您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

创建包含多个子网的虚拟网络Create a virtual network with multiple subnets

本教程介绍如何创建包含独立公共和私有子网的基本 Azure 虚拟网络。In this tutorial, learn how to create a basic Azure virtual network that has separate public and private subnets. 虚拟网络中的资源可以彼此通信,并可以与连接到虚拟网络的其他网络中的资源通信。Resources in virtual networks can communicate with each other, and with resources in other networks connected to a virtual network. 可在虚拟网络中相同或不同的子网中创建 Azure 资源,如虚拟机、应用服务环境、虚拟机规模集、Azure HDInsight 和云服务。You can create Azure resources, like Virtual machines, App Service environments, Virtual machine scale sets, Azure HDInsight, and Cloud services in the same, or different subnets within a virtual network. 通过在不同的子网中创建资源,可以筛选出网络安全组以外的进出子网的网络流量,还可通过网络虚拟设备(如防火墙)路由子网之间的流量(如果选择这样做)。Creating resources in different subnets enables you to filter network traffic in and out of subnets independently with network security groups, and to route traffic between subnets through network virtual appliances, such as a firewall, if you choose to.

以下部分提供了使用 Azure 门户、Azure 命令行接口 (Azure CLI)、Azure PowerShellAzure 资源管理器模板创建虚拟网络的步骤。The following sections include steps that you can take to create a virtual network by using the Azure portal, the Azure command-line interface (Azure CLI), Azure PowerShell, and an Azure Resource Manager template. 不管使用哪种工具来创建虚拟网络,结果都是一样的。The result is the same, regardless of which tool you use to create the virtual network. 单击工具链接,转到教程中该工具的对应部分。Click a tool link to go to that section of the tutorial. 详细了解所有虚拟网络子网设置。Learn more about all virtual network and subnet settings.

本文提供通过资源管理器部署模型(创建新虚拟网络时建议使用的部署模型)创建虚拟网络的步骤。This article provides steps to create a virtual network through the Resource Manager deployment model, which is the deployment model we recommend using when creating new virtual networks. 如果需要创建虚拟网络(经典),请参阅创建虚拟网络(经典)If you need to create a virtual network (classic), see Create a virtual network (classic). 如果不熟悉 Azure 的部署模型,请阅读了解 Azure 部署模型If you're not familiar with Azure's deployment models, see Understand Azure deployment models.

Azure 门户Azure portal

  1. 在 Internet 浏览器中,转到 Azure 门户In an Internet browser, go to the Azure portal. 使用 Azure 帐户登录。Log in using your Azure account. 如果没有 Azure 帐户,可以注册免费试用版If you don't have an Azure account, you can sign up for a free trial.
  2. 在门户中,单击“+ 新建” > “网络” > “虚拟网络”。In the portal, click +New > Networking > Virtual network.
  3. 在“创建虚拟网络”边栏选项卡中,输入以下值,然后单击“创建”:On the Create virtual network blade, enter the following values, and then click Create:

    设置Setting Value
    名称Name myVnetmyVnet
    地址空间Address space 10.0.0.0/1610.0.0.0/16
    子网名称Subnet name 公共Public
    子网地址范围Subnet address range 10.0.0.0/2410.0.0.0/24
    资源组Resource group 保留选中“新建”,输入 myResourceGroupLeave Create new selected, and then enter myResourceGroup.
    订阅和位置Subscription and location 选择订阅和位置。Select your subscription and location.

    如果不熟悉 Azure,请详细了解资源组订阅位置(也称为“区域”)。If you're new to Azure, learn more about resource groups, subscriptions, and locations (also referred to as regions).

