创建、更改或删除公共 IP 地址Create, change, or delete a public IP address

了解公共 IP 地址,以及如何创建、更改和删除此类地址。Learn about a public IP address and how to create, change, and delete one. 公共 IP 地址是一种自带可配置设置的资源。A public IP address is a resource with its own configurable settings. 将公共 IP 地址分配给支持公共 IP 地址的 Azure 资源以启用:Assigning a public IP address to an Azure resource that supports public IP addresses enables:

  • 从 Internet 到资源的入站通信,如 Azure 虚拟机 (VM)、Azure 应用程序网关、Azure 负载均衡器、Azure VPN 网关等。Inbound communication from the Internet to the resource, such as Azure Virtual Machines (VM), Azure Application Gateways, Azure Load Balancers, Azure VPN Gateways, and others. 如果 VM 没有分配有公共 IP 地址,则仍可通过 Internet 与某些资源(如 VM)进行通信,前提是 VM 是负载均衡器后端池的一部分且负载均衡器分配有公共 IP 地址。You can still communicate with some resources, such as VMs, from the Internet, if a VM doesn't have a public IP address assigned to it, as long as the VM is part of a load balancer back-end pool, and the load balancer is assigned a public IP address. 若要确定是否可向特定 Azure 服务的资源分配公共 IP 地址,或是否可通过其他 Azure 资源的公共 IP 地址与之通信,请参阅该服务的文档。To determine whether a resource for a specific Azure service can be assigned a public IP address, or whether it can be communicated with through the public IP address of a different Azure resource, see the documentation for the service.
  • 使用可预测的 IP 地址与 Internet 建立出站连接。Outbound connectivity to the Internet using a predictable IP address. 例如,如果某虚拟机未分配有公共 IP 地址,但其地址由 Azure 网络地址转换为可预测的公共地址,则默认情况下,该虚拟机可与 Internet 建立出站通信。For example, a virtual machine can communicate outbound to the Internet without a public IP address assigned to it, but its address is network address translated by Azure to an unpredictable public address, by default. 通过将公共 IP 地址分配给资源,可了解哪个 IP 地址用于出站连接。Assigning a public IP address to a resource enables you to know which IP address is used for the outbound connection. 尽管可预测,但地址可根据所选分配方法进行更改。Though predictable, the address can change, depending on the assignment method chosen. 有关详细信息,请参阅创建公共 IP 地址For more information, see Create a public IP address. 有关从 Azure 资源建立出站连接的详细信息,请参阅了解出站连接To learn more about outbound connections from Azure resources, see Understand outbound connections.

准备阶段Before you begin

Note

本文进行了更新,以便使用新的 Azure PowerShell Az 模块。This article has been updated to use the new Azure PowerShell Az module. 你仍然可以使用 AzureRM 模块,至少在 2020 年 12 月之前,它将继续接收 bug 修补程序。You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. 若要详细了解新的 Az 模块和 AzureRM 兼容性,请参阅新 Azure Powershell Az 模块简介To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. 有关 Az 模块安装说明,请参阅安装 Azure PowerShellFor Az module installation instructions, see Install Azure PowerShell.

在完成本文任何部分中的步骤之前,请完成以下任务:Complete the following tasks before completing steps in any section of this article:

  • 如果还没有 Azure 帐户,请注册试用帐户If you don't already have an Azure account, sign up for a trial account.
  • 如果使用门户,请打开 https://portal.azure.cn,并使用 Azure 帐户登录。If using the portal, open https://portal.azure.cn, and log in with your Azure account.
  • 如果使用 PowerShell 命令来完成本文中的任务,请从计算机运行 PowerShell。If using PowerShell commands to complete tasks in this article, by running PowerShell from your computer. 本教程需要 Azure PowerShell 模块 1.0.0 或更高版本。This tutorial requires the Azure PowerShell module version 1.0.0 or later. 运行 Get-Module -ListAvailable Az 查找已安装的版本。Run Get-Module -ListAvailable Az to find the installed version. 如果需要进行升级,请参阅 Install Azure PowerShell module(安装 Azure PowerShell 模块)。If you need to upgrade, see Install Azure PowerShell module. 如果在本地运行 PowerShell,则还需运行 Connect-AzAccount -Environment AzureChinaCloud 来创建与 Azure 的连接。If you are running PowerShell locally, you also need to run Connect-AzAccount -Environment AzureChinaCloud to create a connection with Azure.
  • 如果使用 Azure 命令行界面 (CLI) 命令来完成本文中的任务,请从计算机运行 CLI。If using Azure Command-line interface (CLI) commands to complete tasks in this article, by running the CLI from your computer. 本教程需要 Azure CLI 2.0.31 或更高版本。This tutorial requires the Azure CLI version 2.0.31 or later. 运行 az --version 查找已安装的版本。Run az --version to find the installed version. 如果需要进行安装或升级,请参阅安装 Azure CLIIf you need to install or upgrade, see Install Azure CLI. 如果在本地运行 Azure CLI,则还需运行 az login 以创建与 Azure 的连接。If you are running the Azure CLI locally, you also need to run az login to create a connection with Azure.

