部署使用基本负载均衡器的 IPv6 双堆栈应用程序 - CLIDeploy an IPv6 dual stack application using Basic Load Balancer - CLI

本文介绍如何使用 Azure CLI 部署一个具有基本负载均衡器的双堆栈 (IPv4 + IPv6) 应用程序,其中包含具有双堆栈子网的双堆栈虚拟网络、采用双重 (IPv4 + IPv6) 前端配置的基本负载均衡器、具有采用双重 IP 配置的 NIC 的 VM、双重网络安全组规则,以及双重公共 IP。This article shows you how to deploy a dual stack (IPv4 + IPv6) application with Basic Load Balancer using Azure CLI that includes a dual stack virtual network with a dual stack subnet, a Basic Load Balancer with dual (IPv4 + IPv6) front-end configurations, VMs with NICs that have a dual IP configuration, dual network security group rules, and dual public IPs.

若要部署使用标准负载均衡器的双堆栈 (IPV4 + IPv6) 应用程序,请参阅使用 Azure CLI 部署具有标准负载均衡器的 IPv6 双堆栈应用程序To deploy a dual stack (IPV4 + IPv6) application using Standard Load Balancer, see Deploy an IPv6 dual stack application with Standard Load Balancer using Azure CLI.

如果还没有 Azure 订阅,请现在就创建一个试用帐户If you don't have an Azure subscription, create a trial account now.

备注

在 Azure China 中使用 Azure CLI 2.0 之前,请首先运行 az cloud set -n AzureChinaCloud 更改云环境。Before you can use Azure CLI 2.0 in Azure China, please run az cloud set -n AzureChinaCloud first to change the cloud environment. 如果要切换回全局 Azure,请再次运行 az cloud set -n AzureCloudIf you want to switch back to Global Azure, run az cloud set -n AzureCloud again.

如果你决定在本地安装并使用 Azure CLI,本快速入门要求使用 Azure CLI 2.0.49 或更高版本。If you decide to install and use Azure CLI locally instead, this quickstart requires you to use Azure CLI version 2.0.49 or later. 若要查找已安装的版本,请运行 az --versionTo find your installed version, run az --version. 有关安装或升级信息,请参阅安装 Azure CLISee Install Azure CLI for install or upgrade info.

创建资源组Create a resource group

在创建双堆栈虚拟网络之前,必须先使用 az group create 创建一个资源组。Before you can create your dual-stack virtual network, you must create a resource group with az group create. 以下示例在 chinaeast 位置创建名为 DsResourceGroup01 的资源组:The following example creates a resource group named DsResourceGroup01 in the chinaeast location:

az group create \
--name DsResourceGroup01 \
--location chinaeast

为负载均衡器创建 IPv4 和 IPv6 公共 IP 地址Create IPv4 and IPv6 public IP addresses for load balancer

若要在 Internet 上访问 IPv4 和 IPv6 终结点,需要为负载均衡器创建 IPv4 和 IPv6 公共 IP 地址。To access your IPv4 and IPv6 endpoints on the Internet, you need IPv4 and IPv6 public IP addresses for the load balancer. 使用 az network public-ip create 创建公共 IP 地址。Create a public IP address with az network public-ip create. 以下示例在 DsResourceGroup01 资源组中创建名为 dsPublicIP_v4dsPublicIP_v6 的 IPv4 和 IPv6 公共 IP 地址:The following example creates IPv4 and IPv6 public IP address named dsPublicIP_v4 and dsPublicIP_v6 in the DsResourceGroup01 resource group:

# Create an IPV4 IP address
az network public-ip create \
--name dsPublicIP_v4  \
--resource-group DsResourceGroup01  \
--location chinaeast  \
--sku BASIC  \
--allocation-method dynamic  \
--version IPv4

# Create an IPV6 IP address
az network public-ip create \
--name dsPublicIP_v6  \
--resource-group DsResourceGroup01  \
--location chinaeast \
--sku BASIC  \
--allocation-method dynamic  \
--version IPv6

为 VM 创建公共 IP 地址Create public IP addresses for VMs

若要在 Internet 上远程访问 VM,需要为 VM 创建 IPv4 公共 IP 地址。To remotely access your VMs on the internet, you need IPv4 public IP addresses for the VMs. 使用 az network public-ip create 创建公共 IP 地址。Create a public IP address with az network public-ip create.

az network public-ip create \
--name dsVM0_remote_access  \
--resource-group DsResourceGroup01 \
--location chinaeast  \
--sku BASIC  \
--allocation-method dynamic  \
--version IPv4

az network public-ip create \
--name dsVM1_remote_access  \
--resource-group DsResourceGroup01  \
--location chinaeast  \
--sku BASIC  \
--allocation-method dynamic  \
--version IPv4

创建基本负载均衡器Create Basic Load Balancer

在本部分,你将为负载均衡器配置双重前端 IP(IPv4 和 IPv6)与后端地址池,然后创建基本负载均衡器。In this section, you configure dual frontend IP (IPv4 and IPv6) and the back-end address pool for the load balancer and then create a Basic Load Balancer.

