部署使用基本负载均衡器的 IPv6 双堆栈应用程序 - PowerShellDeploy an IPv6 dual stack application using Basic Load Balancer - PowerShell

本文介绍如何使用 Azure PowerShell 部署一个具有基本负载均衡器的双堆栈 (IPv4 + IPv6) 应用程序,其中包含双堆栈虚拟网络和子网、采用双重 (IPv4 + IPv6) 前端配置的基本负载均衡器、具有采用双重 IP 配置的 NIC 的 VM、网络安全组规则,以及公共 IP。This article shows you how to deploy a dual stack (IPv4 + IPv6) application with Basic Load Balancer using Azure PowerShell that includes a dual stack virtual network and subnet, a Basic Load Balancer with dual (IPv4 + IPv6) front-end configurations, VMs with NICs that have a dual IP configuration, network security group, and public IPs.

若要部署使用标准负载均衡器的双堆栈 (IPV4 + IPv6) 应用程序,请参阅使用 Azure PowerShell 部署具有标准负载均衡器的 IPv6 双堆栈应用程序To deploy a dual stack (IPV4 + IPv6) application using Standard Load Balancer, see Deploy an IPv6 dual stack application with Standard Load Balancer using Azure PowerShell.

备注

本文进行了更新,以便使用新的 Azure PowerShell Az 模块。This article has been updated to use the new Azure PowerShell Az module. 你仍然可以使用 AzureRM 模块,至少在 2020 年 12 月之前,它将继续接收 bug 修补程序。You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. 若要详细了解新的 Az 模块和 AzureRM 兼容性,请参阅新 Azure Powershell Az 模块简介To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. 有关 Az 模块安装说明,请参阅安装 Azure PowerShellFor Az module installation instructions, see Install Azure PowerShell.

如果选择在本地安装和使用 PowerShell,则本文需要 Azure PowerShell 模块 6.9.0 或更高版本。When you choose to install and use PowerShell locally, this article requires the Azure PowerShell module version 6.9.0 or later. 运行 Get-Module -ListAvailable Az 查找已安装的版本。Run Get-Module -ListAvailable Az to find the installed version. 如果需要进行升级,请参阅 Install Azure PowerShell module(安装 Azure PowerShell 模块)。If you need to upgrade, see Install Azure PowerShell module. 如果在本地运行 PowerShell,则还需运行 Connect-AzAccount -Environment AzureChinaCloud 来创建与 Azure 的连接。If you are running PowerShell locally, you also need to run Connect-AzAccount -Environment AzureChinaCloud to create a connection with Azure.

创建资源组Create a resource group

在创建双堆栈虚拟网络之前,必须先使用 New-AzResourceGroup 创建一个资源组。Before you can create your dual-stack virtual network, you must create a resource group with New-AzResourceGroup. 以下示例在“中国东部”位置创建名为 myRGDualStack 的资源组:**The following example creates a resource group named myRGDualStack in the china east location:

   $rg = New-AzResourceGroup `
  -ResourceGroupName "dsRG1"  `
  -Location "china east"

创建 IPv4 和 IPv6 公共 IP 地址Create IPv4 and IPv6 public IP addresses

若要从 Internet 访问虚拟机,需要为负载均衡器创建 IPv4 和 IPv6 公共 IP 地址。To access your virtual machines from the Internet, you need IPv4 and IPv6 public IP addresses for the load balancer. 使用 New-AzPublicIpAddress 创建公共 IP 地址。Create public IP addresses with New-AzPublicIpAddress. 以下示例在 dsRG1 资源组中创建名为 dsPublicIP_v4dsPublicIP_v6 的 IPv4 和 IPv6 公共 IP 地址:The following example creates IPv4 and IPv6 public IP address named dsPublicIP_v4 and dsPublicIP_v6 in the dsRG1 resource group:

