您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

什么是 Azure 负载均衡器?What is Azure Load Balancer?

使用 Azure 负载均衡器可以缩放应用程序,并为服务创建高可用性。With Azure Load Balancer, you can scale your applications and create high availability for your services. 负载均衡器支持入站和出站方案、提供低延迟和高吞吐量,以及为所有 TCP 和 UDP 应用程序纵向扩展到数以百万计的流。Load Balancer supports inbound and outbound scenarios, provides low latency and high throughput, and scales up to millions of flows for all TCP and UDP applications.

负载均衡器根据规则和运行状况探测,将抵达负载均衡器前端的新入站流量分配到后端池实例。Load Balancer distributes new inbound flows that arrive on the Load Balancer's frontend to backend pool instances, according to rules and health probes.

此外,公共负载均衡器还可将虚拟网络中虚拟机 (VM) 的专用 IP 地址转换为公共 IP 地址,从而为这些虚拟机提供出站连接。Additionally, a public Load Balancer can provide outbound connections for virtual machines (VMs) inside your virtual network by translating their private IP addresses to public IP addresses.

Azure 负载均衡器提供了两种 SKU :“基本”和“标准”。Azure Load Balancer is available in two SKUs: Basic and Standard. 规模、功能和定价方面有差异。There are differences in scale, features, and pricing. 尽管使用基本负载均衡器可以实现的任何场景也可以通过标准负载均衡器来创建,但创建方法略有不同。Any scenario that's possible with Basic Load Balancer can also be created with Standard Load Balancer, although the approaches might differ slightly. 在学习负载均衡器的过程中,必须熟悉基础知识和 SKU 方面的差异。As you learn about Load Balancer, it is important to familiarize yourself with the fundamentals and SKU-specific differences.

为何使用负载均衡器?Why use Load Balancer?

使用 Azure 负载均衡器可以:You can use Azure Load Balancer to:

  • 对传入到 VM 的 Internet 流量进行负载均衡。Load-balance incoming internet traffic to your VMs. 此配置称为公共负载均衡器This configuration is known as a Public Load Balancer.
  • 对虚拟网络中 VM 之间的流量进行负载均衡。Load-balance traffic across VMs inside a virtual network. 还可以在混合方案中从本地网络访问负载均衡器前端。You can also reach a Load Balancer front end from an on-premises network in a hybrid scenario. 这两种方案都使用称作内部负载均衡器的配置。Both scenarios use a configuration that is known as an Internal Load Balancer.
  • 使用入站网络地址转换 (NAT) 规则通过端口转发将流量转发到特定 VM 上的特定端口。Port forward traffic to a specific port on specific VMs with inbound network address translation (NAT) rules.
  • 使用公共负载均衡器为虚拟网络中的 VM 提供出站连接Provide outbound connectivity for VMs inside your virtual network by using a public Load Balancer.


Azure 为方案提供了一套完全托管的负载均衡解决方案。Azure provides a suite of fully managed load-balancing solutions for your scenarios. 若要寻求传输层安全性 (TLS) 协议终止(“SSL 卸载”)或每个 HTTP/HTTPS 请求的应用层处理,请查看应用程序网关If you are looking for Transport Layer Security (TLS) protocol termination ("SSL offload") or per-HTTP/HTTPS request, application-layer processing, review Application Gateway. 若要寻求全局 DNS 负载均衡,请查看流量管理器If you are looking for global DNS load balancing, review Traffic Manager. 端到端场景可从结合所需的解决方案中受益。Your end-to-end scenarios might benefit from combining these solutions as needed.

什么是负载均衡器资源?What are Load Balancer resources?

负载均衡器资源可以是公共负载均衡器或内部负载均衡器。A Load Balancer resource can exist as either a public Load Balancer or an internal Load Balancer. 负载均衡器资源的功能表示为前端、规则、运行状况探测和后端池定义。The Load Balancer resource's functions are expressed as a front end, a rule, a health probe, and a backend pool definition. 通过从 VM 指定后端池,将 VM 放入后端池。You place VMs into the backend pool by specifying the backend pool from the VM.

