使用 Azure CLI 建立採用 IPv6 的公用負載平衡器Create a public load balancer with IPv6 using Azure CLI

注意

本文說明可讓基本負載平衡器提供 IPv4 和 IPv6 連線的簡介 IPv6 功能。This article describes an introductory IPv6 feature to allow Basic Load Balancers to provide both IPv4 and IPv6 connectivity. Ipv6 For Azure vnet現已提供完整的 ipv6 連線,可整合 ipv6 連線與您的虛擬網路,並包含 Ipv6 網路安全性群組規則、ipv6 使用者定義路由、ipv6 基本和標準負載平衡等主要功能。Comprehensive IPv6 connectivity is now available with IPv6 for Azure VNETs which integrates IPv6 connectivity with your Virtual Networks and includes key features such as IPv6 Network Security Group rules, IPv6 User-defined routing, IPv6 Basic and Standard load balancing, and more. 適用于 Azure Vnet 的 IPv6 是 Azure 中 IPv6 應用程式的建議標準。IPv6 for Azure VNETs is the recommended standard for IPv6 applications in Azure. 請參閱 IPv6 以進行 AZURE VNET Powershell 部署See IPv6 for Azure VNET Powershell Deployment

Azure 負載平衡器是第 4 層 (TCP、UDP) 負載平衡器。An Azure load balancer is a Layer-4 (TCP, UDP) load balancer. 負載平衡器可藉由在負載平衡器集合中,將連入流量分散於雲端服務或虛擬機器中狀況良好的服務執行個體之間,來提供高可用性。Load balancers provide high availability by distributing incoming traffic among healthy service instances in cloud services or virtual machines in a load balancer set. 負載平衡器也會在多個連接埠或多個 IP 位址 (或兩者) 上顯示這些服務。Load balancers can also present these services on multiple ports or multiple IP addresses or both.

範例部署案例Example deployment scenario

下圖說明使用本文所述範例範本部署的負載平衡解決方案。The following diagram illustrates the load balancing solution that's deployed by using the example template described in this article.

負載平衡器案例

在此案例中,您將建立下列 Azure 資源:In this scenario, you create the following Azure resources:

  • 兩部虛擬機器 (VM)Two virtual machines (VMs)
  • 虛擬網路介面,用於每個已指派 IPv4 和 IPv6 位址的 VMA virtual network interface for each VM with both IPv4 and IPv6 addresses assigned
  • 配置有 IPv4 和 IPv6 公用 IP 位址的公用負載平衡器A public load balancer with an IPv4 and an IPv6 public IP address
  • 包含兩個 VM 的可用性設定組An availability set that contains the two VMs
  • 兩個負載平衡規則,用以對應公用 VIP 至私人端點Two load balancing rules to map the public VIPs to the private endpoints

使用 Azure CLI 來部署解決方案Deploy the solution by using Azure CLI

下列步驟說明如何使用 Azure CLI 建立公用負載平衡器。The following steps show how to create a public load balancer by using Azure CLI. 使用 CLI 時,您會個別建立並設定物件,然後將它們放在一起來建立資源。Using CLI, you create and configure each object individually, and then put them together to create a resource.

若要部署負載平衡器,請建立並設定下列物件:To deploy a load balancer, create and configure the following objects:

  • 前端 IP 組態:包含傳入網路流量的公用 IP 位址。Front-end IP configuration: Contains public IP addresses for incoming network traffic.
  • 後端位址集區:包含虛擬機器的網路介面 (NIC),可從負載平衡器接收網路流量。Back-end address pool: Contains network interfaces (NICs) for the virtual machines to receive network traffic from the load balancer.
  • 負載平衡規則:包含將負載平衡器上的公用連接埠對應至後端位址集區中的連接埠的規則。Load balancing rules: Contains rules that map a public port on the load balancer to a port in the back-end address pool.
  • 輸入 NAT 規則:包含網路位址轉譯 (NAT) 規則,可將負載平衡器上的公用連接埠對應至後端位址集區中特定虛擬機器的連接埠。Inbound NAT rules: Contains network address translation (NAT) rules that map a public port on the load balancer to a port for a specific virtual machine in the back-end address pool.
  • 探查:包含用來檢查後端位址集區中虛擬機器執行個體可用性的健全狀況探查。Probes: Contains health probes that are used to check the availability of virtual machine instances in the back-end address pool.