$PublicIP_v4 = New-AzPublicIpAddress `
  -Name "dsPublicIP_v4" `
  -ResourceGroupName $rg.ResourceGroupName `
  -Location $rg.Location  `
  -AllocationMethod Dynamic `
  -IpAddressVersion IPv4

$PublicIP_v6 = New-AzPublicIpAddress `
  -Name "dsPublicIP_v6" `
  -ResourceGroupName $rg.ResourceGroupName `
  -Location $rg.Location  `
  -AllocationMethod Dynamic `
  -IpAddressVersion IPv6

若要使用 RDP 连接访问虚拟机,请使用 New-AzPublicIpAddress 为虚拟机创建 IPv4 公共 IP 地址。To access your virtual machines using a RDP connection, create a IPV4 public IP addresses for the virtual machines with New-AzPublicIpAddress.

  $RdpPublicIP_1 = New-AzPublicIpAddress `
  -Name "RdpPublicIP_1" `
  -ResourceGroupName $rg.ResourceGroupName `
  -Location $rg.Location  `
  -AllocationMethod Dynamic `
  -IpAddressVersion IPv4

  $RdpPublicIP_2 = New-AzPublicIpAddress `
   -Name "RdpPublicIP_2" `
   -ResourceGroupName $rg.ResourceGroupName `
   -Location $rg.Location  `
   -AllocationMethod Dynamic `
   -IpAddressVersion IPv4

创建基本负载均衡器Create Basic Load Balancer

在本部分,你将为负载均衡器配置双重前端 IP(IPv4 和 IPv6)与后端地址池,然后创建基本负载均衡器。In this section, you configure dual frontend IP (IPv4 and IPv6) and the back-end address pool for the load balancer and then create a Basic Load Balancer.

创建前端 IPCreate front-end IP

使用 New-AzLoadBalancerFrontendIpConfig 创建一个前端 IP。Create a front-end IP with New-AzLoadBalancerFrontendIpConfig. 以下示例创建名为 dsLbFrontEnd_v4dsLbFrontEnd_v6 的 IPv4 和 IPv6 前端 IP 配置:The following example creates IPv4 and IPv6 frontend IP configurations named dsLbFrontEnd_v4 and dsLbFrontEnd_v6:

$frontendIPv4 = New-AzLoadBalancerFrontendIpConfig `
  -Name "dsLbFrontEnd_v4" `
  -PublicIpAddress $PublicIP_v4

$frontendIPv6 = New-AzLoadBalancerFrontendIpConfig `
  -Name "dsLbFrontEnd_v6" `
  -PublicIpAddress $PublicIP_v6

配置后端地址池Configure back-end address pool

使用 New-AzLoadBalancerBackendAddressPoolConfig 创建一个后端地址池。Create a back-end address pool with New-AzLoadBalancerBackendAddressPoolConfig. 在剩余的步骤中,各个 VM 将附加到此后端池。The VMs attach to this back-end pool in the remaining steps. 以下示例创建名为 dsLbBackEndPool_v4dsLbBackEndPool_v6 的后端地址池,以包含采用 IPv4 和 IPv6 NIC 配置的 VM:The following example creates back-end address pools named dsLbBackEndPool_v4 and dsLbBackEndPool_v6 to include VMs with both IPV4 and IPv6 NIC configurations:

$backendPoolv4 = New-AzLoadBalancerBackendAddressPoolConfig `
-Name "dsLbBackEndPool_v4"

$backendPoolv6 = New-AzLoadBalancerBackendAddressPoolConfig `
-Name "dsLbBackEndPool_v6"

创建运行状况探测器Create a health probe

使用 Add-AzLoadBalancerProbeConfig 可创建运行状况探测以监视 VM 的运行状况。Use Add-AzLoadBalancerProbeConfig to create a health probe to monitor the health of the VMs.

