您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

网络资源提供程序Network Resource Provider

在当今社会要想获得业务成功,需要满足的一个基本需求就是,能够以灵活、弹性、安全且可重复的方式构建和管理可识别大型网络的应用程序。An underpinning need in today’s business success, is the ability to build and manage large scale network aware applications in an agile, flexible, secure and repeatable way. 使用 Azure Resource Manager 可以创建此类应用程序,作为资源组中的单个资源集合。Azure Resource Manager enables you to create such applications, as a single collection of resources in resource groups. 通过 Resource Manager 下的各种资源提供程序管理此类资源。Such resources are managed through various resource providers under Resource Manager.

Azure Resource Manager 依靠不同的资源提供程序提供对资源的访问。Azure Resource Manager relies on different resource providers to provide access to your resources. 主要有三个资源提供程序:网络、存储和计算。There are three main resource providers: Network, Storage and Compute. 本文档讨论网络资源提供程序的特点和优点,包括:This document discusses the characteristics and benefits of the Network Resource Provider, including:

  • 元数据 – 可以使用标记将信息添加到资源。Metadata – you can add information to resources using tags. 可以使用这些标记跟踪各资源组和订阅的资源利用率。These tags can be used to track resource utilization across resource groups and subscriptions.
  • 更好地控制网络 - 网络资源松散耦合,可以更精细地控制它们。Greater control of your network - network resources are loosely coupled and you can control them in a more granular fashion. 这意味着,在管理网络资源方面拥有更大的弹性。This means you have more flexibility in managing the networking resources.
  • 更快的配置 - 因为网络资源松散耦合,可以并行创建和协调网络资源。Faster configuration - because network resources are loosely coupled, you can create and orchestrate network resources in parallel. 这极大地减少了配置时间。This has drastically reduced configuration time.
  • 基于角色的访问控制 - RBAC 提供了具有特定安全作用域的默认角色,此外,还允许创建自定义角色进行安全管理。Role Based Access Control - RBAC provides default roles, with specific security scope, in addition to allowing the creation of custom roles for secure management.
  • 简化管理和部署 - 由于可以将整个应用程序堆栈创建为资源组中的单个资源集合,因此可以更轻松地部署和管理应用程序。Easier management and deployment - it’s easier to deploy and manage applications since you can can create an entire application stack as a single collection of resources in a resource group. 此外,由于只需提供模板 JSON 负载就能部署,因此加快了部署速度。And faster to deploy, since you can deploy by simply providing a template JSON payload.
  • 快速自定义 - 可以使用声明式模板为部署启用可重复的快速自定义。Rapid customization - you can use declarative-style templates to enable repeatable and rapid customization of deployments.
  • 可重复自定义 - 可以使用声明式模板为部署启用可重复的快速自定义。Repeatable customization - you can use declarative-style templates to enable repeatable and rapid customization of deployments.
  • 管理界面 - 可以任意使用以下一个界面来管理资源:Management interfaces - you can use any of the following interfaces to manage your resources:
    • 基于 REST 的 APIREST based API
    • PowerShellPowerShell
    • .NET SDK.NET SDK
    • Node.JS SDKNode.JS SDK
    • Java SDKJava SDK
    • Azure CLIAzure CLI
    • 预览门户Preview Portal
    • Resource Manager 模板语言Resource Manager template language

网络资源Network resources

现在,可以单独管理网络资源,而不用通过单个计算资源(虚拟机)对其进行统一管理。You can now manage network resources independently, instead of having them all managed through a single compute resource (a virtual machine). 这可确保在资源组中编写复杂的大规模基础结构时获得更高的弹性和灵活性。This ensures a higher degree of flexibility and agility in composing a complex and large scale infrastructure in a resource group.

下面显示了涉及多层应用程序的示例部署的概念视图。A conceptual view of a sample deployment involving a multi-tiered application is presented below. 看到的每个资源,比如 NIC、公共 IP 地址和虚拟机,都可以单独管理。Each resource you see, such as NICs, public IP addresses, and VMs, can be managed independently.

网络资源模型

每个资源都包含一组通用属性及其各自的属性集。Every resource contains a common set of properties, and their individual property set. 通用属性:The common properties are:

属性Property 说明Description 示例值Sample values
名称name 唯一的资源名称。Unique resource name. 每个资源类型都有自己的命名限制。Each resource type has its own naming restrictions. PIP01、VM01、NIC01PIP01, VM01, NIC01
位置location 资源所在的 Azure 区域Azure region in which the resource resides westus、eastuswestus, eastus
idid 唯一的基于 URI 的标识Unique URI based identification /subscriptions//resourceGroups/TestRG/providers/Microsoft.Network/publicIPAddresses/TestPIP/subscriptions//resourceGroups/TestRG/providers/Microsoft.Network/publicIPAddresses/TestPIP

可以在以下部分中检查资源的各个属性。You can check the individual properties of resources in the sections below.

公共 IP 地址Public IP address

公共 IP 地址资源提供保留的或动态的面向 Internet 的 IP 地址。A public IP address resource provides either a reserved or dynamic Internet facing IP address. 尽管可以创建作为独立对象的公共 IP 地址,但需要将其关联到另一个对象才能实际使用该地址。Although you can create a public IP address as a stand alone object, you need to associate it to another object to actually use the address. 可以将公共 IP 地址关联到负载均衡器、应用程序网关或 NIC 以提供对这些资源的 Internet 访问。You can associate a public IP address to a load balancer, application gateway, or a NIC to provide Internet access to those resources.

属性Property 说明Description 示例值Sample values
publicIPAllocationMethodpublicIPAllocationMethod 定义 IP 地址是静态的还是动态的。Defines if the IP address is static or dynamic. static、dynamicstatic, dynamic
idleTimeoutInMinutesidleTimeoutInMinutes 定义空闲超时,默认值为 4 分钟。Defines the idle time out, with a default value of 4 minutes. 如果在此时间内没有收到给定会话的更多数据包,则会终止该会话。If no more packets for a given session is received within this time, the session is terminated. 介于 4 和 30 之间的任何值any value between 4 and 30
ipAddressipAddress 分配给对象的 IP 地址。IP address assigned to object. 这是只读属性。This is a read-only property. 104.42.233.77104.42.233.77

DNS 设置DNS settings

公共 IP 地址具有一个名为 dnsSettings 的子对象,该对象包含以下属性:Public IP addresses have a child object named dnsSettings containing the following properties:

属性Property 说明Description 示例值Sample values
domainNameLabeldomainNameLabel 命名的主机,用于名称解析。Host named used for name resolution. www、ftp、vm1www, ftp, vm1
fqdnfqdn 公共 IP 的完全限定名称。Fully qualified name for the public IP. www.westus.cloudapp.azure.comwww.westus.cloudapp.azure.com
reverseFqdnreverseFqdn 完全限定的域名,可解析为 IP 地址并在 DNS 中注册为 PTR 记录。Fully qualified domain name that resolves to the IP address and is registered in DNS as a PTR record. www.contoso.com。www.contoso.com.