创建负载均衡器Create load balancer

使用 az network lb create 创建名为 dsLB 的基本负载均衡器,其中包含名为 dsLbFrontEnd_v4 的前端池以及名为 dsLbBackEndPool_v4 的后端池(与在上一步骤中创建的 IPv4 公共 IP 地址 dsPublicIP_v4 相关联)。Create the Basic Load Balancer with az network lb create named dsLB that includes a frontend pool named dsLbFrontEnd_v4, a backend pool named dsLbBackEndPool_v4 that is associated with the IPv4 public IP address dsPublicIP_v4 that you created in the preceding step.

az network lb create \
--name dsLB  \
--resource-group DsResourceGroup01 \
--sku Basic \
--location chinaeast \
--frontend-ip-name dsLbFrontEnd_v4  \
--public-ip-address dsPublicIP_v4  \
--backend-pool-name dsLbBackEndPool_v4

创建 IPv6 前端Create IPv6 frontend

使用 az network lb frontend-ip create 创建 IPv6 前端 IP。Create an IPV6 frontend IP with az network lb frontend-ip create. 以下示例创建名为 dsLbFrontEnd_v6 的前端 IP 配置,并附加 dsPublicIP_v6 地址:The following example creates a frontend IP configuration named dsLbFrontEnd_v6 and attaches the dsPublicIP_v6 address:

az network lb frontend-ip create \
--lb-name dsLB  \
--name dsLbFrontEnd_v6  \
--resource-group DsResourceGroup01  \
--public-ip-address dsPublicIP_v6

配置 IPv6 后端地址池Configure IPv6 back-end address pool

使用 az network lb address-pool create 创建 IPv6 后端地址池。Create a IPv6 back-end address pools with az network lb address-pool create. 以下示例创建名为 dsLbBackEndPool_v6 的后端地址池,以包含采用 IPv6 NIC 配置的 VM:The following example creates back-end address pool named dsLbBackEndPool_v6 to include VMs with IPv6 NIC configurations:

az network lb address-pool create \
--lb-name dsLB  \
--name dsLbBackEndPool_v6  \
--resource-group DsResourceGroup01

创建运行状况探测器Create a health probe

使用 az network lb probe create 创建运行状况探测,以监视虚拟机的运行状况。Create a health probe with az network lb probe create to monitor the health of the virtual machines.

az network lb probe create -g DsResourceGroup01  --lb-name dsLB -n dsProbe --protocol tcp --port 3389

创建负载均衡器规则Create a load balancer rule

负载均衡器规则用于定义将流量分配给 VM 的方式。A load balancer rule is used to define how traffic is distributed to the VMs. 定义传入流量的前端 IP 配置和后端 IP 池以接收流量,同时定义所需的源端口和目标端口。You define the frontend IP configuration for the incoming traffic and the backend IP pool to receive the traffic, along with the required source and destination port.

使用 az network lb rule create 创建负载均衡器规则。Create a load balancer rule with az network lb rule create. 以下示例创建名为 dsLBrule_v4dsLBrule_v6 的负载均衡器规则,并通过 IPv4 和 IPv6 前端 IP 配置均衡 TCP 端口 80 上的流量:The following example creates load balancer rules named dsLBrule_v4 and dsLBrule_v6 and balances traffic on TCP port 80 to the IPv4 and IPv6 frontend IP configurations:

az network lb rule create \
--lb-name dsLB  \
--name dsLBrule_v4  \
--resource-group DsResourceGroup01  \
--frontend-ip-name dsLbFrontEnd_v4  \
--protocol Tcp  \
--frontend-port 80  \
--backend-port 80  \
--probe-name dsProbe \
--backend-pool-name dsLbBackEndPool_v4

az network lb rule create \
--lb-name dsLB  \
--name dsLBrule_v6  \
--resource-group DsResourceGroup01 \
--frontend-ip-name dsLbFrontEnd_v6  \
--protocol Tcp  \
--frontend-port 80 \
--backend-port 80  \
--probe-name dsProbe \
--backend-pool-name dsLbBackEndPool_v6

创建网络资源Create network resources

在部署某些 VM 之前,必须创建支持性的网络资源 - 可用性集、网络安全组、虚拟网络和虚拟 NIC。Before you deploy some VMs, you must create supporting network resources - availability set, network security group, virtual network, and virtual NICs.