  4. 在创建虚拟网络时,只能在门户中创建一个子网。In the portal, you can create only one subnet when you create a virtual network. 在本教程中,将在创建虚拟网络之后创建第二个子网。In this tutorial, you create a second subnet after you create the virtual network. 随后可在“公共”子网中创建可通过 Internet 访问的资源。You might later create Internet-accessible resources in the Public subnet. 还可以在“专用”子网中创建无法通过 Internet 访问的资源。You also might create resources that aren't accessible from the Internet in the Private subnet. 若要创建第二个子网,请在页面顶部的“搜索资源”框中输入 myVnetTo create the second subnet, in the Search resources box at the top of the page, enter myVnet. 在搜索结果中,单击“myVnet”。In the search results, click myVnet. 如果在订阅中存在多个同名的虚拟网络,请检查每个虚拟网络下列出的资源组。If you have multiple virtual networks with the same name in your subscription, check the resource groups that are listed under each virtual network. 确保单击的是包含“myResourceGroup”资源组的“myVnet”搜索结果。Ensure that you click the myVnet search result that has the resource group myResourceGroup.
  5. 在“myVnet”边栏选项卡中,单击“设置”下面的“子网”。On the myVnet blade, under SETTINGS, click Subnets.
  6. 在“myVnet - 子网”边栏选项卡中单击“+子网”。On the myVnet - Subnets blade, click +Subnet.
  7. 在“添加子网”边栏选项卡中,在“名称”处输入“私有”。On the Add subnet blade, for Name, enter Private. 在“地址范围”处输入“10.0.1.0/24”。For Address range, enter 10.0.1.0/24. 单击 “确定”Click OK.
  8. 在“myVnet - 子网”边栏选项卡中查看子网。On the myVnet - Subnets blade, review the subnets. 可以看到已创建的“公共”和“私有”子网。You can see the Public and Private subnets that you created.
  9. 可选:完成后续步骤下列出的其他教程,以便使用网络安全组筛选出进出每个子网的网络流量,以及通过网络虚拟设备路由子网之间的流量,或将虚拟网络连接到其他虚拟网络或本地网络。Optional: Complete additional tutorials listed under Next steps to filter network traffic in and out of each subnet with network security groups, to route traffic between subnets through a network virtual appliance, or to connect the virtual network to other virtual networks or on-premises networks.
  10. 可选:若要删除在本教程中创建的资源,请完成删除资源中所述的步骤。Optional: Delete the resources that you create in this tutorial by completing the steps in Delete resources.

Azure CLIAzure CLI

无论是从 Windows、 Linux 还是 macOS 执行命令,Azure CLI 命令都相同。Azure CLI commands are the same, whether you execute the commands from Windows, Linux, or macOS. 不过在操作系统 shell 之间存在脚本差异。However, there are scripting differences between operating system shells. 以下步骤中的脚本在 Bash shell 中执行。The script in the following steps executes in a Bash shell.

  1. 安装并配置 Azure CLIInstall and configure the Azure CLI. 确保已安装最新版本的 Azure CLI。Ensure you have the most recent version of the Azure CLI installed. 若要获取 CLI 命令的帮助,请键入 az <command> --helpTo get help for CLI commands, type az <command> --help. 请勿安装 CLI 及其必备组件,可使用 Azure Cloud Shell。Rather than installing the CLI and its pre-requisites, you can use the Azure Cloud Shell. Azure Cloud Shell 是可直接在 Azure 门户中运行的免费 Bash shell。The Azure Cloud Shell is a free Bash shell that you can run directly within the Azure portal. Cloud Shell 预安装有 Azure CLI 并将其配置为与帐户一起使用。The Cloud Shell has the Azure CLI preinstalled and configured to use with your account. 若要使用 Cloud Shell,请单击门户顶部的“Cloud Shell”(>_) 按钮,或者在后面的步骤中单击“试用”按钮。To use the Cloud Shell, click the Cloud Shell (>_) button at the top of the portal or just click the Try it button in the steps that follow.
  2. 如果在本地运行 CLI,请使用 az login 命令登录到 Azure。If running the CLI locally, log in to Azure with the az login command. 如果使用的是 Cloud Shell,则已经登录。If using the Cloud Shell, you're already logged in.
  3. 查看以下脚本及其注释。Review the following script and its comments. 在浏览器中,复制该脚本并将其粘贴到 CLI 会话中:In your browser, copy the script and paste it into your CLI session:

    #!/bin/bash
    
    # Create a resource group.
    az group create \
      --name myResourceGroup \
      --location eastus
    
    # Create a virtual network with one subnet named Public.
    az network vnet create \
      --name myVnet \
      --resource-group myResourceGroup \
      --subnet-name Public
    
    # Create an additional subnet named Private in the virtual network.
    az network vnet subnet create \
      --name Private \
      --address-prefix 10.0.1.0/24 \
      --vnet-name myVnet \
      --resource-group myResourceGroup
    
