为 Azure 网络接口添加、更改或删除 IP 地址Add, change, or remove IP addresses for an Azure network interface

了解如何为网络接口添加、更改和删除网公共和专用 IP 地址。Learn how to add, change, and remove public and private IP addresses for a network interface. 通过分配给网络接口的专用 IP 地址,虚拟机能够与 Azure 虚拟网络和所连接的网络中的其他资源进行通信。Private IP addresses assigned to a network interface enable a virtual machine to communicate with other resources in an Azure virtual network and connected networks. 通过专用 IP 地址,还能够使用不可预测的 IP 地址实现到 Internet 的出站通信。A private IP address also enables outbound communication to the Internet using an unpredictable IP address. 通过分配给网络接口的公共 IP 地址,可以实现从 Internet 到虚拟机的入站通信。A Public IP address assigned to a network interface enables inbound communication to a virtual machine from the Internet. 通过此地址,还能够使用不可预测的 IP 地址实现从虚拟机到 Internet 的出站通信。The address also enables outbound communication from the virtual machine to the Internet using a predictable IP address. 有关详细信息,请参阅了解 Azure 中的出站连接For details, see Understanding outbound connections in Azure.

如果需要创建、更改或删除网络接口,请阅读管理网络接口一文。If you need to create, change, or delete a network interface, read the Manage a network interface article. 如果需要向虚拟机添加网络接口或从中删除网络接口,请阅读添加或删除网络接口一文。If you need to add network interfaces to or remove network interfaces from a virtual machine, read the Add or remove network interfaces article.

准备阶段Before you begin

备注

本文进行了更新,以便使用新的 Azure PowerShell Az 模块。This article has been updated to use the new Azure PowerShell Az module. 你仍然可以使用 AzureRM 模块,至少在 2020 年 12 月之前,它将继续接收 bug 修补程序。You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. 若要详细了解新的 Az 模块和 AzureRM 兼容性,请参阅新 Azure Powershell Az 模块简介To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. 有关 Az 模块安装说明,请参阅安装 Azure PowerShellFor Az module installation instructions, see Install Azure PowerShell.

在完成本文任何部分中的步骤之前,请完成以下任务:Complete the following tasks before completing steps in any section of this article:

  • 如果还没有 Azure 帐户,请注册试用帐户If you don't already have an Azure account, sign up for a trial account.
  • 如果使用门户,请打开 https://portal.azure.cn ,并使用 Azure 帐户登录。If using the portal, open https://portal.azure.cn, and log in with your Azure account.
  • 如果使用 PowerShell 命令来完成本文中的任务,请从计算机运行 PowerShell。If using PowerShell commands to complete tasks in this article, by running PowerShell from your computer. 本教程需要 Azure PowerShell 模块 1.0.0 或更高版本。This tutorial requires the Azure PowerShell module version 1.0.0 or later. 运行 Get-Module -ListAvailable Az 查找已安装的版本。Run Get-Module -ListAvailable Az to find the installed version. 如果需要进行升级,请参阅 Install Azure PowerShell module(安装 Azure PowerShell 模块)。If you need to upgrade, see Install Azure PowerShell module. 如果在本地运行 PowerShell,则还需运行 Connect-AzAccount -Environment AzureChinaCloud 来创建与 Azure 的连接。If you are running PowerShell locally, you also need to run Connect-AzAccount -Environment AzureChinaCloud to create a connection with Azure.
  • 如果使用 Azure 命令行界面 (CLI) 命令来完成本文中的任务,请从计算机运行 CLI。If using Azure Command-line interface (CLI) commands to complete tasks in this article, by running the CLI from your computer. 本教程需要 Azure CLI 2.0.31 或更高版本。This tutorial requires the Azure CLI version 2.0.31 or later. 运行 az --version 查找已安装的版本。Run az --version to find the installed version. 如果需要进行安装或升级,请参阅安装 Azure CLIIf you need to install or upgrade, see Install Azure CLI. 如果在本地运行 Azure CLI,则还需运行 az login 以创建与 Azure 的连接。If you are running the Azure CLI locally, you also need to run az login to create a connection with Azure.