設定 Azure CLISet up Azure CLI

在此範例中,您會在 PowerShell 命令視窗中執行 Azure CLI 工具。In this example, you run the Azure CLI tools in a PowerShell command window. 若要改善可讀性與重複使用,您可以使用 PowerShell 的指令碼處理功能而非 Azure PowerShell Cmdlet。To improve readability and reuse, you use PowerShell's scripting capabilities, not the Azure PowerShell cmdlets.

  1. 安裝和設定 Azure CLI,方法是遵循所連結文章內的步驟並登入 Azure 帳戶。Install and Configure the Azure CLI by following the steps in the linked article and sign in to your Azure account.

  2. 設定 PowerShell 變數以搭配使用 Azure CLI 命令:Set up PowerShell variables for use with the Azure CLI commands:

    $subscriptionid = "########-####-####-####-############"  # enter subscription id
    $location = "southcentralus"
    $rgName = "pscontosorg1southctrlus09152016"
    $vnetName = "contosoIPv4Vnet"
    $vnetPrefix = "10.0.0.0/16"
    $subnet1Name = "clicontosoIPv4Subnet1"
    $subnet1Prefix = "10.0.0.0/24"
    $subnet2Name = "clicontosoIPv4Subnet2"
    $subnet2Prefix = "10.0.1.0/24"
    $dnsLabel = "contoso09152016"
    $lbName = "myIPv4IPv6Lb"
    

建立資源群組、負載平衡器、虛擬網路和子網路Create a resource group, a load balancer, a virtual network, and subnets

  1. 建立資源群組:Create a resource group:

    az group create --name $rgName --location $location
    
  2. 建立負載平衡器:Create a load balancer:

    $lb = az network lb create --resource-group $rgname --location $location --name $lbName
    
  3. 建立虛擬網路:Create a virtual network:

    $vnet = az network vnet create  --resource-group $rgname --name $vnetName --location $location --address-prefixes $vnetPrefix
    
  4. 在此虛擬網路中,建立兩個子網路:In this virtual network, create two subnets:

    $subnet1 = az network vnet subnet create --resource-group $rgname --name $subnet1Name --address-prefix $subnet1Prefix --vnet-name $vnetName
    $subnet2 = az network vnet subnet create --resource-group $rgname --name $subnet2Name --address-prefix $subnet2Prefix --vnet-name $vnetName
    

建立前端集區的公用 IP 位址Create public IP addresses for the front-end pool

  1. 設定 PowerShell 變數:Set up the PowerShell variables:

    $publicIpv4Name = "myIPv4Vip"
    $publicIpv6Name = "myIPv6Vip"
    
  2. 建立前端集區的公用 IP 位址:Create a public IP address for the front-end IP pool:

    $publicipV4 = az network public-ip create --resource-group $rgname --name $publicIpv4Name --location $location --version IPv4 --allocation-method Dynamic --dns-name $dnsLabel
    $publicipV6 = az network public-ip create --resource-group $rgname --name $publicIpv6Name --location $location --version IPv6 --allocation-method Dynamic --dns-name $dnsLabel
    

    重要

    負載平衡器會使用公用 IP 的網域標籤作為其完整網域名稱 (FQDN)。The load balancer uses the domain label of the public IP as its fully qualified domain name (FQDN). 這是一項來自傳統部署的變更,該部署使用雲端服務名稱作為負載平衡器 FQDN。This a change from classic deployment, which uses the cloud service name as the load balancer FQDN.

    在此範例中,FQDN 是 contoso09152016.southcentralus.cloudapp.azure.comIn this example, the FQDN is contoso09152016.southcentralus.cloudapp.azure.com.

建立前端和後端集區Create front-end and back-end pools

在本節中,您會建立下列 IP 集區:In this section, you create the following IP pools:

  • 前端 IP 集區,接收負載平衡器上的連入網路流量。The front-end IP pool that receives the incoming network traffic on the load balancer.
  • 後端 IP 集區,前端集區在其中傳送負載平衡網路流量。The back-end IP pool where the front-end pool sends the load-balanced network traffic.
  1. 設定 PowerShell 變數:Set up the PowerShell variables:

    $frontendV4Name = "FrontendVipIPv4"
    $frontendV6Name = "FrontendVipIPv6"
    $backendAddressPoolV4Name = "BackendPoolIPv4"
    $backendAddressPoolV6Name = "BackendPoolIPv6"
    
  2. 建立前端 IP 集區,並將它與在上個步驟中建立的公用 IP 與負載平衡器產生關聯。Create a front-end IP pool, and associate it with the public IP that you created in the previous step and the load balancer.