采用 JSON 格式的示例公共 IP 地址:Sample public IP address in JSON format:

{
   "name": "PIP01",
   "location": "North US",
   "tags": { "key": "value" },
   "properties": {
      "publicIPAllocationMethod": "Static",
      "idleTimeoutInMinutes": 4,
      "ipAddress": "104.42.233.77",
      "dnsSettings": {
         "domainNameLabel": "mylabel",
         "fqdn": "mylabel.westus.cloudapp.azure.com",
         "reverseFqdn": "contoso.com."
      }
   }
} 

其他资源Additional resources

NICNIC

网络接口卡 (NIC) 资源提供与虚拟网络资源中现有子网的网络连接。A network interface card (NIC) resource provides network connectivity to an existing subnet in a VNet resource. 尽管可以将 NIC 作为独立对象来创建,但需要将其关联到另一个对象才能实际提供连接。Although you can create a NIC as a stand alone object, you need to associate it to another object to actually provide connectivity. NIC 可以用于将 VM 连接到一个子网、公共 IP 地址或负载均衡器。A NIC can be used to connect a VM to a subnet, a public IP address, or a load balancer.

属性Property 说明Description 示例值Sample values
virtualMachinevirtualMachine 与 NIC 关联的 VM。VM the NIC is associated with. /subscriptions/{guid}/../Microsoft.Compute/virtualMachines/vm1/subscriptions/{guid}/../Microsoft.Compute/virtualMachines/vm1
macAddressmacAddress NIC 的 MAC 地址MAC address for the NIC 介于 4 和 30 之间的任何值any value between 4 and 30
networkSecurityGroupnetworkSecurityGroup 与 NIC 关联的 NSGNSG associated to the NIC /subscriptions/{guid}/../Microsoft.Network/networkSecurityGroups/myNSG1/subscriptions/{guid}/../Microsoft.Network/networkSecurityGroups/myNSG1
dnsSettingsdnsSettings NIC 的 DNS 设置DNS settings for the NIC 请参阅 PIPsee PIP

网络接口卡 (NIC) 表示可关联到虚拟机 (VM) 的网络接口。A Network Interface Card, or NIC, represents a network interface that can be associated to a virtual machine (VM). 一个 VM 可以有一个或多个 NIC。A VM can have one or more NICs.

单个 VM 上的 NIC

IP 配置IP configurations

NIC 具有一个名为 ipConfigurations 的子对象,包含以下属性:NICs have a child object named ipConfigurations containing the following properties:

属性Property 说明Description 示例值Sample values
subnetsubnet 与 NIC 连接的子网。Subnet the NIC is onnected to. /subscriptions/{guid}/../Microsoft.Network/virtualNetworks/myvnet1/subnets/mysub1/subscriptions/{guid}/../Microsoft.Network/virtualNetworks/myvnet1/subnets/mysub1
privateIPAddressprivateIPAddress 子网中 NIC 的 IP 地址IP address for the NIC in the subnet 10.0.0.810.0.0.8
privateIPAllocationMethodprivateIPAllocationMethod IP 分配方法IP allocation method 动态或静态Dynamic or Static
enableIPForwardingenableIPForwarding NIC 是否可以用于路由Whether the NIC can be used for routing true 或 falsetrue or false
primaryprimary NIC 是否是 VM 的主 NICWhether the NIC is the primary NIC for the VM true 或 falsetrue or false
publicIPAddresspublicIPAddress 与 NIC 关联的 PIPPIP associated with the NIC 请参阅 DNS 设置see DNS Settings
loadBalancerBackendAddressPoolsloadBalancerBackendAddressPools 与 NIC 关联的后端地址池Back end address pools the NIC is associated with
loadBalancerInboundNatRulesloadBalancerInboundNatRules 与 NIC 关联的入站负载均衡器 NAT 规则Inbound load balancer NAT rules the NIC is associated with

采用 JSON 格式的示例公共 IP 地址:Sample public IP address in JSON format:

{
    "name": "lb-nic1-be",
    "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/nrprg/providers/Microsoft.Network/networkInterfaces/lb-nic1-be",
    "etag": "W/\"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\"",
    "type": "Microsoft.Network/networkInterfaces",
    "location": "eastus",
    "properties": {
        "provisioningState": "Succeeded",
        "resourceGuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
        "ipConfigurations": [
            {
                "name": "NIC-config",
                "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/nrprg/providers/Microsoft.Network/networkInterfaces/lb-nic1-be/ipConfigurations/NIC-config",
                "etag": "W/\"0027f1a2-3ac8-49de-b5d5-fd46550500b1\"",
                "properties": {
                    "provisioningState": "Succeeded",
                    "privateIPAddress": "10.0.0.4",
                    "privateIPAllocationMethod": "Dynamic",
                    "subnet": {
                        "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/NRPRG/providers/Microsoft.Network/virtualNetworks/NRPVnet/subnets/NRPVnetSubnet"
                    },
                    "loadBalancerBackendAddressPools": [
                        {
                            "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/nrprg/providers/Microsoft.Network/loadBalancers/nrplb/backendAddressPools/NRPbackendpool"
                        }
                    ],
                    "loadBalancerInboundNatRules": [
                        {
                            "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/nrprg/providers/Microsoft.Network/loadBalancers/nrplb/inboundNatRules/rdp1"
                        }
                    ]
                }
            }
        ],
        "dnsSettings": { ... },
        "macAddress": "00-0D-3A-10-F1-29",
        "enableIPForwarding": false,
        "primary": true,
        "virtualMachine": {
            "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/nrprg/providers/Microsoft.Compute/virtualMachines/web1"
        }
    }
}

其他资源Additional resources

网络安全组Network Security Group

使用 NSG 资源可以通过实现允许和拒绝规则,为工作负载创建安全边界。An NSG resource enables the creation of security boundary for workloads, by implementing allow and deny rules. 此类规则可以应用于虚拟机、NIC 或子网。Such rules can be applied to a VM, a NIC, or a subnet.

属性Property 说明Description 示例值Sample values
subnetssubnets 应用 NSG 的子网 ID 的列表。List of subnet ids the NSG is applied to. /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/TestRG/providers/Microsoft.Network/virtualNetworks/TestVNet/subnets/FrontEnd/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/TestRG/providers/Microsoft.Network/virtualNetworks/TestVNet/subnets/FrontEnd
securityRulessecurityRules 构成 NSG 的安全规则的列表List of security rules that make up the NSG 请参阅下面的安全规则See Security rule below
defaultSecurityRulesdefaultSecurityRules 每个 NSG 中出现的默认安全规则的列表List of default security rules present in every NSG 请参阅下面的默认安全规则See Default security rules below
  • 安全规则 - 一个 NSG 可以有多个定义的安全规则。Security rule - An NSG can have multiple security rules defined. 每个规则可以允许或拒绝不同类型的流量。Each rule can allow or deny different types of traffic.

安全规则Security rule

安全规则是包含以下属性的 NSG 的子资源。A security rule is a child resource of an NSG containing the properties below.