必须将登录或连接到 Azure 所用的帐户分配给网络参与者角色或分配有“网络接口权限”中所列适当操作的自定义角色The account you log into, or connect to Azure with, must be assigned to the network contributor role or to a custom role that is assigned the appropriate actions listed in Network interface permissions.

添加 IP 地址Add IP addresses

可将所需的任意数量的专用公共 IPv4 地址添加到网络接口,只要不超过 Azure 限制一文中列出的限制即可。You can add as many private and public IPv4 addresses as necessary to a network interface, within the limits listed in the Azure limits article. 可将专用 IPv6 地址添加到现有网络接口的一个辅助 IP 配置(前提是没有现有的辅助 IP 配置)。You can add a private IPv6 address to one secondary IP configuration (as long as there are no existing secondary IP configurations) for an existing network interface. 每个网络接口最多只能有一个 IPv6 专用地址。Each network interface may have at most one IPv6 private address. 可以选择将公共 IPv6 地址添加到 IPv6 网络接口配置。You can optionally add a public IPv6 address to an IPv6 network interface configuration. 有关使用 IPv6 地址的详细信息,请参阅 IPv6See IPv6 for details about using IPv6 addresses.

  1. 在 Azure 门户顶部包含“搜索资源”文本的框中,键入“网络接口”。** **In the box that contains the text Search resources at the top of the Azure portal, type network interfaces. 当“网络接口”出现在搜索结果中时,请选择它。****When network interfaces appear in the search results, select it.

  2. 从列表中选择要为其添加 IPv4 地址的网络接口。Select the network interface you want to add an IPv4 address for from the list.

  3. 在“设置”**** 下选择“IP 配置”****。Under SETTINGS, select IP configurations.

  4. 在“IP 配置”**** 下选择“+ 添加”****。Under IP configurations, select + Add.

  5. 指定以下内容,然后选择“确定”****:Specify the following, then select OK:

    设置Setting 必需?Required? 详细信息Details
    名称Name Yes 对于网络接口必须是唯一的Must be unique for the network interface
    类型Type Yes 由于要将 IP 配置添加到现有网络接口,并且每个网络接口都必须有一个主要 IP 配置,因此,唯一选项是“辅助”。****Since you're adding an IP configuration to an existing network interface, and each network interface must have a primary IP configuration, your only option is Secondary.
    专用 IP 地址分配方法Private IP address assignment method Yes 动态:Azure 为在其中部署网络接口的子网地址范围分配下一可用地址。Dynamic: Azure assigns the next available address for the subnet address range the network interface is deployed in. 静态:为在其中部署网络接口的子网地址范围分配未使用的地址。Static: You assign an unused address for the subnet address range the network interface is deployed in.
    公共 IP 地址Public IP address No 禁用: 当前没有公共 IP 地址资源关联到 IP 配置。Disabled: No public IP address resource is currently associated to the IP configuration. 启用: 选择现有的 IPv4 公共 IP 地址,或新建一个。Enabled: Select an existing IPv4 Public IP address, or create a new one. 若要了解如何创建公共 IP 地址,请参阅公共 IP 地址一文。To learn how to create a public IP address, read the Public IP addresses article.
  6. 可以遵循将多个 IP 地址分配到虚拟机操作系统一文中的说明,手动将辅助专用 IP 地址添加到虚拟机操作系统。Manually add secondary private IP addresses to the virtual machine operating system by completing the instructions in the Assign multiple IP addresses to virtual machine operating systems article. 在手动向虚拟机操作系统添加 IP 地址之前,请参阅专用 IP 地址以了解特殊注意事项。See private IP addresses for special considerations before manually adding IP addresses to a virtual machine operating system. 请不要向虚拟机操作系统添加任何公共 IP 地址。Do not add any public IP addresses to the virtual machine operating system.

