您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

Azure 网络Azure networking

Azure 提供可以结合使用或单独使用的各种网络功能。Azure provides a variety of networking capabilities that can be used together or separately. 请单击以下任一重要功能了解更多相关信息:Click any of the following key capabilities to learn more about them:

  • Azure 资源之间的连接性:在云中的安全专用虚拟网络内将 Azure 资源连接在一起。Connectivity between Azure resources: Connect Azure resources together in a secure, private virtual network in the cloud.
  • Internet 连接性:通过 Internet 与 Azure 资源相互通信。Internet connectivity: Communicate to and from Azure resources over the Internet.
  • 本地连接性:在 Internet 上通过虚拟专用网络 (VPN) 或者通过与 Azure 相连的专用连接将本地网络连接到 Azure 资源。On-premises connectivity: Connect an on-premises network to Azure resources through a virtual private network (VPN) over the Internet, or through a dedicated connection to Azure.
  • 负载均衡和流量方向:对发往同一位置中的服务器的流量进行负载均衡,并将流量定向到不同位置中的服务器。Load balancing and traffic direction: Load balance traffic to servers in the same location and direct traffic to servers in different locations.
  • 安全性:筛选网络子网或单个虚拟机 (VM) 之间的网络流量。Security: Filter network traffic between network subnets or individual virtual machines (VM).
  • 路由:使用默认路由,或者 Azure 与本地资源之间完全控制的路由。Routing: Use default routing or fully control routing between your Azure and on-premises resources.
  • 可管理性:监视和管理 Azure 网络资源。Manageability: Monitor and manage your Azure networking resources.
  • 部署和配置工具:使用基于 Web 的门户或跨平台命令行工具来部署和配置网络资源。Deployment and configuration tools: Use a web-based portal or cross-platform command-line tools to deploy and configure network resources.

Azure 资源之间的连接Connectivity between Azure resources

虚拟机、云服务、虚拟机规模集和 Azure 应用服务环境等 Azure 资源可以通过 Azure 虚拟网络 (VNet) 进行私密通信。Azure resources such as Virtual Machines, Cloud Services, Virtual Machines Scale Sets, and Azure App Service Environments can communicate privately with each other through an Azure Virtual Network (VNet). VNet 是对专用于订阅的 Azure 云进行的逻辑隔离。A VNet is a logical isolation of the Azure cloud dedicated to your subscription. 可在每个 Azure 订阅和 Azure 区域中实现多个 VNet。You can implement multiple VNets within each Azure subscription and Azure region. 每个 VNet 与其他 VNet 隔离。Each VNet is isolated from other VNets. 对于每个 VNet,可执行以下操作:For each VNet you can:

  • 使用公共和专用 (RFC 1918) 地址指定自定义专用 IP 地址空间。Specify a custom private IP address space using public and private (RFC 1918) addresses. Azure 从分配的地址空间中向连接到 VNet 的资源分配一个专用 IP 地址。Azure assigns resources connected to the VNet a private IP address from the address space you assign.
  • 将 VNet 细分为一个或多个子网,并向每个子网分配一部分 VNet 地址空间。Segment the VNet into one or more subnets and allocate a portion of the VNet address space to each subnet.
  • 使用 Azure 提供的名称解析或指定自己的 DNS 服务器以供连接到 VNet 的资源使用。Use Azure-provided name resolution or specify your own DNS server for use by resources connected to a VNet.

若要了解有关 Azure 虚拟网络服务的详细信息,请参阅虚拟网络概述一文。To learn more about the Azure Virtual Network service, read the Virtual network overview article. VNet 之间可相互连接,因此,连接到任意一个 VNet 的资源都可与 VNet 之间的每个资源进行通信。You can connect VNets to each other, enabling resources connected to either VNet to communicate with each other across VNets. 可使用以下两个中任意一个选项或使用这两个选项相互连接 VNet:You can use either or both of the following options to connect VNets to each other:

  • 对等互连: 使连接到相同 Azure 区域中不同 Azure VNet 的资源可相互通信。Peering: Enables resources connected to different Azure VNets within the same Azure region to communicate with each other. 如果资源连接到同一 VNet,则 VNet 之间的带宽和延迟相同。The bandwidth and latency across the VNets is the same as if the resources were connected to the same VNet. 若要了解有关对等互连的详细信息,请参阅虚拟网络对等互连概述一文。To learn more about peering, read the Virtual network peering overview article.
  • VPN 网关: 使连接到不同 Azure 区域中不同 Azure VNet 的资源可相互通信。VPN Gateway: Enables resources connected to different Azure VNets within different Azure regions to communicate with each other. VNet 之间的流量通过 Azure VPN 网关流动。Traffic between VNets flows through an Azure VPN Gateway. VNet 之间的带宽限制为网关的带宽。Bandwidth between VNets is limited to the bandwidth of the gateway. 若要详细了解如何将 VNet 连接到 VPN 网关,请参阅配置跨区域的 VNet 到 VNet 连接一文。To learn more about connecting VNets with a VPN Gateway, read the Configure a VNet-to-VNet connection across regions article.

Internet 连接Internet connectivity

默认情况下,连接到 VNet 的所有 Azure 资源都具有 Internet 出站连接。All Azure resources connected to a VNet have outbound connectivity to the Internet by default. 资源的专用 IP 地址是由 Azure 基础结构转换到公共 IP 地址中的源网络地址 (SNAT)。The private IP address of the resource is source network address translated (SNAT) to a public IP address by the Azure infrastructure. 若要了解出站网络连接的详细信息,请阅读了解 Azure 中的出站连接一文。To learn more about outbound Internet connectivity, read the Understanding outbound connections in Azure article.

若要从 Internet 入站通信到 Azure 资源或出站通信到不具 SNAT 的 Internet,则必须向资源分配一个公共 IP 地址。To communicate inbound to Azure resources from the Internet, or to communicate outbound to the Internet without SNAT, a resource must be assigned a public IP address. 若要详细了解公共 IP 地址,请阅读 公共 IP 地址一文。To learn more about public IP addresses, read the Public IP addresses article.

本地连接On-premises connectivity

可以通过 VPN 连接或直接专用连接安全访问 VNet 中的资源。You can access resources in your VNet securely over either a VPN connection, or a direct private connection. 若要在 Azure 虚拟网络与本地网络之间发送网络流量,必须创建虚拟网络网关。To send network traffic between your Azure virtual network and your on-premises network, you must create a virtual network gateway. 需配置网关的设置,以创建所需的连接类型:VPN 或 ExpressRoute。You configure settings for the gateway to create the type of connection that you want, either VPN or ExpressRoute.

可组合使用以下任何选项将本地网络连接到 VNet:You can connect your on-premises network to a VNet using any combination of the following options:

点到站点(基于 SSTP 的 VPN)Point-to-site (VPN over SSTP)

下图显示了多台计算机与一个 VNet 之间的独立点到站点连接:The following picture shows separate point to site connections between multiple computers and a VNet:

点到站点

此连接是在一台计算机与一个 VNet 之间建立的。This connection is established between a single computer and a VNet. 这种连接类型适用于刚开始使用 Azure 的人员或开发人员,因为该连接类型仅需对现有网络作出极少更改或不做任何更改。This connection type is great if you're just getting started with Azure, or for developers, because it requires little or no changes to your existing network. 此连接类型还可方便你从远程位置(例如会议室或家中)建立连接。It's also convenient when you are connecting from a remote location such as a conference or home. 点到站点连接通常通过相同的虚拟网络网关与站点到站点连接结合使用。Point-to-site connections are often coupled with a site-to-site connection through the same virtual network gateway. 此连接使用 SSTP 协议在计算机与 VNet 之间通过 Internet 提供加密通信。The connection uses the SSTP protocol to provide encrypted communication over the Internet between the computer and the VNet. 由于流量遍历 Internet,因此点到站点 VPN 的延迟不可预测。The latency for a point-to-site VPN is unpredictable, since the traffic traverses the Internet.

