Azure Load Balancer 元件Azure Load Balancer components

Azure Load Balancer 包含幾個主要元件。Azure Load Balancer includes a few key components. 您可以透過下列方式,在您的訂用帳戶中設定這些元件:These components can be configured in your subscription via:

  • Azure 入口網站Azure portal
  • Azure CLIAzure CLI
  • Azure PowerShellAzure PowerShell
  • Resource Manager 範本Resource Manager Templates

前端 IP 設定 Frontend IP configuration

Azure Load Balancer 的 IP 位址。The IP address of your Azure Load Balancer. 這是用戶端的連絡點。It's the point of contact for clients. 這些 IP 位址可以是:These IP addresses can be either:

  • 公用 IP 位址Public IP Address
  • 私人 IP 位址Private IP Address

IP 位址的性質會決定所建立負載平衡器的類型The nature of the IP address determines the type of load balancer created. 選取私人 IP 位址會建立內部負載平衡器。Private IP address selection creates an internal load balancer. 選取公用 IP 位址會建立公用負載平衡器。Public IP address selection creates a public load balancer.

公用 Load BalancerPublic Load Balancer 內部負載平衡器Internal Load Balancer
前端 IP 設定Frontend IP configuration 公用 IP 位址Public IP address 私人 IP 位址Private IP address
說明Description 公用負載平衡器會將傳入流量的公用 IP 和連接埠對應至 VM 的私人 IP 和連接埠。A public load balancer maps the public IP and port of incoming traffic to the private IP and port of the VM. 對於來自 VM 的回應流量,負載平衡器會以相反的方式對應流量。Load balancer maps traffic the other way around for the response traffic from the VM. 您可以套用負載平衡規則,以將特定類型的流量分散至多個 VM 或服務。You can distribute specific types of traffic across multiple VMs or services by applying load-balancing rules. 例如,您可以將 Web 要求的流量負載分散在多個 Web 伺服器。For example, you can spread the load of web request traffic across multiple web servers. 內部負載平衡器會將流量分散到虛擬網路內的資源。An internal load balancer distributes traffic to resources that are inside a virtual network. Azure 會限制存取虛擬網路的負載平衡前端 IP 位址。Azure restricts access to the frontend IP addresses of a virtual network that are load balanced. 前端 IP 位址與虛擬網路絕不會直接公開至網際網路端點。Front-end IP addresses and virtual networks are never directly exposed to an internet endpoint. 內部企業營運應用程式會在 Azure 中執行,並且可從 Azure 內或內部部署資源內存取。Internal line-of-business applications run in Azure and are accessed from within Azure or from on-premises resources.
支援的 SKUSKUs supported 基本和標準Basic, Standard 基本和標準Basic, Standard

分層式負載平衡器範例

Load Balancer 可以有多個前端 Ip。Load Balancer can have multiple frontend IPs. 深入瞭解 多個前端Learn more about multiple frontends.

後端集區Backend pool

將會為傳入要求提供服務的一組虛擬機器或虛擬機器擴展集中的執行個體。The group of virtual machines or instances in a virtual machine scale set that is serving the incoming request. 若要以符合成本效益的方式進行擴充,以滿足大量的傳入流量運算,計算指導方針通常會建議您在後端集區中新增更多執行個體。To scale cost-effectively to meet high volumes of incoming traffic, computing guidelines generally recommend adding more instances to the backend pool.

當您擴大或縮小執行個體時,負載平衡器會立即透過自動重新設定功能來自行重新設定。Load balancer instantly reconfigures itself via automatic reconfiguration when you scale instances up or down. 從後端集區新增或移除 VM 會重新設定負載平衡器,而不需要進行其他作業。Adding or removing VMs from the backend pool reconfigures the load balancer without additional operations. 後端集區的範圍是虛擬網路中的任何虛擬機器。The scope of the backend pool is any virtual machine in the virtual network.

在考量如何設計您的後端集區時,可以將最少量的個別後端集區資源作為設計原則,以最佳化執行管理作業所需的時間。When considering how to design your backend pool, design for the least number of individual backend pool resources to optimize the length of management operations. 在資料平面的效能或規模方面沒有任何差異。There's no difference in data plane performance or scale.

健康狀態探查Health probes

健康情況探查可用來判斷後端集區中執行個體的健全狀態。A health probe is used to determine the health status of the instances in the backend pool. 在建立負載平衡器期間,設定負載平衡器使用的健康狀態探查。During load balancer creation, configure a health probe for the load balancer to use. 此健康狀態探查會判斷執行個體是否狀況良好,並且可接收流量。This health probe will determine if an instance is healthy and can receive traffic.

您可以為健康情況探查定義狀況不良臨界值。You can define the unhealthy threshold for your health probes. 當探查無法回應時,負載平衡器會停止傳送新的連線至狀況不良的執行個體。When a probe fails to respond, Load Balancer stops sending new connections to the unhealthy instances. 探查失敗不會影響現有的連線。A probe failure doesn't affect existing connections. 連線會繼續進行,直到應用程式:The connection continues until the application:

  • 結束流程Ends the flow
  • 發生閒置逾時Idle timeout occurs
  • VM 關機The VM shuts down

Load Balancer 會為以下端點提供不同的健康情況探查類型:TCP、HTTP 和 HTTPS。Load Balancer provides different health probe types for endpoints: TCP, HTTP, and HTTPS. 深入瞭解 Load Balancer 健康情況探查Learn more about Load Balancer Health probes.

