您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

HDInsight 管理 IP 地址HDInsight management IP addresses

重要

在大多数情况下,您现在可以对网络安全组使用服务标记功能,而不是手动添加 IP 地址。In most cases, you can now use the service tag feature for network security groups, instead of manually adding IP addresses. 将仅为服务标记添加新区域,并且最终将弃用静态 IP 地址。New regions will only be added for service tags and the static IP addresses will eventually be deprecated.

如果使用网络安全组 (NSG) 或用户定义的路由 (UDR) 来控制到 HDInsight 群集的入站流量,则必须确保群集可以与关键的 Azure 运行状况和管理服务进行通信。If you use network security groups (NSGs) or user-defined routes (UDRs) to control inbound traffic to your HDInsight cluster, you must ensure that your cluster can communicate with critical Azure health and management services. 这些服务的某些 IP 地址特定于区域,其中一些地址适用于所有 Azure 区域。Some of the IP addresses for these services are region-specific, and some of them apply to all Azure regions. 如果不使用自定义 DNS,则可能还需要允许来自 Azure DNS 服务的流量。You may also need to allow traffic from the Azure DNS service if you aren't using custom DNS.

以下部分介绍了必须允许的特定 IP 地址。The following sections discuss the specific IP addresses that must be allowed.

Azure DNS 服务Azure DNS service

如果使用 Azure 提供的 DNS 服务,则允许在端口 53 上从__168.63.129.16__进行访问。If you're using the Azure-provided DNS service, allow access from 168.63.129.16 on port 53. 有关详细信息,请参阅 VM和角色实例的名称解析文档。For more information, see the Name resolution for VMs and Role instances document. 如果您使用的是自定义 DNS,请跳过此步骤。If you're using custom DNS, skip this step.

卫生和管理服务:所有地区Health and management services: All regions

允许 Azure HDInsight 运行状况和管理服务的以下 IP 地址的流量,这些服务适用于所有 Azure 区域:Allow traffic from the following IP addresses for Azure HDInsight health and management services, which apply to all Azure regions:

源 IP 地址Source IP address 目标Destination 方向Direction
168.61.49.99168.61.49.99 *:443*:443 入站Inbound
23.99.5.23923.99.5.239 *:443*:443 入站Inbound
168.61.48.131168.61.48.131 *:443*:443 入站Inbound
138.91.141.162138.91.141.162 *:443*:443 入站Inbound

卫生和管理服务:特定区域Health and management services: Specific regions

对于位于资源所在特定 Azure 区域中的 Azure HDInsight 运行状况和管理服务,允许来自以下 IP 地址的流量:Allow traffic from the IP addresses listed for the Azure HDInsight health and management services in the specific Azure region where your resources are located:

重要

如果未列出你使用的 Azure 区域,请使用网络安全组的服务标记功能。If the Azure region you are using is not listed, then use the service tag feature for network security groups.

国家/地区Country 区域Region 允许的源 IP 地址Allowed Source IP addresses 允许的目标Allowed Destination 方向Direction
亚洲Asia 东亚East Asia 23.102.235.12223.102.235.122
52.175.38.13452.175.38.134
*:443*:443 入站Inbound
  东南亚Southeast Asia 13.76.245.16013.76.245.160
13.76.136.24913.76.136.249
*:443*:443 入站Inbound
澳大利亚Australia 澳大利亚东部Australia East 104.210.84.115104.210.84.115
13.75.152.19513.75.152.195
*:443*:443 入站Inbound
  澳大利亚东南部Australia Southeast 13.77.2.5613.77.2.56
13.77.2.9413.77.2.94
*:443*:443 入站Inbound
巴西Brazil 巴西南部Brazil South 191.235.84.104191.235.84.104
191.235.87.113191.235.87.113
*:443*:443 入站Inbound
CanadaCanada 加拿大东部Canada East 52.229.127.9652.229.127.96
52.229.123.17252.229.123.172
*:443*:443 入站Inbound
  加拿大中部Canada Central 52.228.37.6652.228.37.66
52.228.45.22252.228.45.222
*: 443*: 443 入站Inbound
中国China 中国北部China North 42.159.96.17042.159.96.170
139.217.2.219139.217.2.219