    $frontendV4 = az network lb frontend-ip create --resource-group $rgname --name $frontendV4Name --public-ip-address $publicIpv4Name --lb-name $lbName
    $frontendV6 = az network lb frontend-ip create --resource-group $rgname --name $frontendV6Name --public-ip-address $publicIpv6Name --lb-name $lbName
    $backendAddressPoolV4 = az network lb address-pool create --resource-group $rgname --name $backendAddressPoolV4Name --lb-name $lbName
    $backendAddressPoolV6 = az network lb address-pool create --resource-group $rgname --name $backendAddressPoolV6Name --lb-name $lbName
    

建立探查、NAT 規則和負載平衡器規則Create the probe, NAT rules, and load balancer rules

此範例會建立下列項目:This example creates the following items:

  • 探查規則,用以檢查連到 TCP 連接埠 80 的連線。A probe rule to check for connectivity to TCP port 80.
  • NAT 規則,用以將連接埠 3389 上的所有傳入流量轉譯為 RDP 的連接埠 3389。*A NAT rule to translate all incoming traffic on port 3389 to port 3389 for RDP.*
  • NAT 規則,用以將連接埠 3391 上的所有傳入流量轉譯為遠端桌面通訊協定 (RDP) 的連接埠 3389。*A NAT rule to translate all incoming traffic on port 3391 to port 3389 for remote desktop protocol (RDP).*
  • 負載平衡器規則,將連接埠 80 上的所有傳入流量,負載平衡至後端集區中位址的連接埠 80。A load balancer rule to balance all incoming traffic on port 80 to port 80 on the addresses in the back-end pool.

* NAT 規則與負載平衡器後方的特定虛擬機器執行個體產生關聯。* NAT rules are associated with a specific virtual-machine instance behind the load balancer. 系統會將抵達連接埠 3389 的網路流量傳送給特定虛擬機器和與 NAT 規則關聯的連接埠。The network traffic that arrives on port 3389 is sent to the specific virtual machine and port that's associated with the NAT rule. 您必須為 NAT 規則指定通訊協定 (UDP 或 TCP)。You must specify a protocol (UDP or TCP) for a NAT rule. 您無法對相同連接埠同時指派這兩個通訊協定。You cannot assign both protocols to the same port.

  1. 設定 PowerShell 變數:Set up the PowerShell variables:

    $probeV4V6Name = "ProbeForIPv4AndIPv6"
    $natRule1V4Name = "NatRule-For-Rdp-VM1"
    $natRule2V4Name = "NatRule-For-Rdp-VM2"
    $lbRule1V4Name = "LBRuleForIPv4-Port80"
    $lbRule1V6Name = "LBRuleForIPv6-Port80"
    
  2. 建立探查。Create the probe.

    下列範例會建立 TCP 探查,它每隔 15 秒會檢查與後端 TCP 連接埠 80 的連線。The following example creates a TCP probe that checks for connectivity to the back-end TCP port 80 every 15 seconds. 連續兩次失敗後,它會將後端資源標記為無法使用。After two consecutive failures, it marks the back-end resource as unavailable.

    $probeV4V6 = az network lb probe create --resource-group $rgname --name $probeV4V6Name --protocol tcp --port 80 --interval 15 --threshold 2 --lb-name $lbName
    
  3. 建立輸入 NAT 規則,允許 RDP 連線到後端資源:Create inbound NAT rules that allow RDP connections to the back-end resources:

    $inboundNatRuleRdp1 = az network lb inbound-nat-rule create --resource-group $rgname --name $natRule1V4Name --frontend-ip-name $frontendV4Name --protocol Tcp --frontend-port 3389 --backend-port 3389 --lb-name $lbName
    $inboundNatRuleRdp2 = az network lb inbound-nat-rule create --resource-group $rgname --name $natRule2V4Name --frontend-ip-name $frontendV4Name --protocol Tcp --frontend-port 3391 --backend-port 3389 --lb-name $lbName
    
  4. 建立負載平衡器規則,依據接收要求的前端將流量傳送到不同後端連接埠。Create load balancer rules that send traffic to different back-end ports, depending on the front end that received the request.