$probe = New-AzLoadBalancerProbeConfig -Name MyProbe -Protocol tcp -Port 3389 -IntervalInSeconds 15 -ProbeCount 2

创建负载均衡器规则Create a load balancer rule

负载均衡器规则用于定义将流量分配给 VM 的方式。A load balancer rule is used to define how traffic is distributed to the VMs. 定义传入流量的前端 IP 配置和后端 IP 池以接收流量,同时定义所需的源端口和目标端口。You define the frontend IP configuration for the incoming traffic and the backend IP pool to receive the traffic, along with the required source and destination port. 若要确保仅正常运行的 VM 接收流量,可以选择性地定义一个运行状况探测。To make sure only healthy VMs receive traffic, you can optionally define a health probe. 基本负载均衡器使用 IPv4 探测来评估 VM 上 IPv4 和 IPv6 终结点的运行状况。Basic load balancer uses an IPv4 probe to assess health for both IPv4 and IPv6 endpoints on the VMs. 标准负载均衡器支持显式 IPv6 运行状况探测。Standard load balancer includes support for explicitly IPv6 health probes.

使用 Add-AzLoadBalancerRuleConfig 创建一个负载均衡器规则。Create a load balancer rule with Add-AzLoadBalancerRuleConfig. 以下示例创建名为 dsLBrule_v4dsLBrule_v6 的负载均衡器规则,并通过 IPv4 和 IPv6 前端 IP 配置均衡 TCP 端口 80 上的流量:The following example creates load balancer rules named dsLBrule_v4 and dsLBrule_v6 and balances traffic on TCP port 80 to the IPv4 and IPv6 frontend IP configurations:

$lbrule_v4 = New-AzLoadBalancerRuleConfig `
  -Name "dsLBrule_v4" `
  -FrontendIpConfiguration $frontendIPv4 `
  -BackendAddressPool $backendPoolv4 `
  -Protocol Tcp `
  -FrontendPort 80 `
  -BackendPort 80 `
  -probe $probe

$lbrule_v6 = New-AzLoadBalancerRuleConfig `
  -Name "dsLBrule_v6" `
  -FrontendIpConfiguration $frontendIPv6 `
  -BackendAddressPool $backendPoolv6 `
  -Protocol Tcp `
  -FrontendPort 80 `
  -BackendPort 80 `
  -probe $probe

创建负载均衡器Create load balancer

使用 New-AzLoadBalancer 创建基本负载均衡器。Create the Basic Load Balancer with New-AzLoadBalancer. 以下示例使用前面步骤中创建的 IPv4 和 IPv6 前端 IP 配置、后端池和负载均衡规则创建名为 myLoadBalancer 的公共基本负载均衡器:The following example creates a public Basic Load Balancer named myLoadBalancer using the IPv4 and IPv6 frontend IP configurations, backend pools, and load-balancing rules that you created in the preceding steps:

$lb = New-AzLoadBalancer `
-ResourceGroupName $rg.ResourceGroupName `
-Location $rg.Location  `
-Name "MyLoadBalancer" `
-Sku "Basic" `
-FrontendIpConfiguration $frontendIPv4,$frontendIPv6 `
-BackendAddressPool $backendPoolv4,$backendPoolv6 `
-LoadBalancingRule $lbrule_v4,$lbrule_v6

创建网络资源Create network resources

在部署某些 VM 和测试均衡器之前,必须创建支持性的网络资源 - 可用性集、网络安全组、虚拟网络和虚拟 NIC。Before you deploy some VMs and can test your balancer, you must create supporting network resources - availability set, network security group, virtual network, and virtual NICs.

创建可用性集Create an availability set

若要提高应用的高可用性,请将 VM 放置在可用性集中。To improve the high availability of your app, place your VMs in an availability set.

使用 New-AzAvailabilitySet 创建一个可用性集。Create an availability set with New-AzAvailabilitySet. 以下示例创建名为 myAvailabilitySet ** 的可用性集:The following example creates an availability set named myAvailabilitySet:

$avset = New-AzAvailabilitySet `
  -ResourceGroupName $rg.ResourceGroupName `
  -Location $rg.Location  `
  -Name "dsAVset" `
  -PlatformFaultDomainCount 2 `
  -PlatformUpdateDomainCount 2 `
  -Sku aligned

创建网络安全组Create network security group

创建一个网络安全组,以通过其中的规则控制 VNET 中的入站和出站通信。Create a network security group for the rules that will govern inbound and outbound communication in your VNET.

