutorial, allowing ICMP through the Windows Firewall for production deployments is not recommended.

  7. 若要连接到 myVm2 VM,请在 myVm1 VM 上通过命令提示符输入以下命令:To connect to the myVm2 VM, enter the following command from a command prompt on the myVm1 VM:

    mstsc /v:10.1.0.4
    
  8. 由于启用了对 myVm1 的 ping,现在可以按 IP 地址 ping 它:Since you enabled ping on myVm1, you can now ping it by IP address:

    ping 10.0.0.4
    
  9. 断开到 myVm1myVm2 的 RDP 会话。Disconnect your RDP sessions to both myVm1 and myVm2.

清理资源Clean up resources

不再需要资源组时,可将资源组及其包含的所有资源一并删除:When no longer needed, delete the resource group and all resources it contains:

  1. 在门户顶部的“搜索”框中输入“myResourceGroup” 。Enter myResourceGroup in the Search box at the top of the portal. 当在搜索结果中看到“myResourceGroup”时,将其选中。 When you see myResourceGroup in the search results, select it.
  2. 选择“删除资源组” 。Select Delete resource group.
  3. 对于“键入资源组名称:”,输入“myResourceGroup”,然后选择“删除”。 Enter myResourceGroup for TYPE THE RESOURCE GROUP NAME: and select Delete.

后续步骤Next steps

本教程介绍了如何使用虚拟网络对等互连来连接同一 Azure 区域中的两个网络。In this tutorial, you learned how to connect two networks in the same Azure region, with virtual network peering. 还可以将不同的受支持区域不同的 Azure 订阅中的虚拟网络对等互连。You can also peer virtual networks in different supported regions and in different Azure subscriptions. 若要详细了解虚拟网络对等互连,请参阅虚拟网络对等互连概述管理虚拟网络对等互连To learn more about virtual network peering, see Virtual network peering overview and Manage virtual network peerings.

若要通过 VPN 将自己的计算机连接到虚拟网络,并与虚拟网络或对等互连的虚拟网络中的资源进行交互,请参阅将计算机连接到虚拟网络To connect your own computer to a virtual network through a VPN, and interact with resources in a virtual network, or in peered virtual networks, see Connect your computer to a virtual network.