**** 命令Commands

工具Tool 命令Command
CLICLI az network nic ip-config createaz network nic ip-config create
PowerShellPowerShell Add-AzNetworkInterfaceIpConfigAdd-AzNetworkInterfaceIpConfig

更改 IP 地址设置Change IP address settings

可能需要更改 IPv4 地址的分配方法、更改静态 IPv4 地址,或者更改分配给网络接口的公共 IP 地址。You may need to change the assignment method of an IPv4 address, change the static IPv4 address, or change the public IP address assigned to a network interface. 如果要更改与虚拟机中的辅助网络接口关联的辅助 IP 配置的专用 IPv4 地址(有关详细信息,请参阅主要网络接口和辅助网络接口),请将该虚拟机置于“已停止”(“已解除分配”)状态,并完成以下步骤:If you're changing the private IPv4 address of a secondary IP configuration associated with a secondary network interface in a virtual machine (learn more about primary and secondary network interfaces), place the virtual machine into the stopped (deallocated) state before completing the following steps:

  1. 在 Azure 门户顶部包含“搜索资源”文本的框中,键入“网络接口”。** **In the box that contains the text Search resources at the top of the Azure portal, type network interfaces. 当“网络接口”出现在搜索结果中时,请选择它。****When network interfaces appear in the search results, select it.
  2. 从列表中选择要查看或更改 IP 网络设置的网络接口。Select the network interface that you want to view or change IP address settings for from the list.
  3. 在“设置”**** 下选择“IP 配置”****。Under SETTINGS, select IP configurations.
  4. 从列表中选择想要修改的 IP 配置。Select the IP configuration you want to modify from the list.
  5. 使用有关添加 IP 配置的步骤 5 中的设置的信息,根据需要更改设置。Change the settings, as desired, using the information about the settings in step 5 of Add an IP configuration.
  6. 选择“保存” ****。Select Save.

备注

在 Windows 中,如果主要网络接口有多个 IP 配置,并且主要 IP 配置的专用 IP 地址已更改,则必须手动将主要 IP 地址和辅助 IP 地址重新分配给网络接口(在 Linux 中不需要执行此操作)。If the primary network interface has multiple IP configurations and you change the private IP address of the primary IP configuration, you must manually reassign the primary and secondary IP addresses to the network interface within Windows (not required for Linux). 若要手动向操作系统中的网络接口分配 IP 地址,请参阅将多个 IP 地址分配到虚拟机To manually assign IP addresses to a network interface within an operating system, see Assign multiple IP addresses to virtual machines. 有关在手动向虚拟机操作系统添加 IP 地址的特别注意事项,请参阅专用 IP 地址。For special considerations before manually adding IP addresses to a virtual machine operating system, see private IP addresses. 请不要向虚拟机操作系统添加任何公共 IP 地址。Do not add any public IP addresses to the virtual machine operating system.

**** 命令Commands

工具Tool 命令Command
CLICLI az network nic ip-config updateaz network nic ip-config update
PowerShellPowerShell Set-AzNetworkInterfaceIpConfigSet-AzNetworkInterfaceIpConfig

删除 IP 地址Remove IP addresses

可以从网络接口中删除专用公共 IP 地址,但网络接口必须始终至少有一个分配给它的专用 IPv4 地址。You can remove private and public IP addresses from a network interface, but a network interface must always have at least one private IPv4 address assigned to it.