登录或连接到 Azure 所用的帐户必须分配有网络参与者角色或者分配有可执行权限中列出的适当操作的自定义角色The account you log into, or connect to Azure with, must be assigned to the network contributor role or to a custom role that is assigned the appropriate actions listed in Permissions.

公共 IP 地址会产生少许费用。Public IP addresses have a nominal charge. 若要查看定价,请参阅 IP 地址定价页。To view the pricing, read the IP address pricing page.

创建公共 IP 地址Create a public IP address

  1. 在门户左上角的顶部选择“+ 创建资源” 。At the top, left corner of the portal, select + Create a resource.

  2. 在“在市场中搜索”框中输入“公共 IP 地址” 。Enter public ip address in the Search the Marketplace box. 当“公共 IP 地址”出现在搜索结果中时,请选择它。 When Public IP address appears in the search results, select it.

  3. 在“公共 IP 地址”下, 选择“创建” 。Under Public IP address, select Create.

  4. 在“创建公共 IP 地址”下为以下设置输入或选择值,然后选择“创建” :Enter, or select values for the following settings, under Create public IP address, then select Create:

    设置Setting 必需?Required? 详细信息Details
    NameName Yes 名称在所选资源组中必须唯一。The name must be unique within the resource group you select.
    SKUSKU Yes 引入 SKU 之前创建的所有公共 IP 地址均为基本 SKU 公共 IP 地址 。All public IP addresses created before the introduction of SKUs are Basic SKU public IP addresses. 创建公共 IP 地址后,无法更改此 SKU。You cannot change the SKU after the public IP address is created. 独立虚拟机、可用性集内的虚拟机或虚拟机规模集可使用基本 SKU 或标准 SKU。A standalone virtual machine, virtual machines within an availability set, or virtual machine scale sets can use Basic or Standard SKUs. 不允许在可用性集或规模集内的虚拟机之间混用 SKU。Mixing SKUs between virtual machines within availability sets or scale sets is not allowed. 标准 SKU:标准 SKU 公共 IP 可关联到虚拟机或负载均衡器前端。Standard SKU: A Standard SKU public IP can be associated to a virtual machine or a load balancer front end. 若要了解标准 负载均衡器的详细信息,请参阅 Azure 负载均衡器标准 SKUTo learn more about standard load balancers, see Azure load balancer standard SKU. 将标准 SKU 公共 IP 地址分配到虚拟机的网络接口时,必须使用网络安全组显式允许预期流量。When you assign a standard SKU public IP address to a virtual machine's network interface, you must explicitly allow the intended traffic with a network security group. 创建并关联网络安全组且显式允许所需流量之后,才可与资源通信。Communication with the resource fails until you create and associate a network security group and explicitly allow the desired traffic.
    IP 地址分配IP address assignment Yes 动态: 只有在将公共 IP 与 Azure 资源相关联并首次启动该资源时,才分配动态地址。Dynamic: Dynamic addresses are assigned only after a public IP address is associated to an Azure resource, and the resource is started for the first time. 如果将动态地址分配给某个资源,例如虚拟机,并且虚拟机停止(解除分配)后又重启,则动态地址可能会更改。Dynamic addresses can change if they're assigned to a resource, such as a virtual machine, and the virtual machine is stopped (deallocated), and then restarted. 如果虚拟机重启或停止(但未解除分配),该地址将保持不变。The address remains the same if a virtual machine is rebooted or stopped (but not deallocated). 当公共 IP 地址资源从它关联到的资源取消关联时,会释放动态地址。Dynamic addresses are released when a public IP address resource is dissociated from a resource it is associated to. 静态: 静态地址是在创建公共 IP 地址时分配的。Static: Static addresses are assigned when a public IP address is created. 删除公共 IP 地址资源之前,不会释放静态地址。Static addresses are not released until a public IP address resource is deleted. 如果地址没有关联到资源,则在创建地址后可以更改分配方法。If the address is not associated to a resource, you can change the assignment method after the address is created. 如果地址已关联到资源,则无法更改分配方法。If the address is associated to a resource, you may not be able to change the assignment method.