负载均衡器资源是一些对象,可在其中表述 Azure 应如何设定其多租户基础结构,以实现想要创建的方案。Load Balancer resources are objects within which you can express how Azure should program its multi-tenant infrastructure to achieve the scenario that you want to create. 负载均衡器资源与实际基础结构之间不存在直接的关系。There is no direct relationship between Load Balancer resources and actual infrastructure. 创建负载均衡器不会创建实例,容量始终可用。Creating a Load Balancer doesn't create an instance, and capacity is always available.

基本的负载均衡器功能Fundamental Load Balancer features

负载均衡器为 TCP 和 UDP 应用程序提供以下基本功能:Load Balancer provides the following fundamental capabilities for TCP and UDP applications:

  • 负载均衡Load balancing

    使用 Azure 负载均衡器可以创建负载均衡规则,以便将抵达前端的流量分配到后端池实例。With Azure Load Balancer, you can create a load-balancing rule to distribute traffic that arrives at frontend to backend pool instances. 负载均衡器使用基于哈希的算法来分配入站流量,并相应地重写发往后端池实例的流量的标头。Load Balancer uses a hash-based algorithm for distribution of inbound flows and rewrites the headers of flows to backend pool instances accordingly. 当运行状况探测指示后端终结点运行正常时,可以使用一个服务器来接收新流量。A server is available to receive new flows when a health probe indicates a healthy backend endpoint.

    默认情况下,负载均衡器使用 5 元组哈希(包括源 IP 地址、源端口、目标 IP 地址、目标端口和 IP 协议编号)将流量映射到可用服务器。By default, Load Balancer uses a 5-tuple hash composed of source IP address, source port, destination IP address, destination port, and IP protocol number to map flows to available servers. 可以启用给定规则的 2 元组或 3 元组哈希,来与特定的源 IP 地址创建关联。You can choose to create affinity to a specific source IP address by opting into a 2- or 3-tuple hash for a given rule. 同一数据包流量的所有数据包将会抵达负载均衡前端后面的同一实例。All packets of the same packet flow arrive on the same instance behind the load-balanced front end. 当客户端从同一源 IP 发起新流量时,源端口将会更改。When the client initiates a new flow from the same source IP, the source port changes. 因此,5 元组可能导致流量定向到不同的后端终结点。As a result, the 5-tuple might cause the traffic to go to a different backend endpoint.

    有关详细信息,请参阅负载均衡器分配模式For more information, see Load Balancer distribution mode. 下图显示了基于哈希的分配:The following image displays the hash-based distribution:


    图: 基于哈希的分发Figure: Hash-based distribution

  • 端口转发Port forwarding

    使用 Azure 负载均衡器可以创建入站 NAT 规则,以便通过端口转发,将来自特定前端 IP 地址的特定端口的流量转发到虚拟网络中特定后端实例的特定端口。With Load Balancer, you can create an inbound NAT rule to port forward traffic from a specific port of a specific frontend IP address to a specific port of a specific backend instance inside the virtual network. 也可以通过与负载均衡相同的基于哈希的分配来实现此目的。This is also accomplished by the same hash-based distribution as load balancing. 此功能的常见应用方案是与 Azure 虚拟网络中的单个 VM 实例建立远程桌面协议 (RDP) 或安全外壳 (SSH) 会话。Common scenarios for this capability are Remote Desktop Protocol (RDP) or Secure Shell (SSH) sessions to individual VM instances inside the Azure Virtual Network. 可将多个内部终结点映射到相同前端 IP 地址上的不同端口。You can map multiple internal endpoints to the various ports on the same frontend IP address. 可以使用前端 IP 地址通过 Internet 远程管理 VM,而无需额外配置跳转盒。You can use the frontend IP addresses to remotely administer your VMs over the internet without the need for an additional jump box.

  • 应用程序不可知性和透明性Application agnostic and transparent

    负载均衡器不直接与 TCP、UDP 或应用层交互,可支持任何 TCP 或 UDP 应用方案。Load Balancer does not directly interact with TCP or UDP or the application layer, and any TCP or UDP application scenario can be supported. 负载均衡器不会终止或发起流、不会与流的有效负载交互,也不会提供任何应用层网关功能。协议握手始终在客户端与后端池实例之间直接发生。Load Balancer does not terminate or originate flows, interact with the payload of the flow, provides no application layer gateway function, and protocol handshakes always occur directly between the client and the backend pool instance. 对入站流做出的响应始终是来自虚拟机的响应。A response to an inbound flow is always a response from a virtual machine. 当流抵达虚拟机时,也会保留原始的源 IP 地址。When the flow arrives on the virtual machine, the original source IP address is also preserved. 下面通过几个示例来进一步演示透明度:A couple of examples to further illustrate transparency:

    • 每个终结点仅由某个 VM 应答。Every endpoint is only answered by a VM. 例如,TCP 握手始终在客户端与选定的后端 VM 之间发生。For example, a TCP handshake always occurs between the client and the selected backend VM. 前端请求的响应是由后端 VM 生成的。A response to a request to a front end is a response generated by backend VM. 成功验证与前端的连接后,将会验证与至少一个后端虚拟机的端到端连接。When you successfully validate connectivity to a frontend, you are validating the end to end connectivity to at least one backend virtual machine.
    • 应用程序有效负载对负载均衡器透明,可支持任何 UDP 或 TCP 应用程序。Application payloads are transparent to Load Balancer and any UDP or TCP application can be supported. 对于需要根据 HTTP 请求进行处理或操作应用层有效负载(例如,分析 HTTP URL)的工作负荷,应使用应用程序网关等第 7 层负载均衡器。For workloads which require per HTTP request processing or manipulation of application layer payloads (for example, parsing of HTTP URLs), you should use a layer 7 load balancer like Application Gateway.
    • 由于负载均衡器不能识别 TCP 有效负载,并且不会提供 TLS 卸载(“SSL”),因此,你可以使用负载均衡器构建端到端的已加密方案,并通过在 VM 本身上终止 TLS 连接对 TLS 应用程序进行大规模的横向扩展。Because Load Balancer is agnostic to the TCP payload and TLS offload ("SSL") is not provided, you can build end to end encrypted scenarios using Load Balancer and gain large scale-out for TLS applications by terminating the TLS connection on the VM itself. 例如,只会根据添加到后端池的 VM 类型和数目限制 TLS 会话密钥容量。For example, your TLS session keying capacity is only limited by the type and number of VMs you add to the backend pool. 如果需要“SSL 卸载”、应用层处理或想要将证书管理权委托给 Azure,应改用 Azure 的第 7 层负载均衡器应用程序网关If you require "SSL offloading", application layer treatment, or wish to delegate certificate management to Azure, you should use Azure's layer 7 load balancer Application Gateway instead.
  • 自动重新配置Automatic reconfiguration

    增加或减少实例时,负载均衡器会立即自行重新配置。Load Balancer instantly reconfigures itself when you scale instances up or down. 在后端池中添加或删除 VM 后,会重新配置负载均衡器,无需针对负载均衡器资源执行其他操作。Adding or removing VMs from the backend pool reconfigures the Load Balancer without additional operations on the Load Balancer resource.

  • 运行状况探测Health probes

    为确定后端池中实例的运行状况,负载均衡器会使用定义的运行状况探测。To determine the health of instances in the backend pool, Load Balancer uses health probes that you define. 当探测无法响应时,负载均衡器会停止向状况不良的实例发送新连接。When a probe fails to respond, the Load Balancer stops sending new connections to the unhealthy instances. 现有连接不受影响,会一直保留到应用程序终止了流、发生空闲超时或 VM 关闭为止。Existing connections are not affected, and they continue until the application terminates the flow, an idle timeout occurs, or the VM is shut down.

    负载均衡器为 TCP、HTTP 和 HTTPS 终结点提供了不同的运行状况探测类型Load Balancer provides different health probe types for TCP, HTTP, and HTTPS endpoints.

    此外,使用经典云服务时允许使用其他类型:来宾代理Additionally, when using Classic cloud services, an additional type is allowed: Guest agent. 这应作为运行状况探测的最后手段,当其他选项可行时不建议使用此选项。This should be considered to be a health probe of last resort and is not recommended when other options are viable.

  • 出站连接 (SNAT)Outbound connections (SNAT)

    从虚拟网络中的专用 IP 地址发往 Internet 上的公共 IP 地址的所有出站流量可以转换为负载均衡器的前端 IP 地址。All outbound flows from private IP addresses inside your virtual network to public IP addresses on the internet can be translated to a frontend IP address of the Load Balancer. 通过负载均衡规则将公共前端绑定到后端 VM 后,Azure 会将出站连接设定为自动转换成公共前端的 IP 地址。When a public front end is tied to a backend VM by way of a load balancing rule, Azure programs outbound connections to be automatically translated to the public frontend IP address.