创建可用性集Create an availability set

若要提高应用的可用性,请将 VM 放到可用性集中。To improve the availability of your app, place your VMs in an availability set.

使用 az vm availability-set create 创建可用性集。Create an availability set with az vm availability-set create. 以下示例创建名为 dsAVset 的可用性集:The following example creates an availability set named dsAVset:

az vm availability-set create \
--name dsAVset  \
--resource-group DsResourceGroup01  \
--location chinaeast \
--platform-fault-domain-count 2  \
--platform-update-domain-count 2  

创建网络安全组Create network security group

创建一个网络安全组,以通过其中的规则控制 VNET 中的入站和出站通信。Create a network security group for the rules that will govern inbound and outbound communication in your VNET.

创建网络安全组Create a network security group

使用 az network nsg create 创建网络安全组Create a network security group with az network nsg create

az network nsg create \
--name dsNSG1  \
--resource-group DsResourceGroup01  \
--location chinaeast

针对入站和出站连接创建网络安全组规则Create a network security group rule for inbound and outbound connections

使用 az network nsg rule create 创建网络安全组规则,以允许通过端口 3389 进行 RDP 连接、通过端口 80 进行 Internet 连接,并允许出站连接。Create a network security group rule to allow RDP connections through port 3389, internet connection through port 80, and for outbound connections with az network nsg rule create.

# Create inbound rule for port 3389
az network nsg rule create \
--name allowRdpIn  \
--nsg-name dsNSG1  \
--resource-group DsResourceGroup01  \
--priority 100  \
--description "Allow Remote Desktop In"  \
--access Allow  \
--protocol "*"  \
--direction Inbound  \
--source-address-prefixes "*"  \
--source-port-ranges "*"  \
--destination-address-prefixes "*"  \
--destination-port-ranges 3389

# Create inbound rule for port 80
az network nsg rule create \
--name allowHTTPIn  \
--nsg-name dsNSG1  \
--resource-group DsResourceGroup01  \
--priority 200  \
--description "Allow HTTP In"  \
--access Allow  \
--protocol "*"  \
--direction Inbound  \
--source-address-prefixes "*"  \
--source-port-ranges 80  \
--destination-address-prefixes "*"  \
--destination-port-ranges 80

# Create outbound rule

az network nsg rule create \
--name allowAllOut  \
--nsg-name dsNSG1  \
--resource-group DsResourceGroup01  \
--priority 300  \
--description "Allow All Out"  \
--access Allow  \
--protocol "*"  \
--direction Outbound  \
--source-address-prefixes "*"  \
--source-port-ranges "*"  \
--destination-address-prefixes "*"  \
--destination-port-ranges "*"

创建虚拟网络Create a virtual network

使用 az network vnet create 创建虚拟网络。Create a virtual network with az network vnet create. 以下示例创建名为 dsVNET 的虚拟网络,其中包含子网 dsSubNET_v4dsSubNET_v6The following example creates a virtual network named dsVNET with subnets dsSubNET_v4 and dsSubNET_v6:

# Create the virtual network
az network vnet create \
--name dsVNET \
--resource-group DsResourceGroup01 \
--location chinaeast  \
--address-prefixes "10.0.0.0/16" "ace:cab:deca::/48"

# Create a single dual stack subnet

az network vnet subnet create \
--name dsSubNET \
--resource-group DsResourceGroup01 \
--vnet-name dsVNET \
--address-prefixes "10.0.0.0/24" "ace:cab:deca:deed::/64" \
--network-security-group dsNSG1

创建 NICCreate NICs

使用 az network nic create 为每个 VM 创建虚拟 NIC。Create virtual NICs for each VM with az network nic create. 以下示例为每个 VM 创建一个虚拟 NIC。The following example creates a virtual NIC for each VM. 每个 NIC 采用两个 IP 配置(1 个 IPv4 配置,1 个 IPv6 配置)。Each NIC has two IP configurations (1 IPv4 config, 1 IPv6 config). 使用 az network nic ip-config create 创建 IPv6 配置。You create the IPV6 configuration with az network nic ip-config create.