42.159.198.17842.159.198.178
42.159.234.15742.159.234.157
*:443*:443 入站Inbound
  中国东部China East 42.159.198.17842.159.198.178
42.159.234.15742.159.234.157

42.159.96.17042.159.96.170
139.217.2.219139.217.2.219
*:443*:443 入站Inbound
  中国北部 2China North 2 40.73.37.14140.73.37.141
40.73.38.17240.73.38.172
*:443*:443 入站Inbound
  中国东部 2China East 2 139.217.227.106139.217.227.106
139.217.228.187139.217.228.187
*:443*:443 入站Inbound
欧洲Europe 北欧North Europe 52.164.210.9652.164.210.96
13.74.153.13213.74.153.132
*:443*:443 入站Inbound
  西欧West Europe 52.166.243.9052.166.243.90
52.174.36.24452.174.36.244
*:443*:443 入站Inbound
法国France 法国中部France Central 20.188.39.6420.188.39.64
40.89.157.13540.89.157.135
*:443*:443 入站Inbound
德国Germany 德国中部Germany Central 51.4.146.6851.4.146.68
51.4.146.8051.4.146.80
*:443*:443 入站Inbound
  德国东北部Germany Northeast 51.5.150.13251.5.150.132
51.5.144.10151.5.144.101
*:443*:443 入站Inbound
印度India 印度中部Central India 52.172.153.20952.172.153.209
52.172.152.4952.172.152.49
*:443*:443 入站Inbound
  印度南部South India 104.211.223.67104.211.223.67
104.211.216.210104.211.216.210
*:443*:443 入站Inbound
日本Japan 日本东部Japan East 13.78.125.9013.78.125.90
13.78.89.6013.78.89.60
*:443*:443 入站Inbound
  日本西部Japan West 40.74.125.6940.74.125.69
138.91.29.150138.91.29.150
*:443*:443 入站Inbound
韩国Korea 韩国中部Korea Central 52.231.39.14252.231.39.142
52.231.36.20952.231.36.209
*:443*:443 入站Inbound
  韩国南部Korea South 52.231.203.1652.231.203.16
52.231.205.21452.231.205.214
*:443*:443 入站Inbound
United KingdomUnited Kingdom 英国西部UK West 51.141.13.11051.141.13.110
51.141.7.2051.141.7.20
*:443*:443 入站Inbound
  英国南部UK South 51.140.47.3951.140.47.39
51.140.52.1651.140.52.16
*:443*:443 入站Inbound
United StatesUnited States 美国中部Central US 13.89.171.12213.89.171.122
13.89.171.12413.89.171.124
*:443*:443 入站Inbound
  美国东部East US 13.82.225.23313.82.225.233
40.71.175.9940.71.175.99
*:443*:443 入站Inbound
  美国中北部North Central US 157.56.8.38157.56.8.38
157.55.213.99157.55.213.99
*:443*:443 入站Inbound
  美国中西部West Central US 52.161.23.1552.161.23.15
52.161.10.16752.161.10.167
*:443*:443 入站Inbound
  美国西部West US 13.64.254.9813.64.254.98
23.101.196.1923.101.196.19
*:443*:443 入站Inbound
  美国西部 2West US 2 52.175.211.21052.175.211.210
52.175.222.22252.175.222.222
*:443*:443 入站Inbound
  阿拉伯联合酋长国北部UAE North 65.52.252.9665.52.252.96
65.52.252.9765.52.252.97
*:443*:443 入站Inbound

若要获取用于 Azure 政府版的 IP 地址的信息,请参阅 Azure 政府智能 + 分析文档。For information on the IP addresses to use for Azure Government, see the Azure Government Intelligence + Analytics document.

有关详细信息,请参阅控制网络流量部分。For more information, see the Controlling network traffic section.

如果使用用户定义的路由 (UDR),则应指定路由并允许从虚拟网络到上述 IP 的出站流量,下一个跃点设置为"Internet"。If you're using user-defined routes (UDRs), you should specify a route and allow outbound traffic from the virtual network to the above IPs with the next hop set to "Internet".

后续步骤Next steps