    • 可以轻松地对服务进行升级和灾难恢复操作,因为前端可以动态映射到服务的其他实例。Enable easy upgrade and disaster recovery of services, because the front end can be dynamically mapped to another instance of the service.

    • 简化了访问控制列表 (ACL) 管理。Easier access control list (ACL) management to. 以前端 IP 表示的 ACL 不会随着服务的缩放或重新部署而更改。ACLs expressed in terms of frontend IPs do not change as services scale up or down or get redeployed. 将出站连接转换为较小数量的 IP 地址而不是计算机,可以减少允许列表的负担。Translating outbound connections to a smaller number of IP addresses than machines can reduce the burden of whitelisting.

      有关详细信息,请参阅出站连接For more information, see outbound connections.

除这些基本功能以外,标准负载均衡器还提供其他特定于 SKU 的功能。Standard Load Balancer has additional SKU-specific capabilities beyond these fundamentals. 有关详细信息,请查看本文的余下部分。Review the remainder of this article for details.

负载均衡器 SKU 的比较Load Balancer SKU comparison

负载均衡器支持“基本”和“标准”SKU,两者的方案规模、功能和定价有差别。Load Balancer supports both Basic and Standard SKUs, each differing in scenario scale, features, and pricing. 使用基本负载均衡器可以实现的任何场景也可以通过标准负载均衡器来创建。Any scenario that's possible with Basic Load Balancer can be created with Standard Load Balancer as well. 事实上,这两个 SKU 的 API 类似,都可以通过 SKU 的规范来调用。In fact, the APIs for both SKUs are similar and invoked through the specification of a SKU. 从 2017-08-01 API 开始,提供了支持负载均衡器和公共 IP 的 SKU 的 API。The API for supporting SKUs for Load Balancer and the public IP is available starting with the 2017-08-01 API. 这两个 SKU 具有相同的常规 API 和结构。Both SKUs have the same general API and structure.

但是,根据所选的 SKU,完整的方案配置可能略有不同。However, depending on which SKU you choose, the complete scenario configuration might differ slightly. 如果某篇文章仅适用于特定的 SKU,负载均衡器文档中会做出相应的标识。Load Balancer documentation calls out when an article applies only to a specific SKU. 请参阅下表来比较和了解差别。To compare and understand the differences, see the following table. 有关详细信息,请参阅标准负载均衡器概述For more information, see Standard Load Balancer overview.


新设计应采用标准负载均衡器。New designs should adopt Standard Load Balancer.

独立 VM、可用性集和虚拟机规模集只能连接到一个 SKU,永远无法同时连接到两个 SKU。Standalone VMs, availability sets, and virtual machine scale sets can be connected to only one SKU, never both. 与公共 IP 地址配合使用时,负载均衡器和公共 IP 地址 SKU 必须匹配。When you use them with public IP addresses, both Load Balancer and the public IP address SKU must match. 负载均衡器和公共 IP SKU 不可变。Load Balancer and public IP SKUs are not mutable.

最佳做法是显式指定 SKU,尽管目前不强制要求这样做。It is a best practice to specify the SKUs explicitly, even though it is not yet mandatory. 目前,所需的更改保持在最低的限度。At this time, required changes are being kept to a minimum. 如果未指定 SKU,则认为有意使用基本 SKU 的 2017-08-01 API 版本。If a SKU is not specified, it is interpreted as an intention to use the 2017-08-01 API version of the Basic SKU.


标准负载均衡器是一款新的负载均衡器产品,在很大程度上是基本负载均衡器的超集。Standard Load Balancer is a new Load Balancer product and largely a superset of Basic Load Balancer. 这两款产品之间存在重要的且有意而为的差异。There are important and deliberate differences between the two products. 使用基本负载均衡器可以实现的任何端到端方案也可以通过标准负载均衡器来创建。Any end-to-end scenario that's possible with Basic Load Balancer can also be created with Standard Load Balancer. 如果你惯于使用基本负载均衡器,则应该也对标准负载均衡器很熟悉,能够理解两者之间的最新行为差异,以及这种差异造成的影响。If you're already used to Basic Load Balancer, you should familiarize yourself with Standard Load Balancer to understand the latest changes in behavior between Standard and Basic and their impact. 请认真阅读本部分。Review this section carefully.