  1. 在 Azure 门户顶部包含“搜索资源”文本的框中,键入“网络接口”。** **In the box that contains the text Search resources at the top of the Azure portal, type network interfaces. 当“网络接口”出现在搜索结果中时,请选择它。****When network interfaces appear in the search results, select it.
  2. 从列表中选择要移除 IP 地址的网络接口。Select the network interface that you want to remove IP addresses from the list.
  3. 在“设置”**** 下选择“IP 配置”****。Under SETTINGS, select IP configurations.
  4. 右键单击以选择要删除的辅助 IP 配置(无法删除主要配置),单击“删除”,然后选择“是”确认删除**** ****。Right-select a secondary IP configuration (you cannot delete the primary configuration) that you want to delete, select Delete, then select Yes, to confirm the deletion. 如果该配置关联了公共 IP 地址资源,则该资源将从 IP 配置中分离,但不会被删除。If the configuration had a public IP address resource associated to it, the resource is dissociated from the IP configuration, but the resource is not deleted.

**** 命令Commands

工具Tool 命令Command
CLICLI az network nic ip-config deleteaz network nic ip-config delete
PowerShellPowerShell Remove-AzNetworkInterfaceIpConfigRemove-AzNetworkInterfaceIpConfig

IP 配置IP configurations

专用和(可选)公共 IP 地址分配给一个或多个分配给网络接口的 IP 配置。Private and (optionally) public IP addresses are assigned to one or more IP configurations assigned to a network interface. 有两种 IP 配置:There are two types of IP configurations:

主要Primary

每个网络接口都分配有一个主要 IP 配置。Each network interface is assigned one primary IP configuration. 主要 IP 配置:A primary IP configuration:

  • 具有分配给它的专用 IPv4 地址。Has a private IPv4 address assigned to it. 不能向主要 IP 配置分配专用 IPv6 地址。You cannot assign a private IPv6 address to a primary IP configuration.
  • 还可能具有分配给它的公共 IPv4 地址。May also have a public IPv4 address assigned to it. 不能向主要 (IPv4) IP 配置分配公共 IPv6 地址。You cannot assign a public IPv6 address to a primary (IPv4) IP configuration.

次要Secondary

除了主要 IP 配置之外,网络接口还可能具有零个或多个分配给它的辅助 IP 配置。In addition to a primary IP configuration, a network interface may have zero or more secondary IP configurations assigned to it. 辅助 IP 配置:A secondary IP configuration:

  • 必须具有分配给它的 IPv4 或 IPv6 地址。Must have a private IPv4 or IPv6 address assigned to it. 如果地址是 IPv6,则网络接口只能具有一个辅助 IP 配置。If the address is IPv6, the network interface can only have one secondary IP configuration. 如果地址是 IPv4,则网络接口可以具有多个分配给它的辅助 IP 配置。If the address is IPv4, the network interface may have multiple secondary IP configurations assigned to it. 若要详细了解可以向网络接口分配多少专用和公共 IPv4 地址,请参阅 Azure 限制一文。To learn more about how many private and public IPv4 addresses can be assigned to a network interface, see the Azure limits article.
  • 也可以为其分配公共 IPv4 或 IPv6 地址。May also have a public IPv4 or IPv6 address assigned to it. 在以下情况下,将多个 IPv4 地址分配给网络接口很有用:Assigning multiple IPv4 addresses to a network interface is helpful in scenarios such as:
    • 在一台服务器上托管具有不同 IP 地址和 TLS/SSL 证书的多个网站或服务。Hosting multiple websites or services with different IP addresses and TLS/SSL certificates on a single server.
    • 虚拟机充当网络虚拟设备,例如防火墙或负载均衡器。A virtual machine serving as a network virtual appliance, such as a firewall or load balancer.
    • 可将任何网络接口的任何专用 IPv4 地址添加到 Azure 负载均衡器后端池。The ability to add any of the private IPv4 addresses for any of the network interfaces to an Azure Load Balancer back-end pool. 过去,只能将主要网络接口的主要 IPv4 地址添加到后端池。In the past, only the primary IPv4 address for the primary network interface could be added to a back-end pool. 若要详细了解如何对多个 IPv4 配置进行负载均衡,请参阅对多个 IP 配置进行负载均衡一文。To learn more about how to load balance multiple IPv4 configurations, see the Load balancing multiple IP configurations article.
    • 可以对分配给网络接口的一个 IPv6 地址进行负载均衡。The ability to load balance one IPv6 address assigned to a network interface. 若要详细了解如何对 IPv6 地址进行负载均衡,请参阅对 IPv6 地址进行负载均衡一文。To learn more about how to load balance to a private IPv6 address, see the Load balance IPv6 addresses article.