  4. 运行完脚本后,请查看虚拟网络的子网。When the script is finished running, review the subnets for the virtual network. 复制以下命令,并将其粘贴到 CLI 会话中:Copy the following command, and then paste it into your CLI session:

    az network vnet subnet list --resource-group myResourceGroup --vnet-name myVnet --output table
    
  5. 可选:完成后续步骤下列出的其他教程,以便使用网络安全组筛选出进出每个子网的网络流量,以及通过网络虚拟设备路由子网之间的流量,或将虚拟网络连接到其他虚拟网络或本地网络。Optional: Complete additional tutorials listed under Next steps to filter network traffic in and out of each subnet with network security groups, to route traffic between subnets through a network virtual appliance, or to connect the virtual network to other virtual networks or on-premises networks.

  6. 可选:若要删除在本教程中创建的资源,请完成删除资源中所述的步骤。Optional: Delete the resources that you create in this tutorial by completing the steps in Delete resources.

PowerShellPowerShell

  1. 安装最新版本的 PowerShell AzureRm 模块。Install the latest version of the PowerShell AzureRm module. 如果不熟悉 Azure PowerShell,请参阅 Azure PowerShell 概述If you're new to Azure PowerShell, see Azure PowerShell overview.
  2. 在 PowerShell 会话中,使用 login-azurermaccount 命令以 Azure 帐户登录到 Azure。In a PowerShell session, log in to Azure with your Azure account using the login-azurermaccount command.

  3. 查看以下脚本及其注释。Review the following script and its comments. 在浏览器中,复制该脚本并将其粘贴到 PowerShell 会话中:In your browser, copy the script and paste it into your PowerShell session:

    # Create a resource group.
    New-AzureRmResourceGroup `
      -Name myResourceGroup `
      -Location eastus
    
    # Create the public and private subnets.
    $Subnet1 = New-AzureRmVirtualNetworkSubnetConfig `
      -Name Public `
      -AddressPrefix 10.0.0.0/24
    $Subnet2 = New-AzureRmVirtualNetworkSubnetConfig `
      -Name Private `
      -AddressPrefix 10.0.1.0/24
    
    # Create a virtual network.
    $Vnet=New-AzureRmVirtualNetwork `
      -ResourceGroupName myResourceGroup `
      -Location eastus `
      -Name myVnet `
      -AddressPrefix 10.0.0.0/16 `
      -Subnet $Subnet1,$Subnet2
    
  4. 若要查看虚拟网络的子网,请复制以下命令,并将其粘贴到 PowerShell 会话中:To review the subnets for the virtual network, copy the following command, and then paste it into your PowerShell session:

    $Vnet.subnets | Format-Table Name, AddressPrefix
    
  5. 可选:完成后续步骤下列出的其他教程,以便使用网络安全组筛选出进出每个子网的网络流量,以及通过网络虚拟设备路由子网之间的流量,或将虚拟网络连接到其他虚拟网络或本地网络。Optional: Complete additional tutorials listed under Next steps to filter network traffic in and out of each subnet with network security groups, to route traffic between subnets through a network virtual appliance, or to connect the virtual network to other virtual networks or on-premises networks.

  6. 可选:若要删除在本教程中创建的资源,请完成删除资源中所述的步骤。Optional: Delete the resources that you create in this tutorial by completing the steps in Delete resources.

资源管理器模板Resource Manager template

可使用 Azure 资源管理器模板部署虚拟网络。You can deploy a virtual network by using an Azure Resource Manager template. 若要详细了解模板,请参阅什么是资源管理器To learn more about templates, see What is Resource Manager. 若要访问模板并了解其参数,请参阅创建包含两个子网的虚拟网络模板。To access the template and to learn about its parameters, see the Create a virtual network with two subnets template. 可以使用门户Azure CLIPowerShell 部署模板。You can deploy the template by using the portal, Azure CLI, or PowerShell.

部署模板后可选择执行的步骤:Optional steps after you deploy the template:

  1. 完成后续步骤下列出的其他教程,以便使用网络安全组筛选出进出每个子网的网络流量,以及通过网络虚拟设备路由子网之间的流量,或将虚拟网络连接到其他虚拟网络或本地网络。Complete additional tutorials listed under Next steps to filter network traffic in and out of each subnet with network security groups, to route traffic between subnets through a network virtual appliance, or to connect the virtual network to other virtual networks or on-premises networks.
  2. 若要删除在本教程中创建的资源,请完成删除资源任何子节中的步骤。Delete the resources that you create in this tutorial by completing the steps in any subsections of Delete resources.