标准 SKUStandard SKU 基本 SKUBasic SKU
后端池大小Backend pool size 最多支持 1000 个实例。Supports up to 1000 instances. 最多支持 100 个实例。Supports up to 100 instances.
后端池终结点Backend pool endpoints 单个虚拟网络中的任何虚拟机,包括虚拟机、可用性集和虚拟机规模集的混合。Any virtual machine in a single virtual network, including blend of virtual machines, availability sets, virtual machine scale sets. 单个可用性集或虚拟机规模集中的虚拟机。Virtual machines in a single availability set or virtual machine scale set.
运行状况探测停止行为Health probe down behavior TCP 连接在实例探测停止时以及在所有探测停止时保持活动状态。TCP connections stay alive on instance probe down and on all probes down. TCP 连接在实例探测停止时保持活动状态。TCP connections stay alive on instance probe down. 所有 TCP 连接在所有探测停止时都会终止。All TCP connections terminate on all probes are down.
可用性区域Availability Zones 在入站和出站的标准 SKU、区域冗余和区域前端中,出站流映射在发生区域故障后仍保留,并且跨区域进行负载均衡。In Standard SKU, zone-redundant and zonal frontends for inbound and outbound, outbound flows mappings survive zone failure, cross-zone load balancing. 不可用。Not available.
诊断Diagnostics Azure Monitor、多维度指标(包括字节和数据包计数器)、运行状况探测状态、连接尝试 (TCP SYN)、出站连接运行状况(SNAT 成功和失败流)、活动数据平面度量Azure Monitor, multi-dimensional metrics including byte and packet counters, health probe status, connection attempts (TCP SYN), outbound connection health (SNAT successful and failed flows), active data plane measurements 仅用于公共负载均衡器的 Azure Log Analytics、SNAT 耗尽警报、后端池运行状况计数。Azure Log Analytics for public Load Balancer only, SNAT exhaustion alert, backend pool health count.
HA 端口HA Ports Internal 负载均衡器(内部负载均衡器)Internal Load Balancer 不可用。Not available.
默认保护Secure by default 公共 IP、公共负载均衡器终结点、内部负载均衡器终结点会阻止入站流,除非入站流已由某个网络安全组列入允许列表。Public IP, public Load Balancer endpoints, internal Load Balancer endpoints are closed to inbound flows unless whitelisted by a network security group. 默认打开,网络安全组可选。Open by default, network security group optional.
出站连接Outbound connections 可以使用出站规则显式定义基于池的出站 NAT。You can explicitly define pool-based outbound NAT with outbound rules. 可以在每个负载均衡规则选择退出时使用多个前端。_必须_显式创建出站方案,虚拟机、可用性集、虚拟机规模集才能使用出站连接。You can use multiple frontends with per load balancing rule opt-out. An outbound scenario must be explicitly created for the virtual machine, availability set, virtual machine scale set to use outbound connectivity. 虚拟网络服务终结点无需定义出站连接便可访问,且不会计入已处理的数据。Virtual Network Service Endpoints can be reached without defining outbound connectivity and don't count towards data processed. 任何公共 IP 地址(包括不作为 VNet 服务终结点提供的 Azure PaaS 服务)必须通过出站连接才能访问,且计入处理的数据。Any public IP addresses, including Azure PaaS services not available as VNet Service Endpoints, must be reached via outbound connectivity and count towards data processed. 如果只有一个内部负载均衡器为虚拟机、可用性集或虚拟机规模集提供服务,则经由默认 SNAT 的出站连接将不可用,请改用出站规则When only an internal Load Balancer is serving a virtual machine, availability set, or virtual machine scale set, outbound connections via default SNAT aren't available; use outbound rules instead. 出站 SNAT 编程特定于传输协议,并以入站负载均衡规则的协议为基础。Outbound SNAT programming is transport protocol specific based on protocol of the inbound load balancing rule. 单个前端,存在多个前端时随机选择。Single frontend, selected at random when multiple frontends are present. 如果只有内部负载均衡器为虚拟机、可用性集或虚拟机规模集提供服务,则会使用默认 SNAT。When only internal Load Balancer is serving a virtual machine, availability set, or virtual machine scale set, default SNAT is used.
出站规则Outbound Rules 使用公共 IP 地址或公共 IP 前缀或以上两者、可配置出站空闲超时(4-120 分钟)或自定义 SNAT 端口分配的声明性出站 NAT 配置Declarative outbound NAT configuration, using public IP addresses or public IP prefixes or both, configurable outbound idle timeout (4-120 minutes), custom SNAT port allocation 不可用。Not available.
在空闲时重置 TCPTCP Reset on Idle 对任何规则启用空闲超时时重置 TCP (TCP RST)Enable TCP Reset (TCP RST) on Idle Timeout on any rule 不可用Not available
多个前端Multiple frontends 入站和出站Inbound and outbound 仅限入站Inbound only
管理操作Management Operations 大多数操作都小于 30 秒Most operations < 30 seconds 通常为 60 - 90 多秒。60-90+ seconds typical.
SLASLA 对拥有两个正常运行的虚拟机的数据路径为 99.99%。99.99% for data path with two healthy virtual machines. 不适用。Not applicable.
定价Pricing 基于规则数、与资源关联且经过入站和出站处理的数据量进行计费。Charged based on number of rules, data processed inbound and outbound associated with resource. 免费。No charge.