地址类型Address types

可以向 IP 配置分配以下类型的 IP 地址:You can assign the following types of IP addresses to an IP configuration:

专用Private

通过专用 IPv4 或 IPv6 地址,虚拟机能够与虚拟网络或其他连接的网络中的其他资源进行通信。Private IPv4 or IPv6 addresses enable a virtual machine to communicate with other resources in a virtual network or other connected networks.

默认情况下,Azure DHCP 服务器将 Azure 网络接口的主要 IP 配置的专用 IPv4 地址分配给虚拟机操作系统内的网络接口。By default, the Azure DHCP servers assign the private IPv4 address for the primary IP configuration of the Azure network interface to the network interface within the virtual machine operating system. 除非必要,永远不应当在虚拟机操作系统中手动设置网络接口的 IP 地址。Unless necessary, you should never manually set the IP address of a network interface within the virtual machine's operating system.

警告

如果在虚拟机操作系统中设置为网络接口的主要 IP 地址的 IPv4 地址曾经不同于为附加到 Azure 中的虚拟机的主要网络接口的主要 IP 配置分配的专用 IPv4 地址,则会失去到虚拟机的连接。If the IPv4 address set as the primary IP address of a network interface within a virtual machine's operating system is ever different than the private IPv4 address assigned to the primary IP configuration of the primary network interface attached to a virtual machine within Azure, you lose connectivity to the virtual machine.

在许多方案中,需要手动设置虚拟机操作系统内的网络接口的 IP 地址。There are scenarios where it's necessary to manually set the IP address of a network interface within the virtual machine's operating system. 例如,在向 Azure 虚拟机添加多个 IP 地址时,必须手动设置 Windows 操作系统的主要和辅助 IP 地址。For example, you must manually set the primary and secondary IP addresses of a Windows operating system when adding multiple IP addresses to an Azure virtual machine. 对于 Linux 虚拟机,可能只需要手动设置辅助 IP 地址。For a Linux virtual machine, you may only need to manually set the secondary IP addresses. 有关详细信息,请参阅向 VM 操作系统添加 IP 地址See Add IP addresses to a VM operating system for details. 如果需要更改分配给 IP 配置的地址,我们建议:If you ever need to change the address assigned to an IP configuration, it's recommended that you:

  1. 确保虚拟机接收来自 Azure DHCP 服务器的地址。Ensure that the virtual machine is receiving an address from the Azure DHCP servers. 之后,将分配的 IP 地址更改回到操作系统中的 DHCP,并重新启动虚拟机。Once you have, change the assignment of the IP address back to DHCP within the operating system and restart the virtual machine.
  2. 关闭(解除分配)虚拟机。Stop (deallocate) the virtual machine.
  3. 在 Azure 中更改 IP 配置的 IP 地址。Change the IP address for the IP configuration within Azure.
  4. 启动虚拟机。Start the virtual machine.
  5. 在操作系统中手动配置辅助 IP 地址(在 Windows 内还需要配置主要 IP 地址)以配置在 Azure.Manually configure the secondary IP addresses within the operating system (and also the primary IP address within Windows) to match what you set within Azure.

通过遵循上述步骤,在 Azure 中分配给网络接口的专用 IP 地址与在虚拟机操作系统中分配的地址会保持相同。By following the previous steps, the private IP address assigned to the network interface within Azure, and within a virtual machine's operating system, remain the same. 为了跟踪在操作系统中为订阅中的哪些虚拟机手动设置了 IP 地址,请考虑向虚拟机添加一个 Azure 标记To keep track of which virtual machines within your subscription that you've manually set IP addresses within an operating system for, consider adding an Azure tag to the virtual machines. 例如,可以使用“IP 地址分配: 静态”。You might use "IP address assignment: Static", for example. 这样,可以轻松找到订阅中在操作系统中手动为其设置了 IP 地址的虚拟机。This way, you can easily find the virtual machines within your subscription that you've manually set the IP address for within the operating system.

