Load Balancer 常見問題Load Balancer frequently asked questions

有哪些類型的 Load Balancer 存在?What types of Load Balancer exist?

內部負載平衡器,可平衡 VNET 內的流量和外部負載平衡器,以平衡進出網際網路連線端點的流量。Internal load balancers which balance traffic within a VNET and external load balancers which balance traffic to and from an internet connected endpoint. 如需詳細資訊,請參閱 Load Balancer 類型For more information, see Load Balancer Types.

針對這兩種類型,Azure 提供基本 SKU 和標準 SKU,具有不同的功能、效能、安全性和健康情況追蹤功能。For both these types, Azure offers a Basic SKU and Standard SKU that have different functional, performance, security and health tracking capabilities. 這些差異會在我們的 SKU 比較 文章中說明。These differences are explained in our SKU Comparison article.

如何從基本升級至 Standard Load Balancer?How can I upgrade from a Basic to a Standard Load Balancer?

如需有關升級 Load Balancer SKU 的自動化腳本和指引,請參閱 從基本升級至標準版 文章。See the upgrade from Basic to Standard article for an automated script and guidance on upgrading a Load Balancer SKU.

Azure 中的不同負載平衡選項有哪些?What are the different load-balancing options in Azure?

請參閱 負載平衡器技術指南 ,以取得可用的負載平衡服務和每個服務的建議用途。See the load balancer technology guide for the available load-balancing services and recommended uses for each.

我可以在哪裡找到 Load Balancer ARM 範本?Where can I find Load Balancer ARM templates?

請參閱常見部署的 ARM 範本 Azure Load Balancer 快速入門範本清單See the list of Azure Load Balancer quickstart templates for ARM templates of common deployments.

輸入 NAT 規則與負載平衡規則有何不同?How are inbound NAT rules different from load-balancing rules?

NAT 規則可用來指定要路由傳送流量的後端資源。NAT rules are used to specify a backend resource to route traffic to. 例如,設定特定負載平衡器埠,以將 RDP 流量傳送至特定的 VM。For example, configuring a specific load balancer port to send RDP traffic to a specific VM. 負載平衡規則可用來指定要將流量路由傳送至其中的後端資源集區,以平衡每個實例之間的負載。Load-balancing rules are used to specify a pool of backend resources to route traffic to, balancing the load across each instance. 例如,負載平衡器規則可將負載平衡器埠80上的 TCP 封包路由傳送到 web 伺服器的集區。For example, a load balancer rule can route TCP packets on port 80 of the load balancer across a pool of web servers.

什麼是 IP 168.63.129.16?What is IP 168.63.129.16?

標示為 Azure 基礎結構的主機虛擬 IP 位址,Load Balancer Azure 健康情況探查的來源。The virtual IP address for the host tagged as the Azure infrastructure Load Balancer where the Azure Health Probes originate. 設定後端實例時,它們必須允許來自此 IP 位址的流量成功回應健康情況探查。When configuring backend instances, they must allow traffic from this IP address to successfully respond to health probes. 此規則不會與您的 Load Balancer 前端存取進行互動。This rule does not interact with access to your Load Balancer frontend. 如果您不是使用 Azure Load Balancer,可以覆寫此規則。If you're not using the Azure Load Balancer, you can override this rule. 您可以在 這裡深入瞭解服務標記。You can learn more about service tags here.

我可以搭配基本 Load Balancer 使用全域 VNet 對等互連嗎?Can I use Global VNet peering with Basic Load Balancer?

不會。No. 基本 Load Balancer 不支援全域 VNET 對等互連。Basic Load Balancer does not support Global VNET peering. 您可以改用 Standard Load Balancer。You can use a Standard Load Balancer instead. 如需順暢的升級,請參閱 從基本升級至標準版 文章。See the upgrade from Basic to Standard article for seamless upgrade.

如何探索 Azure VM 使用的公用 IP?How can I discover the public IP that an Azure VM uses?

有許多方式可判斷輸出連線的公用來源 IP 位址。There are many ways to determine the public source IP address of an outbound connection. OpenDNS 提供可顯示您 VM 公用 IP 位址的服務。OpenDNS provides a service that can show you the public IP address of your VM. 藉由使用 nslookup 命令,您便可以將名稱 myip.opendns.com 的 DNS 查詢傳送給 OpenDNS 解析程式。By using the nslookup command, you can send a DNS query for the name myip.opendns.com to the OpenDNS resolver. 服務會傳回用來傳送查詢的來源 IP 位址。The service returns the source IP address that was used to send the query. 當您從 VM 執行下列查詢時,回應會是用於該 VM 的公用 IP:When you run the following query from your VM, the response is the public IP used for that VM:

nslookup myip.opendns.com resolver1.opendns.com

我可以從相同的可用性設定組,將 VM 新增至 Load Balancer 的不同後端集區嗎?Can I add a VM from the same availability set to different backend pools of a Load Balancer?

不會,並不會發生這樣的事。No, this is not possible.

透過 Azure Load Balancer 可以達到的最大資料輸送量為何?What is the maximum data throughput that can be achieved via an Azure Load Balancer?