    $lbruleIPv4 = az network lb rule create --resource-group $rgname --name $lbRule1V4Name --frontend-ip-name $frontendV4Name --backend-pool-name $backendAddressPoolV4Name --probe-name $probeV4V6Name --protocol Tcp --frontend-port 80 --backend-port 80 --lb-name $lbName
    $lbruleIPv6 = az network lb rule create --resource-group $rgname --name $lbRule1V6Name --frontend-ip-name $frontendV6Name --backend-pool-name $backendAddressPoolV6Name --probe-name $probeV4V6Name --protocol Tcp --frontend-port 80 --backend-port 8080 --lb-name $lbName
    
  5. 檢查您的設定:Check your settings:

    az network lb show --resource-group $rgName --name $lbName
    

    預期輸出:Expected output:

    info:    Executing command network lb show
    info:    Looking up the load balancer "myIPv4IPv6Lb"
    data:    Id                              : /subscriptions/########-####-####-####-############/resourceGroups/pscontosorg1southctrlus09152016/providers/Microsoft.Network/loadBalancers/myIPv4IPv6Lb
    data:    Name                            : myIPv4IPv6Lb
    data:    Type                            : Microsoft.Network/loadBalancers
    data:    Location                        : southcentralus
    data:    Provisioning state              : Succeeded
    data:
    data:    Frontend IP configurations:
    data:    Name             Provisioning state  Private IP allocation  Private IP   Subnet  Public IP
    data:    ---------------  ------------------  ---------------------  -----------  ------  ---------
    data:    FrontendVipIPv4  Succeeded           Dynamic                                     myIPv4Vip
    data:    FrontendVipIPv6  Succeeded           Dynamic                                     myIPv6Vip
    data:
    data:    Probes:
    data:    Name                 Provisioning state  Protocol  Port  Path  Interval  Count
    data:    -------------------  ------------------  --------  ----  ----  --------  -----
    data:    ProbeForIPv4AndIPv6  Succeeded           Tcp       80          15        2
    data:
    data:    Backend Address Pools:
    data:    Name             Provisioning state
    data:    ---------------  ------------------
    data:    BackendPoolIPv4  Succeeded
    data:    BackendPoolIPv6  Succeeded
    data:
    data:    Load Balancing Rules:
    data:    Name                  Provisioning state  Load distribution  Protocol  Frontend port  Backend port  Enable floating IP  Idle timeout in minutes
    data:    --------------------  ------------------  -----------------  --------  -------------  ------------  ------------------  -----------------------
    data:    LBRuleForIPv4-Port80  Succeeded           Default            Tcp       80             80            false               4
    data:    LBRuleForIPv6-Port80  Succeeded           Default            Tcp       80             8080          false               4
    data:
    data:    Inbound NAT Rules:
    data:    Name                 Provisioning state  Protocol  Frontend port  Backend port  Enable floating IP  Idle timeout in minutes
    data:    -------------------  ------------------  --------  -------------  ------------  ------------------  -----------------------
    data:    NatRule-For-Rdp-VM1  Succeeded           Tcp       3389           3389          false               4
    data:    NatRule-For-Rdp-VM2  Succeeded           Tcp       3391           3389          false               4
    info:    network lb show
    

建立 NICCreate NICs

建立 NIC,並將它們與 NAT 規則、負載平衡器規則和探查產生關聯。Create NICs and associate them with NAT rules, load balancer rules, and probes.

  1. 設定 PowerShell 變數:Set up the PowerShell variables:

    $nic1Name = "myIPv4IPv6Nic1"
    $nic2Name = "myIPv4IPv6Nic2"
    $subnet1Id = "/subscriptions/$subscriptionid/resourceGroups/$rgName/providers/Microsoft.Network/VirtualNetworks/$vnetName/subnets/$subnet1Name"
    $subnet2Id = "/subscriptions/$subscriptionid/resourceGroups/$rgName/providers/Microsoft.Network/VirtualNetworks/$vnetName/subnets/$subnet2Name"
    $backendAddressPoolV4Id = "/subscriptions/$subscriptionid/resourceGroups/$rgname/providers/Microsoft.Network/loadbalancers/$lbName/backendAddressPools/$backendAddressPoolV4Name"
    $backendAddressPoolV6Id = "/subscriptions/$subscriptionid/resourceGroups/$rgname/providers/Microsoft.Network/loadbalancers/$lbName/backendAddressPools/$backendAddressPoolV6Name"
    $natRule1V4Id = "/subscriptions/$subscriptionid/resourceGroups/$rgname/providers/Microsoft.Network/loadbalancers/$lbName/inboundNatRules/$natRule1V4Name"
    $natRule2V4Id = "/subscriptions/$subscriptionid/resourceGroups/$rgname/providers/Microsoft.Network/loadbalancers/$lbName/inboundNatRules/$natRule2V4Name"
    
  2. 建立的每個後端 NIC,並新增 IPv6 組態:Create a NIC for each back end, and add an IPv6 configuration:

    $nic1 = az network nic create --name $nic1Name --resource-group $rgname --location $location --private-ip-address-version "IPv4" --subnet $subnet1Id --lb-address-pools $backendAddressPoolV4Id --lb-inbound-nat-rules $natRule1V4Id
    $nic1IPv6 = az network nic ip-config create --resource-group $rgname --name "IPv6IPConfig" --private-ip-address-version "IPv6" --lb-address-pools $backendAddressPoolV6Id --nic-name $nic1Name
    
    $nic2 = az network nic create --name $nic2Name --resource-group $rgname --location $location --private-ip-address-version "IPv4" --subnet $subnet2Id --lb-address-pools $backendAddressPoolV4Id --lb-inbound-nat-rules $natRule2V4Id
    $nic2IPv6 = az network nic ip-config create --resource-group $rgname --name "IPv6IPConfig" --private-ip-address-version "IPv6" --lb-address-pools $backendAddressPoolV6Id --nic-name $nic2Name
    

建立後端 VM 資源並連接每個 NICCreate the back-end VM resources, and attach each NIC

若要建立 VM,您必須有儲存體帳戶。To create VMs, you must have a storage account. 為了負載平衡,VM 必須是可用性設定組的成員。For load balancing, the VMs need to be members of an availability set. 如需建立 VM 的詳細資訊,請參閱使用 PowerShell 建立 Azure VMFor more information about creating VMs, see Create an Azure VM by using PowerShell.

  1. 設定 PowerShell 變數:Set up the PowerShell variables:

    $availabilitySetName = "myIPv4IPv6AvailabilitySet"
    $vm1Name = "myIPv4IPv6VM1"
    $vm2Name = "myIPv4IPv6VM2"
    $nic1Id = "/subscriptions/$subscriptionid/resourceGroups/$rgname/providers/Microsoft.Network/networkInterfaces/$nic1Name"
    $nic2Id = "/subscriptions/$subscriptionid/resourceGroups/$rgname/providers/Microsoft.Network/networkInterfaces/$nic2Name"
    $imageurn = "MicrosoftWindowsServer:WindowsServer:2012-R2-Datacenter:latest"
    $vmUserName = "vmUser"
    $mySecurePassword = "PlainTextPassword*1"
    

    警告

    此範例使用純文字的 VM 使用者名稱和密碼。This example uses the username and password for the VMs in cleartext. 當您以純文字使用這些認證時,請務必謹慎。Take appropriate care when you use these credentials in cleartext. 如需在 PowerShell 中更安全處理認證的方法,請參閱 Get-Credential Cmdlet。For a more secure method of handling credentials in PowerShell, see the Get-Credential cmdlet.

  2. 建立可用性設定組:Create the availability set:

    $availabilitySet = az vm availability-set create --name $availabilitySetName --resource-group $rgName --location $location
    
  3. 建立與 NIC 關聯的虛擬機器:Create the virtual machines with the associated NICs:

    az vm create --resource-group $rgname --name $vm1Name --image $imageurn --admin-username $vmUserName --admin-password $mySecurePassword --nics $nic1Id --location $location --availability-set $availabilitySetName --size "Standard_A1" 
    
    az vm create --resource-group $rgname --name $vm2Name --image $imageurn --admin-username $vmUserName --admin-password $mySecurePassword --nics $nic2Id --location $location --availability-set $availabilitySetName --size "Standard_A1"