# Create NICs
az network nic create \
--name dsNIC0  \
--resource-group DsResourceGroup01 \
--network-security-group dsNSG1  \
--vnet-name dsVNET  \
--subnet dsSubNet  \
--private-ip-address-version IPv4 \
--lb-address-pools dsLbBackEndPool_v4  \
--lb-name dsLB  \
--public-ip-address dsVM0_remote_access

az network nic create \
--name dsNIC1 \
--resource-group DsResourceGroup01 \
--network-security-group dsNSG1 \
--vnet-name dsVNET \
--subnet dsSubNet \
--private-ip-address-version IPv4 \
--lb-address-pools dsLbBackEndPool_v4 \
--lb-name dsLB \
--public-ip-address dsVM1_remote_access

# Create IPV6 configurations for each NIC

az network nic ip-config create \
--name dsIp6Config_NIC0  \
--nic-name dsNIC0  \
--resource-group DsResourceGroup01 \
--vnet-name dsVNET \
--subnet dsSubNet \
--private-ip-address-version IPv6 \
--lb-address-pools dsLbBackEndPool_v6 \
--lb-name dsLB

az network nic ip-config create \
--name dsIp6Config_NIC1 \
--nic-name dsNIC1 \
--resource-group DsResourceGroup01 \
--vnet-name dsVNET \
--subnet dsSubNet \
--private-ip-address-version IPv6 \
--lb-address-pools dsLbBackEndPool_v6 \
--lb-name dsLB

创建虚拟机Create virtual machines

使用 az vm create 创建 VM。Create the VMs with az vm create. 以下示例创建两台 VM 和所需的虚拟网络组件(如果它们尚不存在)。The following example creates two VMs and the required virtual network components if they do not already exist.

按如下所示创建虚拟机 dsVM0Create virtual machine dsVM0 as follows:

 az vm create \
--name dsVM0 \
--resource-group DsResourceGroup01 \
--nics dsNIC0 \
--size Standard_A2 \
--availability-set dsAVset \
--image MicrosoftWindowsServer:WindowsServer:2019-Datacenter:latest  

按如下所示创建虚拟机 dsVM1Create virtual machine dsVM1 as follows:

az vm create \
--name dsVM1 \
--resource-group DsResourceGroup01 \
--nics dsNIC1 \
--size Standard_A2 \
--availability-set dsAVset \
--image MicrosoftWindowsServer:WindowsServer:2019-Datacenter:latest 

在 Azure 门户中查看 IPv6 双堆栈虚拟网络View IPv6 dual stack virtual network in Azure portal

可以在 Azure 门户中查看 IPv6 双堆栈虚拟网络,如下所示:You can view the IPv6 dual stack virtual network in Azure portal as follows:

  1. 在门户的搜索栏中输入 dsVnetIn the portal's search bar, enter dsVnet.

  2. 当“myVirtualNetwork”出现在搜索结果中时,将其选中。When myVirtualNetwork appears in the search results, select it. 此时会启动名为 dsVnet 的双堆栈虚拟网络的“概述”页。This launches the Overview page of the dual stack virtual network named dsVnet. 该双堆栈虚拟网络显示了位于 dsSubnet 双堆栈子网中的两个 NIC,这些 NIC 采用 IPv4 和 IPv6 配置。The dual stack virtual network shows the two NICs with both IPv4 and IPv6 configurations located in the dual stack subnet named dsSubnet.

    Azure 中的 IPv6 双堆栈虚拟网络

清理资源Clean up resources

如果不再需要资源组、VM 和所有相关的资源,可以使用 az group delete 命令将其删除。When no longer needed, you can use the az group delete command to remove the resource group, VM, and all related resources.

 az group delete --name DsResourceGroup01

后续步骤Next steps

在本文中,你已使用双重前端 IP 配置(IPv4 和 IPv6)创建了一个基本负载均衡器。In this article, you created a Basic Load Balancer with a dual frontend IP configuration (IPv4 and IPv6). 你还创建了两个虚拟机,它们包含采用双重 IP 配置(IPV4 + IPv6)的 NIC,并已添加到负载均衡器的后端池。You also created a two virtual machines that included NICs with dual IP configurations (IPV4 + IPv6) that were added to the back-end pool of the load balancer. 若要详细了解 Azure 虚拟网络中的 IPv6 支持,请参阅 Azure 虚拟网络 IPv6 是什么?To learn more about IPv6 support in Azure virtual networks, see What is IPv6 for Azure Virtual Network?