由於 Azure LB 是一個傳遞網路負載平衡器,因此輸送量限制是由後端集區中使用的虛擬機器類型所決定。Since Azure LB is a pass-through network load balancer, throughput limitations are dictated by the type of virtual machine used in the backend pool. 若要瞭解其他網路輸送量的相關資訊,請參閱 虛擬機器的網路輸送量To learn about other network throughput related information refer to Virtual Machine network throughput.

相同區域中 Azure 儲存體的連接如何運作?How do connections to Azure Storage in the same region work?

您不需要連線到與 VM 同區域的儲存體,即可透過上述案例獲得輸出連線。Having outbound connectivity via the scenarios above is not necessary to connect to Storage in the same region as the VM. 如果不想此連線,請使用如前文所述的網路安全性群組 (NSG)。If you do not want this, use network security groups (NSGs) as explained above. 如需其他區域的儲存體連線,則需要有輸出連線能力。For connectivity to Storage in other regions, outbound connectivity is required. 請注意,從同區域的 VM 連線到儲存體時,儲存體診斷記錄中來源 IP 位址會是內部提供者的位址,而不是 VM 的公用 IP 位址。Please note that when connecting to Storage from a VM in the same region, the source IP address in the Storage diagnostic logs will be an internal provider address, and not the public IP address of your VM. 如果希望要將儲存體帳戶的存取,限制在同區域一或多個虛擬網路子網路中的 VM,請在設定儲存體帳戶防火牆時,使用虛擬網路服務端點,且不要使用公用 IP 位址。If you wish to restrict access to your Storage account to VMs in one or more Virtual Network subnets in the same region, use Virtual Network service endpoints and not your public IP address when configuring your storage account firewall. 設定好服務端點之後,您就會在儲存體診斷記錄中看到虛擬網路私人 IP 位址,而不是內部提供者的位址。Once service endpoints are configured, you will see your Virtual Network private IP address in your Storage diagnostic logs and not the internal provider address.

Azure Load Balancer 是否支援 TLS/SSL 終止?Does Azure Load Balancer support TLS/SSL termination?

否,Azure Load Balancer 目前不支援終止,因為它是通過網路負載平衡器。No, Azure Load Balancer doesn't currently support termination as it is a pass through network load balancer. 如果您的應用程式需要,應用程式閘道可能是可能的解決方案。Application Gateway could be a potential solution if your application requires this.

關於輸出連線能力的最佳做法為何?What are best practises with respect to outbound connectivity?

Standard Load Balancer 和標準公用 IP 引進輸出連線能力和不同行為。Standard Load Balancer and Standard Public IP introduces abilities and different behaviors to outbound connectivity. 這些與基本 SKU 不同。They are not the same as Basic SKUs. 如果您想要在使用標準 SKU 時輸出連線,您必須使用標準公用 IP 位址或標準公用 Load Balancer 明確定義該連線。If you want outbound connectivity when working with Standard SKUs, you must explicitly define it either with Standard Public IP addresses or Standard public Load Balancer. 這包括在使用內部 Standard Load Balancer 時建立輸出連線。This includes creating outbound connectivity when using an internal Standard Load Balancer. 建議您一律使用標準公用 Load Balancer 的輸出規則。We recommend you always use outbound rules on a Standard public Load Balancer. 這表示當使用內部 Standard Load Balancer 時,如果想要使用輸出連線能力,您需要採取步驟來為後端集區中的 VM 建立輸出連線能力。That means when an internal Standard Load Balancer is used, you need to take steps to create outbound connectivity for the VMs in the backend pool if outbound connectivity is desired. 在輸出連線的內容中,單一獨立 VM (可用性設定組中的所有 VM),VMSS 中的所有實例會以群組的方式運作。In the context of outbound connectivity,a single standalone VM, all the VM's in an Availability Set, all the instances in a VMSS behave as a group. 這表示,如果可用性設定組中的單一 VM 與標準 SKU 相關聯,則此時可用性設定組內的所有 VM 執行個體行為會遵循相同的規則,就如同與標準 SKU 相關聯一般,雖然個別執行個體並非直接與它相關聯。This means, if a single VM in an Availability Set is associated with a Standard SKU, all VM instances within this Availability Set now behave by the same rules as if they are associated with Standard SKU, even if an individual instance is not directly associated with it. 當獨立 VM 有多張網路介面卡連接到負載平衡器時,也會出現這樣的行為。This behavior is also observed in the case of a standalone VM with multiple network interface cards attached to a load balancer. 如果單獨新增一張 NIC,就會出現相同的行為。If one NIC is added as a standalone, it will have the same behavior. 請仔細檢閱這整份文件了解整體概念,檢閱 Standard Load Balancer 了解 SKU 之間的差異,並檢閱輸出規則Carefully review this entire document to understand the overall concepts, review Standard Load Balancer for differences between SKUs, and review outbound rules. 使用輸出規則可讓您細部控制輸出連線的所有層面。Using outbound rules allows you fine grained control over all aspects of outbound connectivity.

後續步驟Next Steps

如果上面未列出您的問題,請傳送有關此頁面的意見反應給您的問題。If your question is not listed above, please send feedback about this page with your question. 這會為產品小組建立 GitHub 問題,以確保所有的重要客戶問題都會獲得解答。This will create a GitHub issue for the product team to ensure all of our valued customer questions are answered.