通过专用 IP 地址,虚拟机除了能够与同一网络中的或所连接的虚拟网络中的其他资源进行通信外,还能够进行到 Internet 的出站通信。In addition to enabling a virtual machine to communicate with other resources within the same, or connected virtual networks, a private IP address also enables a virtual machine to communicate outbound to the Internet. 出站连接是由 Azure 转换为不可预测的公共 IP 地址的源网络地址。Outbound connections are source network address translated by Azure to an unpredictable public IP address. 若要了解 Azure 出站 Internet 连接的详细信息,请阅读 Azure 出站 Internet 连接一文。To learn more about Azure outbound Internet connectivity, read the Azure outbound Internet connectivity article. 不能从 Internet 进行到虚拟机的专用 IP 地址的入站通信。You cannot communicate inbound to a virtual machine's private IP address from the Internet. 如果出站连接需要可预测的公共 IP 地址,则将公共 IP 地址资源关联到网络接口。If your outbound connections require a predictable public IP address, associate a public IP address resource to a network interface.

公共Public

通过公共 IP 地址资源分配的公共 IP 地址允许以入站连接的方式从 Internet 连接到虚拟机。Public IP addresses assigned through a public IP address resource enable inbound connectivity to a virtual machine from the Internet. 到 Internet 的出站连接使用不可预测的 IP 地址。Outbound connections to the Internet use a predictable IP address. 有关详细信息,请参阅了解 Azure 中的出站连接See Understanding outbound connections in Azure for details. 可以为 IP 配置分配公共 IP 地址,但这不是必需的。You may assign a public IP address to an IP configuration, but aren't required to. 如果没有通过关联公共 IP 地址资源的方式向虚拟机分配公共 IP 地址,则虚拟机仍可以出站方式与 Internet 通信。If you don't assign a public IP address to a virtual machine by associating a public IP address resource, the virtual machine can still communicate outbound to the Internet. 在这种情况下,专用 IP 地址是由 Azure 转换为不可预测的公共 IP 地址的源网络地址。In this case, the private IP address is source network address translated by Azure to an unpredictable public IP address. 若要了解有关公共 IP 地址资源的详细信息,请参阅公共 IP 地址资源To learn more about public IP address resources, see Public IP address resource.

可分配给网络接口的专用和公共 IP 地址数有限制。There are limits to the number of private and public IP addresses that you can assign to a network interface. 有关详细信息,请参阅 Azure 限制一文。For details, read the Azure limits article.

备注

Azure 会将虚拟机的专用 IP 地址转换为公共 IP 地址。Azure translates a virtual machine's private IP address to a public IP address. 因此,虚拟机的操作系统不会意识到分配给它的任何公共 IP 地址,因此不需要在操作系统中手动分配公共 IP 地址。As a result, a virtual machine's operating system is unaware of any public IP address assigned to it, so there is no need to ever manually assign a public IP address within the operating system.

分配方法Assignment methods

公共和专用 IP 地址是使用以下分配方法之一分配的:Public and private IP addresses are assigned using one of the following assignment methods:

动态Dynamic

默认情况下会分配动态专用 IPv4 和 IPv6(可选)地址。Dynamic private IPv4 and IPv6 (optionally) addresses are assigned by default.