站点到站点(IPsec/IKE VPN 隧道)Site-to-site (IPsec/IKE VPN tunnel)

站点到站点

此连接是在本地 VPN 设备与 Azure VPN 网关之间建立的。This connection is established between your on-premises VPN device and an Azure VPN Gateway. 此连接类型可使授权的任何本地资源访问 VNet。This connection type enables any on-premises resource that you authorize to access the VNet. 此连接是一个 IPSec/IKE VPN,该 VPN 通过 Internet 在本地设备和 Azure VPN 网关之间提供加密通信。The connection is an IPSec/IKE VPN that provides encrypted communication over the Internet between your on-premises device and the Azure VPN gateway. 可将多个本地站点连接到同一个 VPN 网关。You can connect multiple on-premises sites to the same VPN gateway. 每个站点上的本地 VPN 设备必须具有一个面向外部的且不在 NAT 后面的公共 IP 地址。The on-premises VPN device at each site must have an externally-facing public IP address that is not behind a NAT. 由于流量遍历 Internet,因此站点到站点连接的延迟不可预测。The latency for a site-to-site connection is unpredictable, since the traffic traverses the Internet.

ExpressRoute(专用连接)ExpressRoute (dedicated private connection)

ExpressRoute

此类连接是通过 ExpressRoute 合作伙伴在网络与 Azure 之间建立的。This type of connection is established between your network and Azure, through an ExpressRoute partner. 此连接是专用连接。This connection is private. 流量不会遍历 Internet。Traffic does not traverse the Internet. 由于流量未遍历 Internet,因此 ExpressRoute 连接的延迟可预测。The latency for an ExpressRoute connection is predictable, since traffic doesn't traverse the Internet. ExpressRoute 可与站点到站点连接结合使用。ExpressRoute can be combined with a site-to-site connection.

若要了解有关所有以前连接选项的详细信息,请阅读连接拓扑图一文。To learn more about all the previous connection options, read the Connection topology diagrams article.

负载均衡和流量方向Load balancing and traffic direction

Microsoft Azure 提供了多种服务,以便可以管理网络流量的分布和负载均衡方式。Microsoft Azure provides multiple services for managing how network traffic is distributed and load balanced. 可以单独或者结合使用以下任何功能:You can use any of the following capabilities separately or together:

DNS 负载均衡DNS load balancing

Azure 流量管理器服务提供全局 DNS 负载均衡。The Azure Traffic Manager service provides global DNS load balancing. 流量管理器根据以下路由方法之一,使用正常终结点的 IP 地址响应客户端:Traffic Manager responds to clients with the IP address of a healthy endpoint, based on one of the following routing methods:

  • 地理: 根据客户端 DNS 查询的来源地理位置将客户端定向到特定的终结点(Azure、外部或嵌套)。Geographic: Clients are directed to specific endpoints (Azure, external or nested) based on which geographic location their DNS query originates from. 对于必须知道客户端的地理区域并基于该地理区域路由流量的方案,可以使用此方法。This method enables scenarios where knowing a client's geographic region, and routing them based on it, is important. 示例包括遵守数据所有权要求、内容本地化和用户体验,以及测量来自不同区域的流量。Examples include complying with data sovereignty mandates, localization of content & user experience, and measuring traffic from different regions.
  • 性能: 返回给客户端的 IP 地址“最靠近”客户端。Performance: The IP address returned to the client is the "closest" to the client. “最靠近”的终结点不一定是地理距离最近的终结点。The 'closest' endpoint is not necessarily closest as measured by geographic distance. 此方法通过测量网络延迟来确定最靠近的终结点。Instead, this method determines the closest endpoint by measuring network latency. 流量管理器维护一份 Internet 延迟表,用于跟踪 IP 地址范围与每个 Azure 数据中心之间的往返时间。Traffic Manager maintains an Internet latency table to track the round-trip time between IP address ranges and each Azure datacenter.
  • 优先级: 流量定向到主(最高优先级)终结点。Priority: Traffic is directed to the primary (highest-priority) endpoint. 如果主终结点不可用,流量管理器会将流量路由到第二个终结点。If the primary endpoint is not available, Traffic Manager routes the traffic to the second endpoint. 如果主终结点和辅助终结点都不可用,流量将转到第三个终结点,依此类推。If both the primary and secondary endpoints are not available, the traffic goes to the third, and so on. 终结点的可用性取决于配置的状态(已启用或已禁用)和正在进行的终结点监视。Availability of the endpoint is based on the configured status (enabled or disabled) and the ongoing endpoint monitoring.
  • 加权轮循机制: 对于每个请求,流量管理器会随机选择一个可用的终结点。Weighted round-robin: For each request, Traffic Manager randomly chooses an available endpoint. 选择哪个终结点取决于分配到所有可用终结点的权重。The probability of choosing an endpoint is based on the weights assigned to all available endpoints. 对所有终结点使用相同的权重会导致均匀分布流量。Using the same weight across all endpoints results in an even traffic distribution. 对特定的终结点使用较高或较低的权重会导致这些终结点在 DNS 响应中的返回次数较多或较少。Using higher or lower weights on specific endpoints causes those endpoints to be returned more or less frequently in the DNS responses.