为端口 3389 创建网络安全组规则Create a network security group rule for port 3389

使用 New-AzNetworkSecurityRuleConfig 创建网络安全组规则,以便通过端口 3389 创建 RDP 连接。Create a network security group rule to allow RDP connections through port 3389 with New-AzNetworkSecurityRuleConfig.

$rule1 = New-AzNetworkSecurityRuleConfig `
-Name 'myNetworkSecurityGroupRuleRDP' `
-Description 'Allow RDP' `
-Access Allow `
-Protocol Tcp `
-Direction Inbound `
-Priority 100 `
-SourceAddressPrefix * `
-SourcePortRange * `
-DestinationAddressPrefix * `
-DestinationPortRange 3389

为端口 80 创建网络安全组规则Create a network security group rule for port 80

使用 New-AzNetworkSecurityRuleConfig 创建网络安全组规则以允许通过端口 80 进行 Internet 连接。Create a network security group rule to allow internet connections through port 80 with New-AzNetworkSecurityRuleConfig.

$rule2 = New-AzNetworkSecurityRuleConfig `
  -Name 'myNetworkSecurityGroupRuleHTTP' `
  -Description 'Allow HTTP' `
  -Access Allow `
  -Protocol Tcp `
  -Direction Inbound `
  -Priority 200 `
  -SourceAddressPrefix * `
  -SourcePortRange 80 `
  -DestinationAddressPrefix * `
  -DestinationPortRange 80

创建网络安全组Create a network security group

使用 New-AzNetworkSecurityGroup 创建网络安全组。Create a network security group with New-AzNetworkSecurityGroup.

$nsg = New-AzNetworkSecurityGroup `
-ResourceGroupName $rg.ResourceGroupName `
-Location $rg.Location  `
-Name "dsNSG1"  `
-SecurityRules $rule1,$rule2

创建虚拟网络Create a virtual network

使用 New-AzVirtualNetwork 创建虚拟网络。Create a virtual network with New-AzVirtualNetwork. 以下示例创建包含 mySubnet ** 的名为 myVnet ** 的虚拟网络:The following example creates a virtual network named myVnet with mySubnet:

# Create dual stack subnet
$subnet = New-AzVirtualNetworkSubnetConfig `
-Name "dsSubnet" `
-AddressPrefix "10.0.0.0/24","ace:cab:deca:deed::/64"

# Create the virtual network
$vnet = New-AzVirtualNetwork `
  -ResourceGroupName $rg.ResourceGroupName `
  -Location $rg.Location  `
  -Name "dsVnet" `
  -AddressPrefix "10.0.0.0/16","ace:cab:deca::/48"  `
  -Subnet $subnet

创建 NICCreate NICs

使用 New-AzNetworkInterface 创建虚拟 NIC。Create virtual NICs with New-AzNetworkInterface. 以下示例创建采用 IPv4 和 IPv6 配置的两个虚拟 NIC。The following example creates two virtual NICs both with IPv4 and IPv6 configurations. (在以下步骤中针对为应用创建的每个 VM 各使用一个虚拟 NIC)。(One virtual NIC for each VM you create for your app in the following steps).