属性Property 说明Description 示例值Sample values
说明description 规则描述Description for the rule 允许子网 X 中所有 VM 的入站流量Allow inbound traffic for all VMs in subnet X
protocolprotocol 要与规则匹配的协议Protocol to match for the rule TCP、UDP 或 *TCP, UDP, or *
sourcePortRangesourcePortRange 要与规则匹配的源端口范围Source port range to match for the rule 80, 100-200, *80, 100-200, *
destinationPortRangedestinationPortRange 要与规则匹配的目标端口范围Destination port range to match for the rule 80, 100-200, *80, 100-200, *
sourceAddressPrefixsourceAddressPrefix 要与规则匹配的源地址前缀Source address prefix to match for the rule 10.10.10.1、10.10.10.0/24、VirtualNetwork10.10.10.1, 10.10.10.0/24, VirtualNetwork
destinationAddressPrefixdestinationAddressPrefix 要与规则匹配的目标地址前缀Destination address prefix to match for the rule 10.10.10.1、10.10.10.0/24、VirtualNetwork10.10.10.1, 10.10.10.0/24, VirtualNetwork
directiondirection 要与规则匹配的流量方向Direction of traffic to match for the rule 入站或出站inbound or outbound
prioritypriority 规则的优先级。Priority for the rule. 按优先顺序检查规则,只要应用了一个规则,就不会测试其他规则来进行匹配。Rules are checked int he order of priority, once a rule applies, no more rules are tested for matching. 10, 100, 6500010, 100, 65000
访问access 规则匹配时要应用的访问类型Type of access to apply if the rule matches 允许或拒绝allow or deny

JSON 格式的示例 NSG:Sample NSG in JSON format:

{
    "name": "NSG-BackEnd",
    "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/TestRG/providers/Microsoft.Network/networkSecurityGroups/NSG-BackEnd",
    "etag": "W/\"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\"",
    "type": "Microsoft.Network/networkSecurityGroups",
    "location": "westus",
    "tags": {
        "displayName": "NSG - Front End"
    },
    "properties": {
        "provisioningState": "Succeeded",
        "resourceGuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
        "securityRules": [
            {
                "name": "rdp-rule",
                "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/TestRG/providers/Microsoft.Network/networkSecurityGroups/NSG-BackEnd/securityRules/rdp-rule",
                "etag": "W/\"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\"",
                "properties": {
                    "provisioningState": "Succeeded",
                    "description": "Allow RDP",
                    "protocol": "Tcp",
                    "sourcePortRange": "*",
                    "destinationPortRange": "3389",
                    "sourceAddressPrefix": "Internet",
                    "destinationAddressPrefix": "*",
                    "access": "Allow",
                    "priority": 100,
                    "direction": "Inbound"
                }
            }
        ],
        "defaultSecurityRules": [
            { [...],
        "subnets": [
            {
                "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/TestRG/providers/Microsoft.Network/virtualNetworks/TestVNet/subnets/FrontEnd"
            }
        ]
    }
}

默认安全规则Default security rules

默认安全规则具有安全规则中提供的相同属性。Default security rules have the same properties available in security rules. 之所以存在默认安全规则,是为了在应用了 NSG 的资源之间提供基本连接。They exist to provide basic connectivity between resources that have NSGs applied to them. 请确保知道存在哪些默认安全规则Make sure you know which default security rules exist.

其他资源Additional resources

路由表Route tables

路由表资源包含的路由用于定义流量在 Azure 基础结构中的流动方式。Route table resources contains routes used to define how traffic flows within your Azure infrastructure. 可以使用用户定义的路由 (UDR) 将所有流量从给定子网发送到某个虚拟设备,例如防火墙或入侵检测系统 (IDS)。You can use user defined routes (UDR) to send all traffic from a given subnet to a virtual appliance, such as a firewall or intrusion detection system (IDS). 可以将路由表关联到子网。You can associate a route table to subnets.

路由表包含以下属性。Route tables contain the following properties.

属性Property 说明Description 示例值Sample values
routesroutes 路由表中用户定义的路由的集合Collection of user defined routes in the route table 请参阅用户定义路由see user defined routes
subnetssubnets 路由表所适用的子网的集合Collection of subnets the route table is applied to 请参阅子网see subnets

用户定义的路由User defined routes

可以创建 UDR,指定应将流量发送到何处,具体取决于其目标地址。You can create UDRs to specify where traffic should be sent to, based on its destination address. 可以将路由视为默认的网关定义(基于网络数据包的目标地址)。You can think of a route as the default gateway definition based on the destination address of a network packet.

UDR 包含以下属性。UDRs contain the following properties.

属性Property 说明Description 示例值Sample values
addressPrefixaddressPrefix 地址前缀或目标的完整 IP 地址Address prefix, or full IP address for the destination 192.168.1.0/24, 192.168.1.101192.168.1.0/24, 192.168.1.101
nextHopTypenextHopType 要向其发送流量的设备的类型Type of device the traffic will be sent to VirtualAppliance、VPN 网关、InternetVirtualAppliance, VPN Gateway, Internet
nextHopIpAddressnextHopIpAddress 下一个跃点的 IP 地址IP address for the next hop 192.168.1.4192.168.1.4

JSON 格式的示例路由表:Sample route table in JSON format:

{
    "name": "UDR-BackEnd",
    "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/TestRG/providers/Microsoft.Network/routeTables/UDR-BackEnd",
    "etag": "W/\"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\"",
    "type": "Microsoft.Network/routeTables",
    "location": "westus",
    "properties": {
        "provisioningState": "Succeeded",
        "routes": [
            {
                "name": "RouteToFrontEnd",
                "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/TestRG/providers/Microsoft.Network/routeTables/UDR-BackEnd/routes/RouteToFrontEnd",
                "etag": "W/\"v\"",
                "properties": {
                    "provisioningState": "Succeeded",
                    "addressPrefix": "192.168.1.0/24",
                    "nextHopType": "VirtualAppliance",
                    "nextHopIpAddress": "192.168.0.4"
                }
            }
        ],
        "subnets": [
            {
                "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/TestRG/providers/Microsoft.Network/virtualNetworks/TestVNet/subnets/BackEnd"
            }
        ]
    }
}

其他资源Additional resources

虚拟网络Virtual Network

虚拟网络 (VNET) 和子网资源可帮助定义 Azure 中运行的工作负载的安全边界。Virtual Networks (VNET) and subnets resources help define a security boundary for workloads running in Azure. VNet 的特征包括一个地址空间(定义为 CIDR 块)的集合。A VNet is characterized by a collection of address spaces, defined as CIDR blocks.

备注

网络管理员应熟悉 CIDR 表示法。Network administrators are familiar with CIDR notation. 如果用户不熟悉 CIDR,请了解其详细信息If you are not familiar with CIDR, learn more about it.

具有多个子网的 VNet

VNet 包含以下属性。VNets contain the following properties.

属性Property 说明Description 示例值Sample values
addressSpaceaddressSpace 在 CIDR 表示法中构成 VNet 的地址前缀集合Collection of address prefixes that make up the VNet in CIDR notation 192.168.0.0/16192.168.0.0/16
subnetssubnets 构成 VNet 的子网集合Collection of subnets that make up the VNet 请参阅下面的子网see subnets below.
ipAddressipAddress 分配给对象的 IP 地址。IP address assigned to object. 这是只读属性。This is a read-only property. 104.42.233.77104.42.233.77

子网Subnets

子网是 VNet 的子资源,可帮助定义使用 IP 地址前缀在 CIDR 块中定义地址空间的段。A subnet is a child resource of a VNet, and helps define segments of address spaces within a CIDR block, using IP address prefixes. 可以将 NIC 添加到子网,并连接到 VM,以便为各种工作负荷提供连接。NICs can be added to subnets, and connected to VMs, providing connectivity for various workloads.

子网包含以下属性。Subnets contain the following properties.