Azure 门户Azure portal

  1. 在浏览器中打开模板页In your browser, open the template page.
  2. 单击“部署到 Azure”按钮。Click the Deploy to Azure button. 如果尚未登录到 Azure,请在显示的 Azure 门户登录屏幕中登录。If you're not already logged in to Azure, log in on the Azure portal login screen that appears.
  3. 使用 Azure 帐户登录到门户。Sign in to the portal by using your Azure account. 如果没有 Azure 帐户,可以注册免费试用版If you don't have an Azure account, you can sign up for a free trial.
  4. 输入以下参数值:Enter the following values for the parameters:

    参数Parameter Value
    订阅Subscription 选择订阅Select your subscription
    资源组Resource group myResourceGroupmyResourceGroup
    位置Location 选择一个位置Select a location
    VNet 名称Vnet Name myVnetmyVnet
    VNet 地址前缀Vnet Address Prefix 10.0.0.0/1610.0.0.0/16
    Subnet1PrefixSubnet1Prefix 10.0.0.0/2410.0.0.0/24
    Subnet1NameSubnet1Name 公共Public
    Subnet2PrefixSubnet2Prefix 10.0.1.0/2410.0.1.0/24
    Subnet2NameSubnet2Name PrivatePrivate
  5. 同意条款和条件,然后单击“购买”以部署虚拟网络。Agree to the terms and conditions, and then click Purchase to deploy the virtual network.

Azure CLIAzure CLI

  1. 安装并配置 Azure CLIInstall and configure the Azure CLI. 确保已安装最新版本的 Azure CLI。Ensure you have the most recent version of the Azure CLI installed. 若要获取 CLI 命令的帮助,请键入 az <command> --helpTo get help for CLI commands, type az <command> --help. 请勿安装 CLI 及其必备组件,可使用 Azure Cloud Shell。Rather than installing the CLI and its pre-requisites, you can use the Azure Cloud Shell. Azure Cloud Shell 是可直接在 Azure 门户中运行的免费 Bash shell。The Azure Cloud Shell is a free Bash shell that you can run directly within the Azure portal. Cloud Shell 预安装有 Azure CLI 并将其配置为与帐户一起使用。The Cloud Shell has the Azure CLI preinstalled and configured to use with your account. 若要使用 Cloud Shell,请单击门户顶部的“Cloud Shell”>_ 按钮,或者在后面的步骤中单击“试用”按钮。To use the Cloud Shell, click the Cloud Shell >_ button at the top of the portal, or just click the Try it button in the steps that follow.
  2. 如果在本地运行 CLI,请使用 az login 命令登录到 Azure。If running the CLI locally, log in to Azure with the az login command. 如果使用的是 Cloud Shell,则已经登录。If using the Cloud Shell, you're already logged in.
  3. 若要为虚拟网络创建资源组,请复制以下命令,并将其粘贴到 CLI 会话中:To create a resource group for the virtual network, copy the following command and paste it into your CLI session:

    az group create --name myResourceGroup --location eastus
    
  4. 可以使用下列参数选项之一来部署模板:You can deploy the template by using one of the following parameters options:

    • 默认参数值。Default parameter values. 输入以下命令:Enter the following command:

      az group deployment create --resource-group myResourceGroup --name VnetTutorial --template-uri https://raw.githubusercontent.com/azure/azure-quickstart-templates/master/101-vnet-two-subnets/azuredeploy.json`
      
    • 自定义参数值。Custom parameter values. 在部署模板之前,下载并修改模板。Download and modify the template before you deploy the template. 还可以通过在命令行使用参数来部署模板,或使用单独的参数文件部署模板。You also can deploy the template by using parameters at the command line, or deploy the template with a separate parameters file. 若要下载模板和参数文件,请在创建包含两个子网的虚拟网络模板页上单击“在 GitHub 上浏览”按钮。To download the template and parameters files, click the Browse on GitHub button on the Create a virtual network with two subnets template page. 在 GitHub 中单击“azuredeploy.parameters.json”或“azuredeploy.json”文件。In GitHub, click the azuredeploy.parameters.json or azuredeploy.json file. 然后,单击“Raw”按钮以显示该文件。Then, click the Raw button to display the file. 在浏览器中,复制文件的内容。In your browser, copy the contents of the file. 将内容保存至计算机上的文件。Save the contents to a file on your computer. 可以修改模板中的参数值,或使用单独的参数文件部署模板。You can modify the parameter values in the template, or deploy the template with a separate parameters file.

