規劃 IP 定址Plan for IP addressing

您的組織務必規劃 Azure 中的 IP 位址,以確保在內部部署位置和 Azure 區域之間的 IP 位址空間不會重迭。It's vital that your organization plans for IP addressing in Azure to ensure that the IP address space doesn't overlap across on-premises locations and Azure regions.

設計考慮:Design considerations:

  • 跨內部部署和 Azure 區域的 IP 位址空間重迭會造成重大的爭用挑戰。Overlapping IP address spaces across on-premises and Azure regions will create major contention challenges.

  • 您可以在建立虛擬網路之後新增位址空間。You can add address space after you create a virtual network. 如果虛擬網路已透過虛擬網路對等互連連線到另一個虛擬網路,則此程式需要中斷,因為對等互連必須刪除再重新建立。This process requires an outage if the virtual network is already connected to another virtual network via virtual network peering because the peering must be deleted and re-created.

  • Azure 會在每個子網中保留5個 IP 位址。Azure reserves five IP addresses within each subnet. 當您要調整虛擬網路和包含的子網大小時,這些位址中的因素。Factor in those addresses when you're sizing virtual networks and encompassed subnets.

  • 某些 Azure 服務需要 專用子網Some Azure services require dedicated subnets. 這些服務包括 Azure 防火牆和 Azure VPN 閘道。These services include Azure Firewall and Azure VPN Gateway.

  • 您可以將子網委派給特定服務,以在子網內建立服務的實例。You can delegate subnets to certain services to create instances of a service within the subnet.

設計建議:Design recommendations:

  • 事先規劃跨 Azure 區域與內部部署位置的非重迭 IP 位址空間。Plan for non-overlapping IP address spaces across Azure regions and on-premises locations well in advance.

  • 使用私人網際網路位址配置中的 IP 位址 (RFC 1918) 。Use IP addresses from the address allocation for private internets (RFC 1918).

  • 針對可用性有限的私人 IP 位址 (RFC 1918) 的環境,請考慮使用 IPv6。For environments that have limited availability of private IP addresses (RFC 1918), consider using IPv6.

  • 請勿建立非必要的大型虛擬網路 (例如, /16) 確保 IP 位址空間不會浪費。Don't create unnecessarily large virtual networks (for example, /16) to ensure that IP address space isn't wasted.

  • 請勿事先規劃所需的位址空間,而不建立虛擬網路。Don't create virtual networks without planning the required address space in advance. 新增位址空間將會在透過虛擬網路對等互連連線虛擬網路之後,導致中斷。Adding address space will cause an outage after a virtual network is connected via virtual network peering.

  • 請勿將公用 IP 位址用於虛擬網路,特別是如果公用 IP 位址不屬於您的組織。Don't use public IP addresses for virtual networks, especially if the public IP addresses don't belong to your organization.