属性Property 说明Description 示例值Sample values
addressPrefixaddressPrefix 在 CIDR 表示法中构成子网的单个地址前缀Single address prefix that make up the subnet in CIDR notation 192.168.1.0/24192.168.1.0/24
networkSecurityGroupnetworkSecurityGroup 应用到子网的 NSGNSG applied to the subnet 请参阅 NSGsee NSGs
routeTablerouteTable 应用到子网的路由表Route table applied to the subnet 请参阅 UDRsee UDR
ipConfigurationsipConfigurations 连接子网的 NIC 所用的 IP 配置对象集合Collection of IP configruation objects used by NICs connected to the subnet 请参阅 UDRsee UDR

JSON 格式的示例 VNet:Sample VNet in JSON format:

{
    "name": "TestVNet",
    "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/TestRG/providers/Microsoft.Network/virtualNetworks/TestVNet",
    "etag": "W/\"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\"",
    "type": "Microsoft.Network/virtualNetworks",
    "location": "westus",
    "tags": {
        "displayName": "VNet"
    },
    "properties": {
        "provisioningState": "Succeeded",
        "resourceGuid": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
        "addressSpace": {
            "addressPrefixes": [
                "192.168.0.0/16"
            ]
        },
        "subnets": [
            {
                "name": "FrontEnd",
                "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/TestRG/providers/Microsoft.Network/virtualNetworks/TestVNet/subnets/FrontEnd",
                "etag": "W/\"xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\"",
                "properties": {
                    "provisioningState": "Succeeded",
                    "addressPrefix": "192.168.1.0/24",
                    "networkSecurityGroup": {
                        "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/TestRG/providers/Microsoft.Network/networkSecurityGroups/NSG-BackEnd"
                    },
                    "routeTable": {
                        "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/TestRG/providers/Microsoft.Network/routeTables/UDR-FrontEnd"
                    },
                    "ipConfigurations": [
                        {
                            "id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/TestRG/providers/Microsoft.Network/networkInterfaces/NICWEB1/ipConfigurations/ipconfig1"
                        },
                        ...]
                }
            },
            ...]
    }
}

其他资源Additional resources

Azure DNSAzure DNS

Azure DNS 是 DNS 域的托管服务,它使用 Microsoft Azure 基础结构提供名称解析。Azure DNS is a hosting service for DNS domains, providing name resolution using Microsoft Azure infrastructure.

属性Property 说明Description 示例值Sample Value
DNSzonesDNSzones 托管特定域的 DNS 记录的域区域信息Domain zone information to host DNS records of a particular domain /subscriptions/{guid}/.../providers/Microsoft.Network/dnszones/contoso.com"/subscriptions/{guid}/.../providers/Microsoft.Network/dnszones/contoso.com"

DNS 记录集DNS record sets

DNS 区域具有一个名为记录集的子对象。DNS zones have a child object named record set. 记录集是按 DNS 区域的类型排列的主机记录集合。Record sets are a collection of host records by type for a DNS zone. 记录类型包括 A、AAAA、CNAME、MX、NS、SOA、SRV 和 TXT。Record types are A, AAAA, CNAME, MX, NS, SOA,SRV and TXT.

属性Property 说明Description 示例值Sample value
AA IPv4 记录类型IPv4 record type /subscriptions/{guid}/.../providers/Microsoft.Network/dnszones/contoso.com/A/www/subscriptions/{guid}/.../providers/Microsoft.Network/dnszones/contoso.com/A/www
AAAAAAAA IPv6 记录类型IPv6 record type /subscriptions/{guid}/.../providers/Microsoft.Network/dnszones/contoso.com/AAAA/hostrecord/subscriptions/{guid}/.../providers/Microsoft.Network/dnszones/contoso.com/AAAA/hostrecord
CNAMECNAME Canonical 名称记录类型 1canonical name record type 1 /subscriptions/{guid}/.../providers/Microsoft.Network/dnszones/contoso.com/CNAME/www/subscriptions/{guid}/.../providers/Microsoft.Network/dnszones/contoso.com/CNAME/www
MXMX 邮件记录类型mail record type /subscriptions/{guid}/.../providers/Microsoft.Network/dnszones/contoso.com/MX/mail/subscriptions/{guid}/.../providers/Microsoft.Network/dnszones/contoso.com/MX/mail
NSNS 名称服务器记录类型name server record type /subscriptions/{guid}/.../providers/Microsoft.Network/dnszones/contoso.com/NS//subscriptions/{guid}/.../providers/Microsoft.Network/dnszones/contoso.com/NS/
SOASOA 颁发机构记录类型开头 2Start of Authority record type 2 /subscriptions/{guid}/.../providers/Microsoft.Network/dnszones/contoso.com/SOA/subscriptions/{guid}/.../providers/Microsoft.Network/dnszones/contoso.com/SOA
SRVSRV 选择记录类型service record type /subscriptions/{guid}/.../providers/Microsoft.Network/dnszones/contoso.com/SRV/subscriptions/{guid}/.../providers/Microsoft.Network/dnszones/contoso.com/SRV

1 每个记录集只允许有一个值。1 only allows one value per record set.

2 每个 DNS 区域只允许有一种记录类型 SOA。2 only allows one record type SOA per DNS zone.

采用 Json 格式的 DNS 区域的示例:Sample of DNS zone in Json format:

{
  "$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "newZoneName": {
      "type": "String",
      "metadata": {
          "description": "The name of the DNS zone to be created."
      }
    },
    "newRecordName": {
      "type": "String",
      "defaultValue": "www",
      "metadata": {
          "description": "The name of the DNS record to be created.  The name is relative to the zone, not the FQDN."
      }
    }
  },
  "resources": 
  [
    {
      "type": "microsoft.network/dnszones",
      "name": "[parameters('newZoneName')]",
      "apiVersion": "2015-05-04-preview",
      "location": "global",
      "properties": {
      }
    },
    {
      "type": "microsoft.network/dnszones/a",
      "name": "[concat(parameters('newZoneName'), concat('/', parameters('newRecordName')))]",
      "apiVersion": "2015-05-04-preview",
      "location": "global",
      "properties": 
      {
        "TTL": 3600,
        "ARecords": 
        [
            {
                "ipv4Address": "1.2.3.4"
            },
            {
                "ipv4Address": "1.2.3.5"
            }
        ]
      },
      "dependsOn": [
        "[concat('Microsoft.Network/dnszones/', parameters('newZoneName'))]"
      ]
    }
      ]
}

其他资源Additional resources

有关详细信息,请阅读 DNS 区域的 REST API 文档Read the REST API documentation for DNS zones for more information.

有关详细信息,请阅读 DNS 记录集的 REST API 文档Read the REST API documentation for DNS record sets for more information.

负载均衡器Load Balancer

如果想要缩放应用程序,可以使用负载均衡器。A load balancer is used when you want to scale your applications. 典型的部署方案包括多个 VM 实例上运行的应用程序。Typical deployment scenarios involve applications running on multiple VM instances. VM 实例的前面是帮助将网络流量分配到各个实例的负载均衡器。The VM instances are fronted by a load balancer that helps to distribute network traffic to the various instances.