下图显示了如何将针对 Web 应用程序的请求定向到 Web 应用终结点。The following picture shows a request for a web application directed to a Web App endpoint. 终结点也可以是其他 Azure 服务,例如 VM 和云服务。Endpoints can also be other Azure services such as VMs and Cloud Services.

流量管理器

客户端直接连接到该终结点。The client connects directly to that endpoint. 当某个终结点运行不正常时,Azure 流量管理器可检测到这种状态,并将客户端重定向到其他正常的终结点。Azure Traffic Manager detects when an endpoint is unhealthy and then redirects clients to a different, healthy endpoint. 若要了解有关流量管理器的详细信息,请参阅 Azure 流量管理器概述一文。To learn more about Traffic Manager, read the Azure Traffic Manager overview article.

应用程序负载均衡Application load balancing

Azure 应用程序网关服务以服务形式提供应用程序传送控制器 (ADC)。The Azure Application Gateway service provides application delivery controller (ADC) as a service. 应用程序网关为应用程序提供各种第 7 层 (HTTP/HTTPS) 负载均衡功能,包括 Web 应用程序防火墙(用于保护 Web 应用程序,使其免受漏洞和攻击的影响)。Application Gateway offers various Layer 7 (HTTP/HTTPS) load-balancing capabilities for your applications, including a web application firewall to protect your web applications from vulnerabilities and exploits. 使用应用程序网关还可通过将 CPU 密集型 SSL 终端的负载卸载到应用程序网关来优化 Web 场的工作效率。Application Gateway also allows you to optimize web farm productivity by offloading CPU-intensive SSL termination to the application gateway.

其他第 7 层路由功能包括传入流量的轮循机制分布、基于 Cookie 的会话相关性、基于 URL 路径的路由,以及在单个应用程序网关后托管多个网站的功能。Other Layer 7 routing capabilities include round-robin distribution of incoming traffic, cookie-based session affinity, URL path-based routing, and the ability to host multiple websites behind a single application gateway. 可以将应用程序网关配置为面向 Internet 的网关、仅限内部访问的网关或二者合一的网关。Application Gateway can be configured as an Internet-facing gateway, an internal-only gateway, or a combination of both. 应用程序网关完全受 Azure 管理,可缩放且高度可用。Application Gateway is fully Azure managed, scalable, and highly available. 它提供丰富的诊断和日志记录功能以改进可管理性。It provides a rich set of diagnostics and logging capabilities for better manageability. 若要了解有关应用程序网关的详细信息,请参阅应用程序网关概述一文。To learn more about Application Gateway, read the Application Gateway overview article.

下图显示了使用应用程序网关的基于 URL 路径的路由:The following picture shows URL path-based routing with Application Gateway:

应用程序网关

网络负载均衡Network load balancing

Azure 负载均衡器为所有 UDP 和 TCP 协议提供高性能、低延迟的第 4 层负载均衡。The Azure Load Balancer provides high-performance, low-latency Layer 4 load-balancing for all UDP and TCP protocols. 它管理入站和出站连接。It manages inbound and outbound connections. 可以配置公共和内部负载均衡终结点。You can configure public and internal load-balanced endpoints. 可以定义规则,以便将入站连接映射到后端池目标,并在其中包含 TCP 和 HTTP 运行状况探测选项来管理服务的可用性。You can define rules to map inbound connections to back-end pool destinations by using TCP and HTTP health-probing options to manage service availability. 若要了解有关负载均衡器的详细信息,请参阅负载均衡器概述一文。To learn more about Load Balancer, read the Load Balancer overview article.