  • 仅公共:Azure 从特定于每个 Azure 区域的范围分配地址。Public only: Azure assigns the address from a range unique to each Azure region. 若要了解向每个区域分配了哪些范围,请参阅 Azure 数据中心 IP 范围To learn which ranges are assigned to each region, see Azure Datacenter IP Ranges. 如果在停止(解除分配)虚拟机后又重新启动,则地址可能会更改。The address can change when a virtual machine is stopped (deallocated), then started again. 无法使用任一分配方法为 IP 配置分配公共 IPv6 地址。You cannot assign a public IPv6 address to an IP configuration using either assignment method.
  • 仅专用:Azure 保留每个子网地址范围中的前四个地址,不分配这些地址。Private only: Azure reserves the first four addresses in each subnet address range, and doesn't assign the addresses. Azure 将下一个可用的地址分配给子网地址范围中的资源。Azure assigns the next available address to a resource from the subnet address range. 例如,如果子网的地址范围为 10.0.0.0/16,且地址 10.0.0.0.4-10.0.0.14 已分配(.0-.3 为保留地址),则 Azure 会将 10.0.0.15 分配给资源。For example, if the subnet's address range is 10.0.0.0/16, and addresses 10.0.0.0.4-10.0.0.14 are already assigned (.0-.3 are reserved), Azure assigns 10.0.0.15 to the resource. 动态方法是默认的分配方法。Dynamic is the default allocation method. 动态 IP 地址在分配后,仅在以下情况下才会释放:网络接口已删除、已分配到同一虚拟网络中的另一子网,或者分配方法已更改为静态,这种情况下会指定另一 IP 地址。Once assigned, dynamic IP addresses are only released if a network interface is deleted, assigned to a different subnet within the same virtual network, or the allocation method is changed to static, and a different IP address is specified. 默认情况下,当分配方法从动态更改为静态时,Azure 会将以前动态分配的地址作为静态地址分配。By default, Azure assigns the previous dynamically assigned address as the static address when you change the allocation method from dynamic to static.

静态Static

(可选)可向 IP 配置分配公共或专用静态 IPv4 或 IPv6 地址。You can (optionally) assign a public or private static IPv4 or IPv6 address to an IP configuration. 若要详细了解 Azure 如何分配静态公共 IPv4 地址,请参阅公共 IP 地址To learn more about how Azure assigns static public IPv4 addresses, see Public IP addresses.

  • 仅公共:Azure 从特定于每个 Azure 区域的范围分配地址。Public only: Azure assigns the address from a range unique to each Azure region. 可以下载 Azure 中国云的范围(前缀)列表。You can download the list of ranges (prefixes) for the Azure China clouds. 该地址不会更改,除非其所分配到的公共 IP 地址资源已删除,或者分配方法已更改为动态。The address doesn't change until the public IP address resource it's assigned to is deleted, or the assignment method is changed to dynamic. 如果将公共 IP 地址资源关联到某个 IP 配置,则必须取消其与 IP 配置的关联,然后才能更改其分配方法。If the public IP address resource is associated to an IP configuration, it must be dissociated from the IP configuration before changing its assignment method.
  • 仅专用:由你选择并分配子网地址范围中的地址。Private only: You select and assign an address from the subnet's address range. 分配的地址可以是子网地址范围中的任何地址,前提是该地址不是子网地址范围中的头四个地址,也不是当前已分配给子网中任何其他资源的地址。The address you assign can be any address within the subnet address range that is not one of the first four addresses in the subnet's address range and is not currently assigned to any other resource in the subnet. 只有在删除网络接口之后,静态地址才会释放。Static addresses are only released if a network interface is deleted. 如果将分配方法更改为静态,Azure 会动态地将以前分配的动态 IP 地址作为静态地址分配,即使该地址不是子网地址范围内的下一个可用地址。If you change the allocation method to static, Azure dynamically assigns the previously assigned dynamic IP address as the static address, even if the address isn't the next available address in the subnet's address range. 如果将网络接口分配给同一虚拟网络中的另一子网,则该地址也会更改。但是,若要将网络接口分配给另一子网,必须先将分配方法从静态更改为动态。The address also changes if the network interface is assigned to a different subnet within the same virtual network, but to assign the network interface to a different subnet, you must first change the allocation method from static to dynamic. 将网络接口分配给另一子网以后,即可将分配方法改回为静态,并根据新子网的地址范围分配 IP 地址。Once you've assigned the network interface to a different subnet, you can change the allocation method back to static, and assign an IP address from the new subnet's address range.