单个 VM 上的 NIC

属性Property 说明Description
frontendIPConfigurationsfrontendIPConfigurations 一个负载均衡器可以包含一个或多个前端 IP 地址,也称为虚拟 IP (VIP)。a Load balancer can include one or more front end IP addresses, otherwise known as a virtual IPs (VIPs). 这些 IP 地址充当流量的入口,可以为公共 IP 或专用 IPThese IP addresses serve as ingress for the traffic and can be public IP or private IP
backendAddressPoolsbackendAddressPools 这些是与负载要分配到的 VM NIC 关联的 IP 地址。these are IP addresses associated with the VM NICs to which load will be distributed
loadBalancingRulesloadBalancingRules 规则属性将给定的前端 IP 和端口组合映射到一组后端 IP 地址和端口组合。a rule property maps a given front end IP and port combination to a set of back end IP addresses and port combination. 只需定义一个负载均衡器资源,就能定义多个负载均衡规则,每个规则反映与虚拟机关联的前端 IP 与端口以及后端 IP 与端口的组合。With a single definition of a load balancer resource, you can define multiple load balancing rules, each rule reflecting a combination of a front end IP and port and back end IP and port associated with virtual machines. 该规则是前端池中的一个端口到后端池中的多个虚拟机The rule is one port in the front end pool to many virtual machines in the back end pool
ProbesProbes 使用探测可以跟踪 VM 实例的运行状况。probes enable you to keep track of the health of VM instances. 如果运行状况探测失败,虚拟机实例会自动从轮转列表中删除If a health probe fails, the virtual machine instance will be taken out of rotation automatically
inboundNatRulesinboundNatRules NAT 规则定义流过前端 IP 并分配到特定虚拟机实例的后端 IP 的入站流量。NAT rules defining the inbound traffic flowing through the front end IP and distributed to the back end IP to a specific virtual machine instance. NAT 规则是前端池中的一个端口到后端池中的一个虚拟机NAT rule is one port in the front end pool to one virtual machine in the back end pool

采用 Json 格式的负载均衡器模板的示例:Example of load balancer template in Json format:

{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "dnsNameforLBIP": {
      "type": "string",
      "metadata": {
        "description": "Unique DNS name"
      }
    },
    "location": {
      "type": "string",
      "allowedValues": [
        "East US",
        "West US",
        "West Europe",
        "East Asia",
        "Southeast Asia"
      ],
      "metadata": {
        "description": "Location to deploy"
      }
    },
    "addressPrefix": {
      "type": "string",
      "defaultValue": "10.0.0.0/16",
      "metadata": {
        "description": "Address Prefix"
      }
    },
    "subnetPrefix": {
      "type": "string",
      "defaultValue": "10.0.0.0/24",
      "metadata": {
        "description": "Subnet Prefix"
      }
    },
    "publicIPAddressType": {
      "type": "string",
      "defaultValue": "Dynamic",
      "allowedValues": [
        "Dynamic",
        "Static"
      ],
      "metadata": {
        "description": "Public IP type"
      }
    }
  },
  "variables": {
    "virtualNetworkName": "virtualNetwork1",
    "publicIPAddressName": "publicIp1",
    "subnetName": "subnet1",
    "loadBalancerName": "loadBalancer1",
    "nicName": "networkInterface1",
    "vnetID": "[resourceId('Microsoft.Network/virtualNetworks',variables('virtualNetworkName'))]",
    "subnetRef": "[concat(variables('vnetID'),'/subnets/',variables('subnetName'))]",
    "publicIPAddressID": "[resourceId('Microsoft.Network/publicIPAddresses',variables('publicIPAddressName'))]",
    "lbID": "[resourceId('Microsoft.Network/loadBalancers',variables('loadBalancerName'))]",
    "nicId": "[resourceId('Microsoft.Network/networkInterfaces',variables('nicName'))]",
    "frontEndIPConfigID": "[concat(variables('lbID'),'/frontendIPConfigurations/loadBalancerFrontEnd')]",
    "backEndIPConfigID": "[concat(variables('nicId'),'/ipConfigurations/ipconfig1')]"
  },
  "resources": [
{
  "apiVersion": "2015-05-01-preview",
  "type": "Microsoft.Network/publicIPAddresses",
  "name": "[variables('publicIPAddressName')]",
  "location": "[parameters('location')]",
  "properties": {
    "publicIPAllocationMethod": "[parameters('publicIPAddressType')]",
    "dnsSettings": {
      "domainNameLabel": "[parameters('dnsNameforLBIP')]"
    }
  }
},
{
  "apiVersion": "2015-05-01-preview",
  "type": "Microsoft.Network/virtualNetworks",
  "name": "[variables('virtualNetworkName')]",
  "location": "[parameters('location')]",
  "properties": {
    "addressSpace": {
      "addressPrefixes": [
        "[parameters('addressPrefix')]"
      ]
    },
    "subnets": [
      {
        "name": "[variables('subnetName')]",
        "properties": {
          "addressPrefix": "[parameters('subnetPrefix')]"
        }
      }
    ]
  }
},
{
  "apiVersion": "2015-05-01-preview",
  "type": "Microsoft.Network/networkInterfaces",
  "name": "[variables('nicName')]",
  "location": "[parameters('location')]",
  "dependsOn": [
    "[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]",
    "[concat('Microsoft.Network/loadBalancers/', variables('loadBalancerName'))]"
  ],
  "properties": {
    "ipConfigurations": [
      {
        "name": "ipconfig1",
        "properties": {
          "privateIPAllocationMethod": "Dynamic",
          "subnet": {
            "id": "[variables('subnetRef')]"
          },
          "loadBalancerBackendAddressPools": [
            {
              "id": "[concat(variables('lbID'), '/backendAddressPools/LoadBalancerBackend')]"
            }
          ],
          "loadBalancerInboundNatRules": [
            {
              "id": "[concat(variables('lbID'),'/inboundNatRules/RDP')]"
            }
          ]
        }
      }
    ]
  }
},
{
  "apiVersion": "2015-05-01-preview",
  "name": "[variables('loadBalancerName')]",
  "type": "Microsoft.Network/loadBalancers",
  "location": "[parameters('location')]",
  "dependsOn": [
    "[concat('Microsoft.Network/publicIPAddresses/', variables('publicIPAddressName'))]"
  ],
  "properties": {
    "frontendIPConfigurations": [
      {
        "name": "loadBalancerFrontEnd",
        "properties": {
          "publicIPAddress": {
            "id": "[variables('publicIPAddressID')]"
          }
        }
      }
    ],
    "backendAddressPools": [
      {
        "name": "loadBalancerBackEnd"
      }
    ],
    "inboundNatRules": [
      {
        "name": "RDP",
        "properties": {
          "frontendIPConfiguration": {
            "id": "[variables('frontEndIPConfigID')]"
          },
          "protocol": "tcp",
          "frontendPort": 3389,
          "backendPort": 3389,
          "enableFloatingIP": false
        }
      }
    ]
  }
}
  ]
}

其他资源Additional resources

有关详细信息,请阅读负载均衡器 REST APIRead load balancer REST API for more information.

应用程序网关Application Gateway

应用程序网关提供基于第 7 层负载均衡的 Azure 托管 HTTP 负载均衡解决方案。Application Gateway provides an Azure-managed HTTP load balancing solution based on layer 7 load balancing. 应用程序负载均衡允许对基于 HTTP 的网络流量使用路由规则。Application load balancing allows the use of routing rules for network traffic based on HTTP.