  $Ip4Config=New-AzNetworkInterfaceIpConfig `
    -Name dsIp4Config `
    -Subnet $vnet.subnets[0] `
    -PrivateIpAddressVersion IPv4 `
    -LoadBalancerBackendAddressPool $backendPoolv4 `
    -PublicIpAddress  $RdpPublicIP_1

  $Ip6Config=New-AzNetworkInterfaceIpConfig `
    -Name dsIp6Config `
    -Subnet $vnet.subnets[0] `
    -PrivateIpAddressVersion IPv6 `
    -LoadBalancerBackendAddressPool $backendPoolv6

  $NIC_1 = New-AzNetworkInterface `
    -Name "dsNIC1" `
    -ResourceGroupName $rg.ResourceGroupName `
    -Location $rg.Location  `
    -NetworkSecurityGroupId $nsg.Id `
    -IpConfiguration $Ip4Config,$Ip6Config 

  $Ip4Config=New-AzNetworkInterfaceIpConfig `
    -Name dsIp4Config `
    -Subnet $vnet.subnets[0] `
    -PrivateIpAddressVersion IPv4 `
    -LoadBalancerBackendAddressPool $backendPoolv4 `
    -PublicIpAddress  $RdpPublicIP_2  

  $NIC_2 = New-AzNetworkInterface `
    -Name "dsNIC2" `
    -ResourceGroupName $rg.ResourceGroupName `
    -Location $rg.Location  `
    -NetworkSecurityGroupId $nsg.Id `
    -IpConfiguration $Ip4Config,$Ip6Config 

创建虚拟机Create virtual machines

使用 New-AzureRmNetworkInterface 设置 VM 的管理员用户名和密码:Set an administrator username and password for the VMs with Get-Credential:

$cred = get-credential -Message "DUAL STACK VNET SAMPLE:  Please enter the Administrator credential to log into the VMs."

现在,可使用 New-AzVM 创建 VM。Now you can create the VMs with New-AzVM. 以下示例创建两台 VM 和所需的虚拟网络组件(如果它们尚不存在)。The following example creates two VMs and the required virtual network components if they do not already exist.

$vmsize = "Standard_A2"
$ImagePublisher = "MicrosoftWindowsServer"
$imageOffer = "WindowsServer"
$imageSKU = "2019-Datacenter"

$vmName= "dsVM1"
$VMconfig1 = New-AzVMConfig -VMName $vmName -VMSize $vmsize -AvailabilitySetId $avset.Id 3> $null | Set-AzVMOperatingSystem -Windows -ComputerName $vmName -Credential $cred -ProvisionVMAgent 3> $null | Set-AzVMSourceImage -PublisherName $ImagePublisher -Offer $imageOffer -Skus $imageSKU -Version "latest" 3> $null | Set-AzVMOSDisk -Name "$vmName.vhd" -CreateOption fromImage  3> $null | Add-AzVMNetworkInterface -Id $NIC_1.Id  3> $null 
$VM1 = New-AzVM -ResourceGroupName $rg.ResourceGroupName  -Location $rg.Location  -VM $VMconfig1 

$vmName= "dsVM2"
$VMconfig2 = New-AzVMConfig -VMName $vmName -VMSize $vmsize -AvailabilitySetId $avset.Id 3> $null | Set-AzVMOperatingSystem -Windows -ComputerName $vmName -Credential $cred -ProvisionVMAgent 3> $null | Set-AzVMSourceImage -PublisherName $ImagePublisher -Offer $imageOffer -Skus $imageSKU -Version "latest" 3> $null | Set-AzVMOSDisk -Name "$vmName.vhd" -CreateOption fromImage  3> $null | Add-AzVMNetworkInterface -Id $NIC_2.Id  3> $null 
$VM2 = New-AzVM -ResourceGroupName $rg.ResourceGroupName  -Location $rg.Location  -VM $VMconfig2

确定 IPv4 和 IPv6 终结点的 IP 地址Determine IP addresses of the IPv4 and IPv6 endpoints

使用 get-AzNetworkInterface 获取资源组中的所有网络接口对象,以汇总此部署中使用的 IP。Get all Network Interface Objects in the resource group to summarize the IP's used in this deployment with get-AzNetworkInterface. 另外,请使用 get-AzpublicIpAddress 获取 IPv4 和 IPv6 终结点的负载均衡器前端地址。Also, get the Load Balancer's frontend addresses of the IPv4 and IPv6 endpoints with get-AzpublicIpAddress.