有关详细信息,请参阅负载均衡器的服务限制For more information, see service limits for Load Balancer. 对于标准负载均衡器,请参阅概述定价SLAFor Standard Load Balancer details, see overview, pricing, and SLA.


公共负载均衡器Public Load Balancer

公共负载均衡器将传入流量的公共 IP 地址和端口号映射到 VM 的专用 IP 地址和端口号,对于来自 VM 的响应流量,则进行反向的映射。A public Load Balancer maps the public IP address and port number of incoming traffic to the private IP address and port number of the VM, and vice versa for the response traffic from the VM. 应用负载均衡规则,可在多个 VM 或服务之间分配特定类型的流量。By applying load-balancing rules, you can distribute specific types of traffic across multiple VMs or services. 例如,可将 Web 请求流量负载分配到多个 Web 服务器。For example, you can spread the load of web request traffic across multiple web servers.

下图显示了公共端口和 TCP 端口 80 之间的 Web 流量的负载均衡终结点,该流量由三个 VM 共享。The following figure shows a load-balanced endpoint for web traffic that is shared among three VMs for the public and TCP port 80. 三个 VM 位于负载均衡集中。These three VMs are in a load-balanced set.


图:使用公共负载均衡器对 Web 流量进行负载均衡Figure: Load balancing web traffic by using a public Load Balancer

当 Internet 客户端将网页请求发送到 TCP 端口 80 上的 Web 应用的公共 IP 地址时,Azure 负载均衡器会在负载均衡集中的三个 VM 之间分配请求。When internet clients send webpage requests to the public IP address of a web app on TCP port 80, Azure Load Balancer distributes the requests across the three VMs in the load-balanced set. 有关负载均衡器算法的详细信息,请参阅本文的负载均衡器功能部分。For more information about Load Balancer algorithms, see the Load Balancer features section of this article.

默认情况下,Azure 负载均衡器在多个 VM 实例之间平均分发网络流量。By default, Azure Load Balancer distributes network traffic equally among multiple VM instances. 还可以配置会话关联。You can also configure session affinity. 有关详细信息,请参阅负载均衡器分配模式For more information, see Load Balancer distribution mode.

内部负载均衡器。Internal Load Balancer

内部负载均衡器仅将流量定向到虚拟网络中的资源,或定向到使用 VPN 访问 Azure 基础结构的资源。An internal Load Balancer directs traffic only to resources that are inside a virtual network or that use a VPN to access Azure infrastructure. 在此方面,内部负载均衡器不同于公共负载均衡器。In this respect, an internal Load Balancer differs from a public Load Balancer. Azure 基础结构会限制对虚拟网络的负载均衡前端 IP 地址的访问。Azure infrastructure restricts access to the load-balanced frontend IP addresses of a virtual network. 前端 IP 地址和虚拟网络不会直接在 Internet 终结点上公开。Frontend IP addresses and virtual networks are never directly exposed to an internet endpoint. 内部业务线应用程序可在 Azure 中运行,并可从 Azure 内或从本地资源访问这些应用程序。Internal line-of-business applications run in Azure and are accessed from within Azure or from on-premises resources.