属性Property 说明Description
backendAddressPoolsbackendAddressPools 后端服务器的 IP 地址列表。The list of IP addresses of the back end servers. 列出的 IP 地址应属于虚拟网络子网,或者应是公共 IP/VIP 或专用 IPThe IP addresses listed should either belong to the virtual network subnet, or should be a public IP/VIP or private IP
backendHttpSettingsCollectionbackendHttpSettingsCollection 每个池具有端口、协议和基于 Cookie 的相关性等设置。Every pool has settings like port, protocol, and cookie based affinity. 这些设置绑定到池,并会应用到池中的所有服务器These settings are tied to a pool and are applied to all servers within the pool
frontendPortsfrontendPorts 此端口是应用程序网关上打开的公共端口。This port is the public port opened on the application gateway. 流量将抵达此端口,然后重定向到后端服务器之一Traffic hits this port, and then gets redirected to one of the back end servers
httpListenershttpListeners 侦听器具有前端端口、协议(Http 或 Https,区分大小写)和 SSL 证书名称(如果要配置 SSL 卸载)Listener has a frontend port, a protocol (Http or Https, these are case-sensitive), and the SSL certificate name (if configuring SSL offload)
requestRoutingRulesrequestRoutingRules 规则会绑定侦听器和后端服务器池,并定义流量应定向到的后端服务器池。The rule binds the listener and the back end server pool and defines which back end server pool the traffic should be directed. 目前只能作为轮循机制使用Currently works only as Round-robin

应用程序网关 Json 模板的示例:Example of an application gateway Json template:

{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "location": {
      "type": "string",
      "metadata": {
        "description": "Location to deploy to"
      }
    },
    "addressPrefix": {
      "type": "string",
      "defaultValue": "10.0.0.0/16",
      "metadata": {
        "description": "Address prefix for the Virtual Network"
      }
    },
    "subnetPrefix": {
      "type": "string",
      "defaultValue": "10.0.0.0/28",
      "metadata": {
        "description": "Subnet prefix"
      }
    },
    "skuName": {
      "type": "string",
      "allowedValues": [
        "Standard_Small",
        "Standard_Medium",
        "Standard_Large"
      ],
      "defaultValue": "Standard_Medium",
      "metadata": {
        "description": "Sku Name"
      }
    },
    "capacity": {
      "type": "int",
      "defaultValue": 2,
      "metadata": {
        "description": "Number of instances"
      }
    },
    "backendIpAddress1": {
      "type": "string",
      "metadata": {
        "description": "IP Address for Backend Server 1"
      }
    },
    "backendIpAddress2": {
      "type": "string",
      "metadata": {
        "description": "IP Address for Backend Server 2"
      }
    }
  },
  "variables": {
    "applicationGatewayName": "applicationGateway1",
    "publicIPAddressName": "publicIp1",
    "virtualNetworkName": "virtualNetwork1",
    "subnetName": "appGatewaySubnet",
    "vnetID": "[resourceId('Microsoft.Network/virtualNetworks',variables('virtualNetworkName'))]",
    "subnetRef": "[concat(variables('vnetID'),'/subnets/',variables('subnetName'))]",
    "publicIPRef": "[resourceId('Microsoft.Network/publicIPAddresses',variables('publicIPAddressName'))]",
    "applicationGatewayID": "[resourceId('Microsoft.Network/applicationGateways',variables('applicationGatewayName'))]",
    "apiVersion": "2015-05-01-preview"
  },
  "resources": [
    {
      "apiVersion": "[variables('apiVersion')]",
      "type": "Microsoft.Network/publicIPAddresses",
      "name": "[variables('publicIPAddressName')]",
      "location": "[parameters('location')]",
      "properties": {
        "publicIPAllocationMethod": "Dynamic"
      }
    },
    {
      "apiVersion": "[variables('apiVersion')]",
      "type": "Microsoft.Network/virtualNetworks",
      "name": "[variables('virtualNetworkName')]",
      "location": "[parameters('location')]",
      "properties": {
        "addressSpace": {
          "addressPrefixes": [
            "[parameters('addressPrefix')]"
          ]
        },
        "subnets": [
          {
            "name": "[variables('subnetName')]",
            "properties": {
              "addressPrefix": "[parameters('subnetPrefix')]"
            }
          }
        ]
      }
    },
    {
      "apiVersion": "[variables('apiVersion')]",
      "name": "[variables('applicationGatewayName')]",
      "type": "Microsoft.Network/applicationGateways",
      "location": "[parameters('location')]",
      "dependsOn": [
        "[concat('Microsoft.Network/virtualNetworks/', variables    ('virtualNetworkName'))]",
        "[concat('Microsoft.Network/publicIPAddresses/', variables    ('publicIPAddressName'))]"
      ],
      "properties": {
        "sku": {
          "name": "[parameters('skuName')]",
          "tier": "Standard",
          "capacity": "[parameters('capacity')]"
        },
        "gatewayIPConfigurations": [
          {
            "name": "appGatewayIpConfig",
            "properties": {
              "subnet": {
                "id": "[variables('subnetRef')]"
              }
            }
          }
        ],
        "frontendIPConfigurations": [
          {
            "name": "appGatewayFrontendIP",
            "properties": {
              "PublicIPAddress": {
                "id": "[variables('publicIPRef')]"
              }
            }
          }
        ],
        "frontendPorts": [
          {
            "name": "appGatewayFrontendPort",
            "properties": {
              "Port": 80
            }
          }
        ],
        "backendAddressPools": [
          {
            "name": "appGatewayBackendPool",
            "properties": {
              "BackendAddresses": [
                {
                  "IpAddress": "[parameters('backendIpAddress1')]"
                },
                {
                  "IpAddress": "[parameters('backendIpAddress2')]"
                }
              ]
            }
          }
        ],
        "backendHttpSettingsCollection": [
          {
            "name": "appGatewayBackendHttpSettings",
            "properties": {
              "Port": 80,
              "Protocol": "Http",
              "CookieBasedAffinity": "Disabled"
            }
          }
        ],
        "httpListeners": [
          {
            "name": "appGatewayHttpListener",
            "properties": {
              "FrontendIPConfiguration": {
                "Id": "[concat(variables('applicationGatewayID'), '/    frontendIPConfigurations/appGatewayFrontendIP')]"
              },
              "FrontendPort": {
                "Id": "[concat(variables('applicationGatewayID'), '/    frontendPorts/appGatewayFrontendPort')]"
              },
              "Protocol": "Http",
              "SslCertificate": null
            }
          }
        ],
        "requestRoutingRules": [
          {
            "Name": "rule1",
            "properties": {
              "RuleType": "Basic",
              "httpListener": {
                "id": "[concat(variables('applicationGatewayID'), '/    httpListeners/appGatewayHttpListener')]"
              },
              "backendAddressPool": {
                "id": "[concat(variables('applicationGatewayID'), '/    backendAddressPools/appGatewayBackendPool')]"
              },
              "backendHttpSettings": {
                "id": "[concat(variables('applicationGatewayID'), '/    backendHttpSettingsCollection/    appGatewayBackendHttpSettings')]"
              }
            }
          }
        ]
      }
    }
  ]    
}

其他资源Additional resources

有关详细信息,请阅读应用程序网关 REST APIRead application gateway REST API for more information.