    空闲超时(分钟)Idle timeout (minutes) No 在不依赖客户端发送保持连接消息的情况下,TCP 或 HTTP 连接持续打开的分钟数。How many minutes to keep a TCP or HTTP connection open without relying on clients to send keep-alive messages.
    DNS 名称标签DNS name label No 必须在创建名称的 Azure 位置中(在所有订阅和所有客户中)保持唯一。Must be unique within the Azure location you create the name in (across all subscriptions and all customers). Azure 会在其 DNS 中自动注册该名称和 IP 地址,使你能够连接到使用该名称的资源。Azure automatically registers the name and IP address in its DNS so you can connect to a resource with the name. Azure 会将类似于 location.cloudapp.chinacloudapi.cn(其中 location 是所选的位置)的默认子网追加到提供的名称后面,以创建完全限定的 DNS 名称。Azure appends a default subnet such as location.cloudapp.chinacloudapi.cn (where location is the location you select) to the name you provide, to create the fully qualified DNS name. 如果选择同时创建这两个地址版本,则会为 IPv4 地址分配相同的 DNS 名称。If you choose to create both address versions, the same DNS name is assigned to the IPv4 addresses. Azure 的默认 DNS 包含 IPv4 A 名称记录。Azure's default DNS contains IPv4 A name records. 客户端选择 IPv4 要与哪个地址进行通信。The client chooses which address IPv4 to communicate with. 除了使用带有默认后缀的 DNS 名称标签,还可以改用 Azure DNS 服务来配置带有自定义后缀(可解析为公共 IP 地址)的 DNS 名称。Instead of, or in addition to, using the DNS name label with the default suffix, you can use the Azure DNS service to configure a DNS name with a custom suffix that resolves to the public IP address. 有关详细信息,请参阅将 Azure DNS 与 Azure 公共 IP 地址配合使用For more information, see Use Azure DNS with an Azure public IP address
    订阅Subscription Yes 必须与要将公共 IP 地址关联到的资源位于同一订阅中。Must exist in the same subscription as the resource you want to associate the public IP address to.
    资源组Resource group Yes 可与要将公共 IP 地址关联到的资源位于相同或不同的资源组中。Can exist in the same, or different, resource group as the resource you want to associate the public IP address to.
    位置Location Yes 必须与要将公共 IP 地址关联到的资源位于同一位置(也称为“区域”)。Must exist in the same location, also referred to as region, as the resource you want to associate the public IP address to.

命令Commands

工具Tool 命令Command
CLICLI az network public-ip createaz network public-ip create
PowerShellPowerShell New-AzPublicIpAddressNew-AzPublicIpAddress

查看、删除公共 IP 地址或更改其设置View, change settings for, or delete a public IP address

  1. 在 Azure 门户顶部包含“搜索资源”文本的框中,键入“公共 IP 地址”。 In the box that contains the text Search resources at the top of the Azure portal, type public ip address. 当“公共 IP 地址”出现在搜索结果中时,请选择它。 When Public IP addresses appear in the search results, select it.

  2. 选择要查看、更改其设置或从列表中删除的公共 IP 地址的名称。Select the name of the public IP address you want to view, change settings for, or delete from the list.

  3. 根据是要查看、删除还是更改公共 IP 地址,完成以下选项之一。Complete one of the following options, depending on whether you want to view, delete, or change the public IP address.