基本 Load Balancer 不支援 HTTPS 探查。Basic Load Balancer doesn't support HTTPS probes. 基本 Load Balancer 會關閉所有 TCP 連線 (包括已建立的連線)。Basic Load Balancer closes all TCP connections (including established connections).

負載平衡規則Load Balancing rules

Load Balancer 規則可用來定義要如何將傳入流量散發給後端集區內的所有執行個體。A Load Balancer rule is used to define how incoming traffic is distributed to the all the instances within the Backend Pool. 負載平衡規則會將指定的前端 IP 組態和連接埠對應至多個後端 IP 位址和連接埠。A load-balancing rule maps a given Frontend IP configuration and port to multiple backend IP addresses and ports.

例如,使用連接埠 80 的負載平衡規則,會將來自前端 IP 的流量路由傳送至後端執行個體的連接埠 80。For example, use a load balancing rule for port 80 to route traffic from your frontend IP to port 80 of your backend instances.

Figure depicts how Azure Load Balancer directs frontend port 80 to three instances of backend port 80.

圖:負載平衡規則Figure: Load Balancing rules

高可用性連接埠High Availability Ports

'protocol - all and port - 0' 設定的負載平衡器規則。A load balancer rule configured with 'protocol - all and port - 0'.

此規則會啟用單一規則,讓抵達內部 Standard Load Balancer 所有連接埠的所有 TCP 和 UDP 流量進行負載平衡。This rule enables a single rule to load-balance all TCP and UDP flows that arrive on all ports of an internal Standard Load Balancer.

每次都會針對流量進行負載平衡決策。The load-balancing decision is made per flow. 此動作是以下列的五元組連線為基礎:This action is based on the following five-tuple connection:

  1. 來源 IP 位址source IP address
  2. 來源連接埠source port
  3. 目的地 IP 位址destination IP address
  4. 目的地連接埠destination port
  5. protocolprotocol

HA 連接埠負載平衡規則可協助您處理重要的使用案例,例如虛擬網路中網路虛擬裝置 (NVA) 的高可用性和規模調整。The HA ports load-balancing rules help you with critical scenarios, such as high availability and scale for network virtual appliances (NVAs) inside virtual networks. 此功能可以在必須對大量連接埠進行負載平衡時提供協助。The feature can help when a large number of ports must be load-balanced.

Figure depicts how Azure Load Balancer directs all frontend ports to three instances of all backend ports

圖:HA 連接埠規則Figure: HA Ports rules

深入了解 HA 連接埠Learn more about HA ports.

傳入的 NAT 規則Inbound NAT rules

輸入 NAT 規則會轉寄傳送到前端 IP 位址與連接埠組合的連入流量。An inbound NAT rule forwards incoming traffic sent to Frontend IP address and port combination. 流量會傳送至後端集區中的特定虛擬機器或執行個體。The traffic is sent to a specific virtual machine or instance in the backend pool. 連接埠轉送作業會使用與負載平衡相同的雜湊式分送來完成。Port forwarding is done by the same hash-based distribution as load balancing.

例如,如果您想要讓遠端桌面通訊協定 (RDP) 或安全殼層 (SSH) 工作階段分隔後端集區中的 VM 執行個體。For example, if you would like Remote Desktop Protocol (RDP) or Secure Shell (SSH) sessions to separate VM instances in a backend pool. 您可以將多個內部端點對應至相同前端 IP 位址的連接埠。Multiple internal endpoints can be mapped to ports on the same Frontend IP address. 前端 IP 位址可以從遠端管理 VM,而不需要額外的 jumpbox。The Frontend IP addresses can be used to remotely administer your VMs without an additional jump box.

Figure depicts how Azure Load Balancer directs frontend ports 3389, 443, and 80 to backend ports with the same values on separate servers.

圖:輸入 NAT 規則Figure: Inbound NAT rules

虛擬機器擴展集內容中的輸入 NAT 規則是輸入 NAT 集區。Inbound NAT rules in the context of Virtual Machine Scale Sets are inbound NAT pools. 深入了解 Load Balancer 元件和虛擬機器擴展集Learn more about Load Balancer components and virtual machine scale set.

輸出規則Outbound rules

輸出規則會針對後端集區所識別的所有虛擬機器或執行個體設定輸出網路位址轉譯 (NAT)。An outbound rule configures outbound Network Address Translation (NAT) for all virtual machines or instances identified by the backend pool. 此規則可讓後端中的執行個體與網際網路或其他端點通訊 (輸出)。This rule enables instances in the backend to communicate (outbound) to the internet or other endpoints.

深入瞭解 輸出連線和規則Learn more about outbound connections and rules.

基本負載平衡器不支援輸出規則。Basic load balancer doesn't support Outbound rules.

後續步驟Next steps