VPN 网关VPN Gateway

使用 VPN 网关资源可以在本地数据中心和 Azure 之间创建安全连接。A VPN gateway resource enables you to create a secure connection between their on-premises data center and Azure. 可通过三种不同的方式配置 VPN 网关资源:A VPN gateway resource can be configured in three different ways:

  • 点到站点 – 可以从任何计算机使用 VPN 客户端安全地访问 VNET 中托管的 Azure 资源。Point to Site – you can securely access your Azure resources hosted in a VNET by using a VPN client from any computer.
  • 多站点连接 – 可以从本地数据中心安全连接到 VNET 中运行的资源。Multi-site connection – you can securely connect from your on-premises data centers to resources running in a VNET.
  • VNET 到 VNET – 可以跨同一区域中的 Azure VNET 或者跨区域建立连接,以构建地域冗余的工作负荷。VNET to VNET – you can securely connect across Azure VNETS within the same region, or across regions to build workloads with geo-redundancy.

VPN 网关的关键属性包括:Key properties of a VPN gateway include:

  • 网关类型 - 动态路由或静态路由的网关。Gateway type - dynamically routed or a static routed gateway.
  • VPN 客户端地址池前缀 – 在点到站点配置中,要分配给连接的客户端的 IP 地址。VPN Client Address Pool Prefix – IP addresses to be assigned to clients connecting in a point to site configuration.

流量管理器配置文件Traffic Manager Profile

使用流量管理器及其子终结点资源可将 DNS 路由到 Azure 内部和 Azure 外部的终结点。Traffic manager and its child endpoint resource enable DNS routing to endpoints in Azure and outside of Azure. 此类流量分配由路由策略方法控制。Such traffic distribution is governed by routing policy methods. 使用流量管理器还能监视终结点的运行状况,并根据终结点的运行状况重定向流量。Traffic manager also allows endpoint health to be monitored, and traffic diverted appropriately based on the health of an endpoint.

属性Property 说明Description
trafficRoutingMethodtrafficRoutingMethod 可能的值为 PerformanceWeightedPrioritypossible values are Performance, Weighted, and Priority
dnsConfigdnsConfig 配置文件的 FQDNFQDN for the profile
协议Protocol 监视协议,可能的值为 HTTPHTTPSmonitoring protocol, possible values are HTTP and HTTPS
端口Port 监视端口monitoring port
路径Path 监视路径monitoring path
终结点Endpoints 终结点资源的容器container for endpoint resources

终结点Endpoint

终结点是流量管理器配置文件的子资源。An endpoint is a child resource of a Traffic Manager Profile. 它表示要根据流量管理器配置文件资源中配置的策略,将用户流量分配到的服务或 Web 终结点。It represents a service or web endpoint to which user traffic is distributed based on the configured policy in the Traffic Manager Profile resource.

属性Property 说明Description
类型Type 终结点的类型,可能的值为“Azure 终结点”、“外部终结点”和“嵌套终结点”the type of the endpoint, possible values are Azure End point, External Endpoint, and Nested Endpoint
targetResourceIdtargetResourceId 服务或 Web 终结点的公共 IP 地址。public IP address of a service or web endpoint. 这可能是 Azure 或外部终结点。This can be an Azure or external endpoint.
权重Weight 流量管理中使用的终结点权重。endpoint weight used in traffic management.
PriorityPriority 用于定义故障转移操作的终结点优先级priority of the endpoint, used to define a failover action

采用 Json 格式的流量管理器示例:Sample of Traffic Manager in Json format:

    {
        "apiVersion": "[variables('tmApiVersion')]",
        "type": "Microsoft.Network/trafficManagerProfiles",
        "name": "VMEndpointExample",
        "location": "global",
        "dependsOn": [
            "[concat('Microsoft.Network/publicIPAddresses/', variables('publicIPAddressName'), '0')]",
            "[concat('Microsoft.Network/publicIPAddresses/', variables('publicIPAddressName'), '1')]",
            "[concat('Microsoft.Network/publicIPAddresses/', variables('publicIPAddressName'), '2')]",
        ],
        "properties": {
            "profileStatus": "Enabled",
            "trafficRoutingMethod": "Weighted",
            "dnsConfig": {
                "relativeName": "[parameters('dnsname')]",
                "ttl": 30
            },
            "monitorConfig": {
                "protocol": "http",
                "port": 80,
                "path": "/"
            },
            "endpoints": [
                {
                    "name": "endpoint0",
                    "type": "Microsoft.Network/trafficManagerProfiles/azureEndpoints",
                    "properties": {
                        "targetResourceId": "[resourceId('Microsoft.Network/publicIPAddresses',concat(variables('publicIPAddressName'), 0))]",
                        "endpointStatus": "Enabled",
                        "weight": 1
                    }
                },
                {
                    "name": "endpoint1",
                    "type": "Microsoft.Network/trafficManagerProfiles/azureEndpoints",
                    "properties": {
                        "targetResourceId": "[resourceId('Microsoft.Network/publicIPAddresses',concat(variables('publicIPAddressName'), 1))]",
                        "endpointStatus": "Enabled",
                        "weight": 1
                    }
                },
                {
                    "name": "endpoint2",
                    "type": "Microsoft.Network/trafficManagerProfiles/azureEndpoints",
                    "properties": {
                        "targetResourceId": "[resourceId('Microsoft.Network/publicIPAddresses',concat(variables('publicIPAddressName'), 2))]",
                        "endpointStatus": "Enabled",
                        "weight": 1
                    }
                }
            ]
        }
    }

其他资源Additional resources

有关详细信息,请阅读流量管理器的 REST API 文档Read REST API documentation for Traffic Manager for more information.

管理界面Management interfaces

可以使用不同界面来管理 Azure 网络资源。You can manage your Azure networking resources using different interfaces. 在本文档中,我们将针对这些界面重点介绍其中两种:REST API 和模板。In this document we will focus on tow of those interfaces: REST API, and templates.

REST APIREST API

如前所述,可以通过各种界面(包括 REST API、.NET SDK、Node.JS SDK、Java SDK、PowerShell、CLI、Azure 门户和模板)管理网络资源。As mentioned earlier, network resources can be managed via a variety of interfaces, including REST API,.NET SDK, Node.JS SDK, Java SDK, PowerShell, CLI, Azure Portal and templates.

Rest API 符合 HTTP 1.1 协议规范。The Rest API’s conform to the HTTP 1.1 protocol specification. 下面显示了该 API 的常规 URI 结构:The general URI structure of the API is presented below:

https://management.azure.com/subscriptions/{subscription-id}/providers/{resource-provider-namespace}/locations/{region-location}/register?api-version={api-version}

大括号中的参数代表以下元素:And the parameters in braces represent the following elements:

  • subscription-id - Azure 订阅 ID。subscription-id - your Azure subscription id.
  • resource-provider-namespace - 正在使用的提供程序的命名空间。resource-provider-namespace - namespace for the provider being used. 网络资源提供程序的值为 Microsoft.NetworkTHe value for the network resource provider is Microsoft.Network.
  • region-name - Azure 区域名称region-name - the Azure region name

调用 REST API 时支持以下的 HTTP 方法:The following HTTP methods are supported when making calls to the REST API:

  • PUT - 用于创建给定类型的资源、修改资源属性或更改资源之间的关联。PUT - used to create a resource of a given type, modify a resource property or change an association between resources.
  • GET - 用于检索设置资源的信息。GET - used to retrieve information for a provisioned resource.
  • DELETE - 用于删除现有资源。DELETE - used to delete an existing resource.