下图显示了利用外部和内部负载均衡器的面向 Internet 的多层应用程序:The following picture shows an Internet-facing multi-tier application that utilizes both external and internal load balancers:

负载均衡

安全性Security

可使用以下选项筛选传入和传出 Azure 资源的流量:You can filter traffic to and from Azure resources using the following options:

  • 网络: 可以实现 Azure 网络安全组 (NSG) 来筛选 Azure 资源的入站和出站流量。Network: You can implement Azure network security groups (NSGs) to filter inbound and outbound traffic to Azure resources. 每个 NSG 包含一个或多个入站和出站规则。Each NSG contains one or more inbound and outbound rules. 每个规则指定用于筛选流量的源 IP 地址、目标 IP 地址、端口和协议。Each rule specifies the source IP addresses, destination IP addresses, port, and protocol that traffic is filtered with. 可将 NSG 应用到单个子网和单个 VM。NSGs can be applied to individual subnets and individual VMs. 有关 NSG 的详细信息,请参阅网络安全组概述一文。To learn more about NSGs, read the Network security groups overview article.
  • 应用程序: 将应用程序网关与 Web 应用程序防火墙结合使用可以保护 Web 应用程序,使其免受漏洞和攻击的影响。Application: By using an Application Gateway with web application firewall you can protect your web applications from vulnerabilities and exploits. 常见的示例包括 SQL 注入攻击、跨站点脚本和格式不当的标头。Common examples are SQL injection attacks, cross site scripting, and malformed headers. 应用程序网关可筛选掉这些流量,并阻止其传入 Web 服务器。Application gateway filters out this traffic and stops it from reaching your web servers. 可以配置想要启用的规则。You are able to configure what rules you want enabled. 还可以配置 SSL 协商策略,以便能够禁用某些策略。The ability to configure SSL negotiation policies is provided to allow certain policies to be disabled. 若要详细了解 Web 应用程序防火墙,请参阅 Web 应用程序防火墙一文。To learn more about the web application firewall, read the Web application firewall article.

如果 Azure 无法提供所需的网络功能,或者你要使用本地使用的网络应用程序,可以在 VM 中实施产品并将其连接到 VNet。If you need network capability Azure doesn't provide, or want to use network applications you use on-premises, you can implement the products in VMs and connect them to your VNet. Azure 市场包含许多不同的 VM,其中已预配置了你当前使用的网络应用程序。The Azure Marketplace contains several different VMs pre-configured with network applications you may currently use. 这些预配置的 VM 通常称为网络虚拟设备 (NVA)。These pre-configured VMs are typically referred to as network virtual appliances (NVA). NVA 可用于防火墙等应用程序以及 WAN 优化。NVAs are available with applications such as firewall and WAN optimization.

路由Routing

Azure 创建默认的路由表,使用这些路由表可让连接到 VNet 中任何子网的资源相互通信。Azure creates default route tables that enable resources connected to any subnet in any VNet to communicate with each other. 可使用以下一种或两种类型的路由来替代 Azure 创建的默认路由:You can implement either or both of the following types of routes to override the default routes Azure creates:

  • 用户定义: 可创建自定义路由表,其中包含可对每个子网控制流量路由到位置的路由。User-defined: You can create custom route tables with routes that control where traffic is routed to for each subnet. 若要详细了解用户定义的路由,请阅读用户定义的路由一文。To learn more about user-defined routes, read the User-defined routes article.
  • 边界网关协议 (BGP): 如果使用 Azure VPN 网关或 ExpressRoute 连接将 VNet 连接到本地网络,则可将 BGP 路由传播到 VNet。Border gateway protocol (BGP): If you connect your VNet to your on-premises network using an Azure VPN Gateway or ExpressRoute connection, you can propagate BGP routes to your VNets. BGP 是通常在 Internet 上使用的,用于在两个或更多网络之间交换路由和可访问性信息的标准路由协议。BGP is the standard routing protocol commonly used in the Internet to exchange routing and reachability information between two or more networks. 在 Azure 虚拟网络的上下文中使用时,BGP 允许 Azure VPN 网关和本地 VPN 设备(称为 BGP 对等节点或邻居)交换“路由”,这些路由将通知这两个网关这些前缀的可用性和可访问性,以便这些前缀可通过涉及的网关或路由器。When used in the context of Azure Virtual Networks, BGP enables the Azure VPN Gateways and your on-premises VPN devices, called BGP peers or neighbors, to exchange "routes" that inform both gateways on the availability and reachability for those prefixes to go through the gateways or routers involved. BGP 还可以通过将 BGP 网关从一个 BGP 对等节点获知的路由传播到所有其他 BGP 对等节点来允许在多个网络之间传输路由。BGP can also enable transit routing among multiple networks by propagating routes a BGP gateway learns from one BGP peer to all other BGP peers. 若要了解有关 BGP 的详细信息,请参阅使用 Azure VPN 网关的 BGP 概述一文。To learn more about BGP, see the BGP with Azure VPN Gateways overview article.

可管理性Manageability

Azure 提供以下工具用于监视和管理网络:Azure provides the following tools to monitor and manage networking:

  • 活动日志: 所有 Azure 资源都会生成活动日志,其中提供有关执行的操作、操作状态以及操作发起者的信息。Activity logs: All Azure resources have activity logs which provide information about operations taken place, status of operations and who initiated the operation. 若要详细了解活动日志,请参阅活动日志概述一文。To learn more about activity logs, read the Activity logs overview article.
  • 诊断日志: 定期和自发性事件由网络资源创建和记录在 Azure 存储帐户,发送到 Azure 事件中心,或者发送到 Azure Monitor 日志中。Diagnostic logs: Periodic and spontaneous events are created by network resources and logged in Azure storage accounts, sent to an Azure Event Hub, or sent to Azure Monitor logs. 诊断日志提供资源运行状况的见解。Diagnostic logs provide insight to the health of a resource. 诊断日志是针对负载均衡器(面向 Internet)、网络安全组、路由和应用程序网关提供的。Diagnostic logs are provided for Load Balancer (Internet-facing), Network Security Groups, routes, and Application Gateway. 若要详细了解诊断日志,请参阅诊断日志概述一文。To learn more about diagnostic logs, read the Diagnostic logs overview article.
  • 指标: 指标是在一段时间内从资源收集的性能度量值与计数器。Metrics: Metrics are performance measurements and counters collected over a period of time on resources. 使用指标可以基于阈值触发警报。Metrics can be used to trigger alerts based on thresholds. 指标目前适用于应用程序网关。Currently metrics are available on Application Gateway. 若要详细了解指标,请参阅指标概述一文。To learn more about metrics, read the Metrics overview article.
  • 故障排除: 可直接在 Azure 门户中访问故障排除信息。Troubleshooting: Troubleshooting information is accessible directly in the Azure portal. 这些信息可帮助诊断 ExpressRoute、VPN 网关、应用程序网关、网络安全日志、路由、DNS、负载均衡器和流量管理器的常见问题。The information helps diagnose common problems with ExpressRoute, VPN Gateway, Application Gateway, Network Security Logs, Routes, DNS, Load Balancer, and Traffic Manager.
  • 基于角色的访问控制 (RBAC): 控制谁可以使用基于角色的访问控制 (RBAC) 创建和管理网络资源。Role-based access control (RBAC): Control who can create and manage networking resources with role-based access control (RBAC). 请参阅 RBAC 入门一文,了解有关 RBAC 的详细信息。Learn more about RBAC by reading the Get started with RBAC article.
  • 数据包捕获: 使用 Azure 网络观察程序服务可以通过 VM 中的某个扩展在 VM 上运行数据包捕获。Packet capture: The Azure Network Watcher service provides the ability to run a packet capture on a VM through an extension within the VM. 此功能适用于 Linux 和 Windows VM。This capability is available for Linux and Windows VMs. 若要详细了解数据包捕获,请参阅数据包捕获概述一文。To learn more about packet capture, read the Packet capture overview article.
  • 验证 IP 流: 使用网络观察程序可以验证 Azure VM 与远程资源之间的 IP 流,以确定是允许还是拒绝了数据包。Verify IP flows: Network Watcher allows you to verify IP flows between an Azure VM and a remote resource to determine whether packets are allowed or denied. 此功能可让管理员快速诊断连接问题。This capability provides administrators the ability to quickly diagnose connectivity issues. 若要详细了解如何验证 IP 流,请参阅“IP 流验证”概述一文。To learn more about how to verify IP flows, read the IP flow verify overview article.
  • 排查 VPN 连接性问题: 使用网络观察程序的 VPN 故障排除功能可以查询连接或网关,并验证资源的运行状况。Troubleshoot VPN connectivity: The VPN troubleshooter capability of Network Watcher provides the ability to query a connection or gateway and verify the health of the resources. 若要详细了解如何排查 VPN 连接问题,请参阅 VPN 连接故障排除概述一文。To learn more about troubleshooting VPN connections, read the VPN connectivity troubleshooting overview article.
  • 查看网络拓扑: 使用网络观察程序查看 VNet 中网络资源的图形表示形式。View network topology: View a graphical representation of the network resources in a VNet with Network Watcher. 若要详细了解如何查看网络拓扑,请参阅拓扑概述一文。To learn more about viewing network topology, read the Topology overview article.