内部负载均衡器支持以下类型的负载均衡:An internal Load Balancer enables the following types of load balancing:

  • 在虚拟网络中:从虚拟网络中的 VM 负载均衡到驻留在同一虚拟网络中的一组 VM。Within a virtual network: Load balancing from VMs in the virtual network to a set of VMs that reside within the same virtual network.
  • 对于跨界虚拟网络:从本地计算机负载均衡到驻留在同一虚拟网络中的一组 VM。For a cross-premises virtual network: Load balancing from on-premises computers to a set of VMs that reside within the same virtual network.
  • 对于多层应用程序:针对面向 Internet 的多层应用程序进行负载均衡,其中后端层不面向 Internet。For multi-tier applications: Load balancing for internet-facing multi-tier applications where the backend tiers are not internet-facing. 后端层需要针对面向 Internet 的层发出的流量进行负载均衡(参阅下图)。The backend tiers require traffic load-balancing from the internet-facing tier (see the next figure).
  • 对于业务线应用程序:使托管在 Azure 中的业务线应用程序实现负载均衡,而无需其他负载均衡器硬件或软件。For line-of-business applications: Load balancing for line-of-business applications that are hosted in Azure without additional load balancer hardware or software. 此方案将本地服务器包含在一组流量已实现负载均衡的计算机中。This scenario includes on-premises servers that are in the set of computers whose traffic is load-balanced.


图: 使用公共和内部负载均衡器对多层应用程序进行负载均衡Figure: Load balancing multi-tier applications by using both public and internal Load Balancer


使用标准负载均衡器是收费的。Standard Load Balancer usage is charged.

  • 已配置的负载均衡规则和出站规则的数量(入站 NAT 规则不计入规则总数)Number of configured load-balancing and outbound rules (inbound NAT rules do not count against the total number of rules)
  • 处理的入站和出站数据的数量,与规则无关。Amount of data processed inbound and outbound irrespective of rule.

有关标准负载均衡器的定价信息,请访问负载均衡器定价页。For Standard Load Balancer pricing information, go to the Load Balancer pricing page.

基本负载均衡器是免费提供的。Basic Load Balancer is offered at no charge.


有关标准负载均衡器 SLA 的信息,请访问负载均衡器 SLA 页。For information about the Standard Load Balancer SLA, go to the Load Balancer SLA page.