    • 视图:“概述”部分显示公共 IP 地址的主要设置,例如与之关联的网络接口(如果地址与某个网络接口关联)。 View: The Overview section shows key settings for the public IP address, such as the network interface it's associated to (if the address is associated to a network interface). 若要查看版本信息,请使用 PowerShell 或 CLI 命令查看公共 IP 地址。To view the version information, use the PowerShell or CLI command to view the public IP address.

    • 删除:若要删除公共 IP 地址,请在“概述”部分中选择“删除”。 Delete: To delete the public IP address, select Delete in the Overview section. 如果该地址当前与 IP 配置关联,则无法删除。If the address is currently associated to an IP configuration, it cannot be deleted. 如果该地址当前已关联到某个配置,请选择“取消关联”,从该 IP 配置中取消关联该地址。 If the address is currently associated with a configuration, select Dissociate to dissociate the address from the IP configuration.

    • 更改:选择“配置” 。Change: select Configuration. 使用创建公共 IP 地址的步骤 4 中的信息更改设置。Change settings using the information in step 4 of Create a public IP address. 要将 IPv4 地址的分配方法从静态更改为动态,必须先从该公共 IPv4 地址关联的 IP 配置中取消关联该地址。To change the assignment for an IPv4 address from static to dynamic, you must first dissociate the public IPv4 address from the IP configuration it's associated to. 然后,可将分配方法更改为动态,并选择“关联”将该 IP 地址关联到相同或不同的 IP 配置,或者让它保持取消关联状态。 You can then change the assignment method to dynamic and select Associate to associate the IP address to the same IP configuration, a different configuration, or you can leave it dissociated. 若要取消关联公共 IP 地址,请在“概述”部分中选择“取消关联”。 To dissociate a public IP address, in the Overview section, select Dissociate.

    Warning

    将分配方法从静态更改为动态时,将丢失分配给公共 IP 地址的 IP 地址。When you change the assignment method from static to dynamic, you lose the IP address that was assigned to the public IP address. 尽管 Azure 公共 DNS 服务器会保留静态或动态地址与任何 DNS 名称标签(若已定义)之间的映射,但如果虚拟机在处于停止(解除分配)状态之后启动,动态 IP 地址可能更改。While the Azure public DNS servers maintain a mapping between static or dynamic addresses and any DNS name label (if you defined one), a dynamic IP address can change when the virtual machine is started after being in the stopped (deallocated) state. 为防止地址变化,请分配静态 IP 地址。To prevent the address from changing, assign a static IP address.

命令Commands

工具Tool 命令Command
CLICLI az network public-ip list 用于列出公共 IP 地址;az network public-ip show 用于显示设置;az network public-ip update 用于更新;az network public-ip delete 用于删除az network public-ip list to list public IP addresses, az network public-ip show to show settings; az network public-ip update to update; az network public-ip delete to delete
PowerShellPowerShell Get-AzPublicIpAddress 用于检索公共 IP 地址对象并查看其设置;Set-AzPublicIpAddress 用于更新设置;Remove-AzPublicIpAddress 用于删除Get-AzPublicIpAddress to retrieve a public IP address object and view its settings, Set-AzPublicIpAddress to update settings; Remove-AzPublicIpAddress to delete

分配公共 IP 地址Assign a public IP address

了解如何将公共 IP 地址分配给以下资源:Learn how to assign a public IP address to the following resources:

权限Permissions

若要在公共 IP 地址上执行任务,必须将你的帐户分配给网络参与者角色或分配有下表中所列适当操作的自定义角色:To perform tasks on public IP addresses, your account must be assigned to the network contributor role or to a custom role that is assigned the appropriate actions listed in the following table:

操作Action NameName
Microsoft.Network/publicIPAddresses/readMicrosoft.Network/publicIPAddresses/read 读取公共 IP 地址Read a public IP address
Microsoft.Network/publicIPAddresses/writeMicrosoft.Network/publicIPAddresses/write 创建或更新公共 IP 地址Create or update a public IP address
Microsoft.Network/publicIPAddresses/deleteMicrosoft.Network/publicIPAddresses/delete 删除公共 IP 地址Delete a public IP address
Microsoft.Network/publicIPAddresses/join/actionMicrosoft.Network/publicIPAddresses/join/action 将公共 IP 地址关联到资源Associate a public IP address to a resource

后续步骤Next steps