IP 地址版本IP address versions

在分配地址时可以指定以下版本:You can specify the following versions when assigning addresses:

IPv4IPv4

每个网络接口必须有一个具有分配的专用 IPv4 地址的主要 IP 配置。Each network interface must have one primary IP configuration with an assigned private IPv4 address. 可以添加一个或多个辅助 IP 配置,每个配置都具有一个 IPv4 专用地址(可选)和一个 IPv4 公共 IP 地址。You can add one or more secondary IP configurations that each have an IPv4 private and (optionally) an IPv4 public IP address.

IPv6IPv6

可以为网络接口的辅助 IP 配置分配零个或一个专用 IPv6 地址。You can assign zero or one private IPv6 address to one secondary IP configuration of a network interface. 网络接口不能具有任何现有的辅助 IP 配置。The network interface cannot have any existing secondary IP configurations. 每个网络接口最多只能有一个 IPv6 专用地址。Each network interface may have at most one IPv6 private address. 可以选择将公共 IPv6 地址添加到 IPv6 网络接口配置。You can optionally add a public IPv6 address to an IPv6 network interface configuration.

备注

虽然可使用门户创建具有 IPv6 地址的网络接口,但不能使用门户将现有网络接口添加到新的或现有的虚拟机。Though you can create a network interface with an IPv6 address using the portal, you can't add an existing network interface to a new, or existing virtual machine, using the portal. 使用 PowerShell 或 Azure CLI 创建具有专用 IPv6 地址的网络接口,然后在创建虚拟机时附加该网络接口。Use PowerShell or the Azure CLI to create a network interface with a private IPv6 address, then attach the network interface when creating a virtual machine. 无法将分配有专用 IPv6 地址的网络接口附加到现有虚拟机。You cannot attach a network interface with a private IPv6 address assigned to it to an existing virtual machine. 对于附加到虚拟机的任何网络接口,无法使用任何工具(门户、CLI 或 PowerShell)为 IP 配置添加专用 IPv6 地址。You cannot add a private IPv6 address to an IP configuration for any network interface attached to a virtual machine using any tools (portal, CLI, or PowerShell).

无法为主要或辅助 IP 配置分配公共 IPv6 地址。You can't assign a public IPv6 address to a primary or secondary IP configuration.

SKUSKUs

公共 IP 地址是使用基本或标准 SKU 创建的。A public IP address is created with the basic or standard SKU. 有关 SKU 差异的详细信息,请参阅管理公共 IP 地址For more information about SKU differences, see Manage public IP addresses.

备注

将标准 SKU 公共 IP 地址分配到虚拟机的网络接口时,必须使用网络安全组显式允许预期流量。When you assign a standard SKU public IP address to a virtual machine's network interface, you must explicitly allow the intended traffic with a network security group. 创建并关联网络安全组且显式允许所需流量之后,才可与资源通信。Communication with the resource fails until you create and associate a network security group and explicitly allow the desired traffic.

后续步骤Next steps

若要创建具有不同 IP 配置的虚拟机,请阅读以下文章:To create a virtual machine with different IP configurations, read the following articles:

任务Task 工具Tool
创建具有多个网络接口的 VMCreate a VM with multiple network interfaces CLIPowerShellCLI, PowerShell
创建具有多个 IPv4 地址的单 NIC VMCreate a single NIC VM with multiple IPv4 addresses CLIPowerShellCLI, PowerShell
创建具有专用 IPv6 地址的单 NIC VM(在 Azure 负载均衡器后)Create a single NIC VM with a private IPv6 address (behind an Azure Load Balancer) CLIPowerShellAzure 资源管理器模板CLI, PowerShell, Azure Resource Manager template