部署和配置工具Deployment and configuration tools

可使用以下任何工具来部署和配置 Azure 网络资源:You can deploy and configure Azure networking resources with any of the following tools:

  • Azure 门户: 在浏览器中运行的图形用户界面。Azure portal: A graphical user interface that runs in a browser. 打开 Azure 门户Open the Azure portal.
  • Azure PowerShell: 用于在 Windows 计算机上管理 Azure 的命令行工具。Azure PowerShell: Command-line tools for managing Azure from Windows computers. 请阅读 Azure PowerShell 概述一文,了解有关 Azure PowerShell 的详细信息。Learn more about Azure PowerShell by reading the Azure PowerShell overview article.
  • Azure 命令行界面 (CLI): 用于在 Linux、macOS 或 Windows 计算机上管理 Azure 的命令行工具。Azure command-line interface (CLI): Command-line tools for managing Azure from Linux, macOS, or Windows computers. 请阅读 Azure CLI 概述一文,了解有关 Azure CLI 的详细信息。Learn more about the Azure CLI by reading the Azure CLI overview article.
  • Azure 资源管理器模板: 用于定义 Azure 解决方案的基础结构和配置的文件(采用 JSON 格式)。Azure Resource Manager templates: A file (in JSON format) that defines the infrastructure and configuration of an Azure solution. 使用模板,可以在解决方案的整个生命周期内重复部署该解决方案,确保以一致的状态部署资源。By using a template, you can repeatedly deploy your solution throughout its lifecycle and have confidence your resources are deployed in a consistent state. 若要详细了解如何创作模板,请参阅有关创作模板的最佳做法一文。To learn more about authoring templates, read the Best practices for creating templates article. 可以使用 Azure 门户、CLI 或 PowerShell 部署模板。Templates can be deployed with the Azure portal, CLI, or PowerShell. 若要立即开始使用模板,请部署 Azure 快速启动模板库中预配置的众多模板之一。To get started with templates right away, deploy one of the many pre-configured templates in the Azure Quickstart Templates library.

定价Pricing

有些 Azure 网络服务是收费的,而有些则是免费的。Some of the Azure networking services have a charge, while others are free. 有关详细信息,请查看虚拟网络VPN 网关应用程序网关负载均衡器网络观察程序DNS流量管理器ExpressRoute 定价页。View the Virtual network, VPN Gateway, Application Gateway, Load Balancer, Network Watcher, DNS, Traffic Manager and ExpressRoute pricing pages for more information.

后续步骤Next steps