      若要详细了解如何使用这些方法部署模板,请键入 az group deployment create --helpTo learn more about how to deploy templates by using these methods, type az group deployment create --help.

PowerShellPowerShell

  1. 安装最新版本的 PowerShell AzureRm 模块。Install the latest version of the PowerShell AzureRm module. 如果不熟悉 Azure PowerShell,请参阅 Azure PowerShell 概述If you're new to Azure PowerShell, see Azure PowerShell overview.
  2. 在 PowerShell 会话中,若要使用 Azure 帐户登录,请输入 login-azurermaccountIn a PowerShell session, to sign in with your Azure account, enter login-azurermaccount.
  3. 若要为虚拟网络创建资源组,请输入以下命令:To create a resource group for the virtual network, enter the following command:

    New-AzureRmResourceGroup -Name myResourceGroup -Location eastus
    
  4. 可以使用下列参数选项之一来部署模板:You can deploy the template by using one of the following parameters options:

    • 默认参数值。Default parameter values. 输入以下命令:Enter the following command:

      New-AzureRmResourceGroupDeployment -Name VnetTutorial -ResourceGroupName myResourceGroup -TemplateUri https://raw.githubusercontent.com/azure/azure-quickstart-templates/master/101-vnet-two-subnets/azuredeploy.json
      
    • 自定义参数值。Custom parameter values. 在部署模板之前,下载并修改模板。Download and modify the template before you deploy it. 还可以通过在命令行使用参数来部署模板,或使用单独的参数文件部署模板。You also can deploy the template by using parameters at the command line, or deploy the template with a separate parameters file. 若要下载模板和参数文件,请在创建包含两个子网的虚拟网络模板页上单击“在 GitHub 上浏览”按钮。To download the template and parameters files, click the Browse on GitHub button on the Create a virtual network with two subnets template page. 在 GitHub 中单击“azuredeploy.parameters.json”或“azuredeploy.json”文件。In GitHub, click the azuredeploy.parameters.json or azuredeploy.json file. 然后,单击“Raw”按钮以显示该文件。Then, click the Raw button to display the file. 在浏览器中,复制文件的内容。In your browser, copy the contents of the file. 将内容保存至计算机上的文件。Save the contents to a file on your computer. 可以修改模板中的参数值,或使用单独的参数文件部署模板。You can modify the parameter values in the template, or deploy the template with a separate parameters file.

      若要详细了解如何使用这些方法部署模板,请键入 Get-Help New-AzureRmResourceGroupDeploymentTo learn more about how to deploy templates by using these methods, type Get-Help New-AzureRmResourceGroupDeployment.

删除资源Delete resources

完成本教程后,可以删除创建的资源,以免产生使用费。When you finish this tutorial, you might want to delete the resources that you created, so that you don't incur usage charges. 删除资源组会删除其中包含的所有资源。Deleting a resource group also deletes all resources that are in the resource group.

Azure 门户Azure portal

  1. 在门户的搜索框中,输入 myResourceGroupIn the portal search box, enter myResourceGroup. 在搜索结果中,单击“myResourceGroup”。In the search results, click myResourceGroup.
  2. 在“myResourceGroup”边栏选项卡中,单击“删除”图标。On the myResourceGroup blade, click the Delete icon.
  3. 若要确认删除,请在“键入资源组名称”框中输入 myResourceGroup,然后单击“删除”。To confirm the deletion, in the TYPE THE RESOURCE GROUP NAME box, enter myResourceGroup, and then click Delete.

Azure CLIAzure CLI

在 CLI 会话中输入以下命令:In a CLI session, enter the following command:

az group delete --name myResourceGroup --yes

PowerShellPowerShell

在 PowerShell 会话中输入以下命令:In a PowerShell session, enter the following command:

Remove-AzureRmResourceGroup -Name myResourceGroup -Force

后续步骤Next steps