  • 负载均衡器属于 TCP 或 UDP 产品,用于对这些特定的 IP 协议进行负载均衡和端口转发。Load Balancer is a TCP or UDP product for load balancing and port forwarding for these specific IP protocols. 负载均衡规则和入站 NAT 规则支持 TCP 和 UDP,但不支持其他 IP 协议(包括 ICMP)。Load balancing rules and inbound NAT rules are supported for TCP and UDP and not supported for other IP protocols including ICMP. 负载均衡器不会终止、响应 UDP 或 TCP 流的有效负载,也不与之交互。Load Balancer does not terminate, respond, or otherwise interact with the payload of a UDP or TCP flow. 它不是一个代理。It is not a proxy. 必须使用负载均衡或入站 NAT 规则(TCP 或 UDP)中所用的同一协议在带内成功验证与前端的连接,并且必须至少有一个虚拟机为客户端生成了响应,这样才能看到前端发出的响应 。Successful validation of connectivity to a frontend must take place in-band with the same protocol used in a load balancing or inbound NAT rule (TCP or UDP) and at least one of your virtual machines must generate a response for a client to see a response from a frontend. 未从前端负载均衡器收到带内响应即表明没有任何虚拟机能够做出响应。Not receiving an in-band response from the Load Balancer frontend indicates no virtual machines were able to respond. 在虚拟机都不能做出响应的情况下,无法与负载均衡器前端交互。It is not possible to interact with a Load Balancer frontend without a virtual machine able to respond. 这一点也适用于出站连接,其中的端口伪装 SNAT 仅支持 TCP 和 UDP;其他任何 IP 协议(包括 ICMP)也会失败。This also applies to outbound connections where port masquerade SNAT is only supported for TCP and UDP; any other IP protocols including ICMP will also fail. 分配实例级公共 IP 地址即可缓解问题。Assign an instance-level Public IP address to mitigate.
  • 公共负载均衡器在将虚拟网络中的专用 IP 地址转换为公共 IP 地址时提供出站连接,而内部负载均衡器则与此不同,它不会将出站发起连接转换为内部负载均衡器的前端,因为两者都位于专用 IP 地址空间中。Unlike public Load Balancers which provide outbound connections when transitioning from private IP addresses inside the virtual network to public IP addresses, internal Load Balancers do not translate outbound originated connections to the frontend of an internal Load Balancer as both are in private IP address space. 这可以避免不需要转换的唯一内部 IP 地址空间内发生 SNAT 端口耗尽。This avoids potential for SNAT port exhaustion inside unique internal IP address space where translation is not required. 负面影响是,如果来自后端池中 VM 的出站流尝试流向其所在池中的内部负载均衡器前端,并映射回到自身,则这两个流的分支不会匹配,并且该流将会失败 。The side effect is that if an outbound flow from a VM in the backend pool attempts a flow to frontend of the internal Load Balancer in which pool it resides and is mapped back to itself, both legs of the flow don't match and the flow will fail. 如果该流未映射回到后端池中的同一 VM(在前端中创建了流的 VM),则该流将会成功。If the flow did not map back to the same VM in the backend pool which created the flow to the frontend, the flow will succeed. 如果流映射回到自身,则出站流显示为源自 VM 并发往前端,并且相应的入站流显示为源自 VM 并发往自身。When the flow maps back to itself the outbound flow appears to originate from the VM to the frontend and the corresponding inbound flow appears to originate from the VM to itself. 从来宾 OS 的角度看,同一流的入站和出站部分在虚拟机内部不匹配。From the guest OS's point of view, the inbound and outbound parts of the same flow don't match inside the virtual machine. TCP 堆栈不会将同一流的这两半看作是同一流的组成部分,因为源和目标不匹配。The TCP stack will not recognize these halves of the same flow as being part of the same flow as the source and destination don't match. 当流映射到后端池中的任何其他 VM 时,流的两半将会匹配,且 VM 可以成功响应流。When the flow maps to any other VM in the backend pool, the halves of the flow will match and the VM can successfully respond to the flow. 此方案的缺点在于,当流返回到发起该流的同一后端时将出现间歇性的连接超时。The symptom for this scenario is intermittent connection timeouts when the flow returns to the same backend which originated the flow. 可通过几种常用解决方法来可靠地实现此方案(从后端池发起流,并将其传送到后端池的相应内部负载均衡器前端),包括在内部负载均衡器后方插入代理层,或使用 DSR 式规则There are several common workarounds for reliably achieving this scenario (originating flows from a backend pool to the backend pools respective internal Load Balancer frontend) which include either insertion of a proxy layer behind the internal Load Balancer or using DSR style rules. 客户可将内部负载均衡器与任何第三方代理相结合,或使用内部应用程序网关替代限制为 HTTP/HTTPS 的代理方案。Customers can combine an internal Load Balancer with any 3rd party proxy or substitute internal Application Gateway for proxy scenarios limited to HTTP/HTTPS. 尽管可以使用公共负载均衡器来缓解问题,但最终的方案很容易导致 SNAT 耗尽,除非有精心的管理,否则应避免这种做法。While you could use a public Load Balancer to mitigate, the resulting scenario is prone to SNAT exhaustion and should be avoided unless carefully managed.
  • 通常,负载均衡规则不支持转发 IP 片段或对 UDP 和 TCP 数据包执行 IP 分段。In general, forwarding IP fragments or performing IP fragmentation of UDP and TCP packets are not supported on load balancing rules. HA 端口负载均衡规则是此一般声明的例外,可用于转发现有 IP 片段。HA Ports load balancing rules are an exception to this general statement and can be used to forward existing IP fragments.

后续步骤Next steps

现在,我们已大致了解了 Azure 负载均衡器。You now have an overview of Azure Load Balancer. 若要开始使用负载均衡器,请创建一个负载均衡器,在安装自定义 IIS 扩展的情况下创建 VM,然后对 VM 之间的 Web 应用进行负载均衡。To get started with using a Load Balancer, create one, create VMs with a custom IIS extension installed, and load-balance the web app between the VMs. 若要了解操作方法,请参阅创建基本负载均衡器快速入门。To learn how, see the Create a Basic Load Balancer quickstart.