请求和响应都符合 JSON 负载格式。Both the request and response conform to a JSON payload format. 有关详细信息,请参阅 Azure 资源管理 APIFor more details, see Azure Resource Management APIs.

Resource Manager 模板语言Resource Manager template language

除了强制性管理资源(通过 API 或 SDK)以外,还可以使用 Resource Manager 模板语言以声明性编程方式构建和管理网络资源。In addition to managing resources imperatively (via APIs or SDK), you can also use a declarative programming style to build and manage network resources by using the Resource Manager Template Language.

下面提供了模板的示例表示形式 -A sample representation of a template is provided below –

{
  "$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json",
  "contentVersion": "<version-number-of-template>",
  "parameters": { <parameter-definitions-of-template> },
  "variables": { <variable-definitions-of-template> },
  "resources": [ { <definition-of-resource-to-deploy> } ],
  "outputs": { <output-of-template> }    
}

该模板主要是资源和通过参数注入的实例值的 JSON 说明。The template is primarily a JSON description of the resources and the instance values injected via parameters. 可以使用以下示例创建包含 2 个子网的虚拟网络。The example below can be used to create a virtual network with 2 subnets.

{
    "$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/VNET.json",
    "contentVersion": "1.0.0.0",
    "parameters" : {
      "location": {
        "type": "String",
        "allowedValues": ["East US", "West US", "West Europe", "East Asia", "South East Asia"],
        "metadata" : {
          "Description" : "Deployment location"
        }
      },
      "virtualNetworkName":{
        "type" : "string",
        "defaultValue":"myVNET",
        "metadata" : {
          "Description" : "VNET name"
        }
      },
      "addressPrefix":{
        "type" : "string",
        "defaultValue" : "10.0.0.0/16",
        "metadata" : {
          "Description" : "Address prefix"
        }

      },
      "subnet1Name": {
        "type" : "string",
        "defaultValue" : "Subnet-1",
        "metadata" : {
          "Description" : "Subnet 1 Name"
        }
      },
      "subnet2Name": {
        "type" : "string",
        "defaultValue" : "Subnet-2",
        "metadata" : {
          "Description" : "Subnet 2 name"
        }
      },
      "subnet1Prefix" : {
        "type" : "string",
        "defaultValue" : "10.0.0.0/24",
        "metadata" : {
          "Description" : "Subnet 1 Prefix"
        }
      },
      "subnet2Prefix" : {
        "type" : "string",
        "defaultValue" : "10.0.1.0/24",
        "metadata" : {
          "Description" : "Subnet 2 Prefix"
        }
      }
    },
    "resources": [
    {
      "apiVersion": "2015-05-01-preview",
      "type": "Microsoft.Network/virtualNetworks",
      "name": "[parameters('virtualNetworkName')]",
      "location": "[parameters('location')]",
      "properties": {
        "addressSpace": {
          "addressPrefixes": [
            "[parameters('addressPrefix')]"
          ]
        },
        "subnets": [
          {
            "name": "[parameters('subnet1Name')]",
            "properties" : {
              "addressPrefix": "[parameters('subnet1Prefix')]"
            }
          },
          {
            "name": "[parameters('subnet2Name')]",
            "properties" : {
              "addressPrefix": "[parameters('subnet2Prefix')]"
            }
          }
        ]
      }
    }
    ]
}

可以选择在使用模板时手动提供参数值,或者使用参数文件。You have the option of providing the parameter values manually when using a template, or you can use a parameter file. 以下示例演示可与上述模板一起使用的参数值集:The example below shows a possible set of parameter values to be used with the template above:

{
  "location": {
      "value": "East US"
  },
  "virtualNetworkName": {
      "value": "VNET1"
  },
  "subnet1Name": {
      "value": "Subnet1"
  },
  "subnet2Name": {
      "value": "Subnet2"
  },
  "addressPrefix": {
      "value": "192.168.0.0/16"
  },
  "subnet1Prefix": {
      "value": "192.168.1.0/24"
  },
  "subnet2Prefix": {
      "value": "192.168.2.0/24"
  }
}

使用模板的主要优势在于:The main advantages of using templates are:

  • 可以声明性方式在资源组中构建复杂的基础结构。You can build a complex infrastructure in a resource group in a declarative style. 创建资源的协调(包括依赖关系管理)由 Resource Manager 处理。The orchestration of creating the resources, including dependency management, is handled by Resource Manager.
  • 可以在多个不同区域和一个区域中重复创建基础结构,只需更改参数即可。The infrastructure can be created in a repeatable way across various regions and within a region by simply changing parameters.
  • 声明性方式可以缩短构建模板和推出基础结构的周期时间。The declarative style leads to shorter lead time in building the templates and rolling out the infrastructure.

有关示例模板,请参阅 Azure 快速入门模板For sample templates, see Azure quickstart templates.

有关 Resource Manager 模板语言的详细信息,请参阅 Azure Resource Manager 模板语言For more information on the Resource Manager Template Language, see Azure Resource Manager Template Language.

上面的示例模板使用虚拟网络和子网资源。The sample template above uses the virtual network and subnet resources. 下面列出了可以使用的其他一些网络资源:There are other network resources you can use as listed below:

使用模板Using a template

可以使用 PowerShell、AzureCLI 或通过在 GitHub 中执行单击部署,从模板向 Azure 部署服务。You can deploy services to Azure from a template by using PowerShell, AzureCLI, or by performing a click to deploy from GitHub. 若要在 GitHub 中从模板部署服务,请执行以下步骤:To deploy services from a template in GitHub, execute the following steps:

  1. 从 GitHub 打开 template3 文件。Open the template3 file from GitHub. 例如,打开“包含两个子网的虚拟网络”。As an example, open Virtual network with two subnets.
  2. 单击“部署到 Azure”,然后使用凭据登录到 Azure 门户。Click on Deploy to Azure, and then sign in on to the Azure portal with your credentials.
  3. 验证模板,并单击“保存”。Verify the template, and then click Save.
  4. 单击“编辑参数”并为 vnet 和子网选择一个位置,例如“美国西部”。Click Edit parameters and select a location, such as West US, for the vnet and subnets.
  5. 根据需要更改 ADDRESSPREFIXSUBNETPREFIX 参数,并单击“确定”。If necessary, change the ADDRESSPREFIX and SUBNETPREFIX parameters, and then click OK.
  6. 单击“选择资源组”,然后单击要将 vnet 和子网添加到的资源组。Click Select a resource group and then click on the resource group you want to add the vnet and subnets to. 或者,可以通过单击“或新建”创建新的资源组。Alternatively, you can create a new resource group by clicking Or create new.
  7. 单击“创建” 。Click Create. 请注意磁贴显示了“预配模板部署”。Notice the tile displaying Provisioning Template deployment. 完成部署后,会看到一个类似于下面的屏幕。Once the deployment is done, you will see a screen similar to one below.

示例模板部署

后续步骤Next steps

Azure Resource Manager 模板语言Azure Resource Manager Template Language

Azure 网络 – 常用的模板Azure Networking – commonly used templates

Azure Resource Manager 和经典部署Azure Resource Manager vs. classic deployment

Azure Resource Manager 概述Azure Resource Manager Overview