$rgName= "dsRG1"
$NICsInRG= get-AzNetworkInterface -resourceGroupName $rgName 
write-host `nSummary of IPs in this Deployment: 
write-host ******************************************
foreach ($NIC in $NICsInRG) {

    $VMid= $NIC.virtualmachine.id 
    $VMnamebits= $VMid.split("/") 
    $VMname= $VMnamebits[($VMnamebits.count-1)] 
    write-host `nPrivate IP addresses for $VMname 
    $IPconfigsInNIC= $NIC.IPconfigurations 
    foreach ($IPconfig in $IPconfigsInNIC) {

        $IPaddress= $IPconfig.privateipaddress 
        write-host "    "$IPaddress 
        IF ($IPconfig.PublicIpAddress.ID) {

            $IDbits= ($IPconfig.PublicIpAddress.ID).split("/")
            $PipName= $IDbits[($IDbits.count-1)]
            $PipObject= get-azPublicIpAddress -name $PipName -resourceGroup $rgName
            write-host "    "RDP address:  $PipObject.IpAddress
                 }
         }
 }

  write-host `nPublic IP addresses on Load Balancer:

  (get-AzpublicIpAddress -resourcegroupname $rgName | where { $_.name -notlike "RdpPublicIP*" }).IpAddress

下图显示了示例输出,其中列出了两个 VM 的专用 IPv4 和 IPv6 地址,以及负载均衡器的前端 IPv4 和 IPv6 IP 地址。The following figure shows a sample output that lists the private IPv4 and IPv6 addresses of the two VMs, and the frontend IPv4 and IPv6 IP addresses of the Load Balancer.

Azure 中的双堆栈 (IPv4/IPv6) 应用程序部署的 IP 摘要

在 Azure 门户中查看 IPv6 双堆栈虚拟网络View IPv6 dual stack virtual network in Azure portal

可以在 Azure 门户中查看 IPv6 双堆栈虚拟网络,如下所示:You can view the IPv6 dual stack virtual network in Azure portal as follows:

  1. 在门户的搜索栏中输入 dsVnetIn the portal's search bar, enter dsVnet.

  2. 当“myVirtualNetwork”出现在搜索结果中时,将其选中。****When myVirtualNetwork appears in the search results, select it. 此时会启动名为 dsVnet 的双堆栈虚拟网络的“概述”页。****This launches the Overview page of the dual stack virtual network named dsVnet. 该双堆栈虚拟网络显示了位于 dsSubnet 双堆栈子网中的两个 NIC,这些 NIC 采用 IPv4 和 IPv6 配置。The dual stack virtual network shows the two NICs with both IPv4 and IPv6 configurations located in the dual stack subnet named dsSubnet.

    Azure 中的 IPv6 双堆栈虚拟网络

清理资源Clean up resources

如果不再需要资源组、VM 和所有相关的资源,可以使用 Remove-AzResourceGroup 命令将其删除。When no longer needed, you can use the Remove-AzResourceGroup command to remove the resource group, VM, and all related resources.

Remove-AzResourceGroup -Name dsRG1

后续步骤Next steps

在本文中,你已使用双重前端 IP 配置(IPv4 和 IPv6)创建了一个基本负载均衡器。In this article, you created a Basic Load Balancer with a dual frontend IP configuration (IPv4 and IPv6). 你还创建了两个虚拟机,它们包含采用双重 IP 配置(IPV4 + IPv6)的 NIC,并已添加到负载均衡器的后端池。You also created a two virtual machines that included NICs with dual IP configurations (IPV4 + IPv6) that were added to the back-end pool of the load balancer. 若要详细了解 Azure 虚拟网络中的 IPv6 支持,请参阅 Azure 虚拟网络 IPv6 是什么?To learn more about IPv6 support in Azure virtual networks, see What is IPv6 for Azure Virtual Network?