Azure 網路Azure networking

Azure 提供各種不同的網路功能,它們可以合併或分開使用。Azure provides a variety of networking capabilities that can be used together or separately. 按一下下列任一項重要功能,以深入了解相關資訊︰Click any of the following key capabilities to learn more about them:

  • Azure 資源之間的連線:在雲端的一個安全的虛擬私人網路中連接所有 Azure 資源。Connectivity between Azure resources: Connect Azure resources together in a secure, private virtual network in the cloud.
  • 網際網路連線:透過網際網路在 Azure 資源之間進行通訊。Internet connectivity: Communicate to and from Azure resources over the Internet.
  • 內部部署連線能力:經由網際網路透過虛擬私人網路 (VPN),或透過與 Azure 的專用連線,將內部部署網路連線至 Azure 資源。On-premises connectivity: Connect an on-premises network to Azure resources through a virtual private network (VPN) over the Internet, or through a dedicated connection to Azure.
  • 負載平衡和流量方向:將流量分散至相同位置中的伺服器以平衡負載,以及將流量導向不同位置的伺服器。Load balancing and traffic direction: Load balance traffic to servers in the same location and direct traffic to servers in different locations.
  • 安全性:篩選網路子網路或個別虛擬機器 (VM) 之間的網路流量。Security: Filter network traffic between network subnets or individual virtual machines (VM).
  • 路由:在您的 Azure 和內部部署資源之間使用預設路由或完全控制路由。Routing: Use default routing or fully control routing between your Azure and on-premises resources.
  • 管理能力:監視和管理您的 Azure 網路資源。Manageability: Monitor and manage your Azure networking resources.
  • 部署和設定工具:使用網頁型入口網站或跨平台命令列工具來部署和設定網路資源。Deployment and configuration tools: Use a web-based portal or cross-platform command-line tools to deploy and configure network resources.

Azure 資源之間的連線Connectivity between Azure resources

Azure 資源 (例如虛擬機器、雲端服務、 虛擬機器擴展集和 Azure App Service Environment) 可透過 Azure 虛擬網路 (VNet) 和彼此進行私下通訊。Azure resources such as Virtual Machines, Cloud Services, Virtual Machines Scale Sets, and Azure App Service Environments can communicate privately with each other through an Azure Virtual Network (VNet). VNet 是專屬於您訂用帳戶的 Azure 雲端邏輯隔離。A VNet is a logical isolation of the Azure cloud dedicated to your subscription. 您可以在每個 Azure 訂用帳戶和 Azure 區域內實作多個 VNet。You can implement multiple VNets within each Azure subscription and Azure region. 每個 VNet 會與其他 VNet 隔離。Each VNet is isolated from other VNets. 对于每个 VNet,可执行以下操作:For each VNet you can:

  • 使用公共和专用 (RFC 1918) 地址指定自定义专用 IP 地址空间。Specify a custom private IP address space using public and private (RFC 1918) addresses. Azure 會從您指派的位址空間,將私人 IP 位址指派給連線至 VNet 的資源。Azure assigns resources connected to the VNet a private IP address from the address space you assign.
  • 將 VNet 分成一或多個子網路,並將 VNet 位址空間的一部分配置給每個子網路。Segment the VNet into one or more subnets and allocate a portion of the VNet address space to each subnet.
  • 使用 Azure 提供的名稱解析,或指定自有的 DNS 伺服器以供連線至 VNet 的資源使用。Use Azure-provided name resolution or specify your own DNS server for use by resources connected to a VNet.

若要深入了解 Azure 虛擬網路服務,請閱讀虛擬網路概觀一文。To learn more about the Azure Virtual Network service, read the Virtual network overview article. 您可以將 VNet 互相連線,讓連線至任一 VNet 的資源能夠跨越 VNet 彼此通訊。You can connect VNets to each other, enabling resources connected to either VNet to communicate with each other across VNets. 您可以使用下列一個或兩個選項將 VNet 彼此連線:You can use either or both of the following options to connect VNets to each other:

  • 對等互連: 讓連線至相同 Azure 區域內不同 Azure VNet 的資源彼此通訊。Peering: Enables resources connected to different Azure VNets within the same Azure region to communicate with each other. 如果資源已連線到相同的 VNet,則跨越 VNet 的頻寬和延遲就一樣。The bandwidth and latency across the VNets is the same as if the resources were connected to the same VNet. 若要深入了解對等互連,請閱讀虛擬網路對等互連概觀一文。To learn more about peering, read the Virtual network peering overview article.
  • VPN 閘道: 讓連線至不同 Azure 區域內不同 Azure VNet 的資源彼此通訊。VPN Gateway: Enables resources connected to different Azure VNets within different Azure regions to communicate with each other. VNet 之間的流量流經 Azure VPN 閘道。Traffic between VNets flows through an Azure VPN Gateway. VNet 之間的頻寬受限於頻寬的閘道。Bandwidth between VNets is limited to the bandwidth of the gateway. 若要深入了解將 VNet 與 VPN 閘道連線,請閱讀跨區域設定 VNet 對 VNet 連線一文。To learn more about connecting VNets with a VPN Gateway, read the Configure a VNet-to-VNet connection across regions article.

網際網路連線Internet connectivity

根據預設,連線至 VNet 的所有 Azure 資源都具有網際網路的輸出連線能力。All Azure resources connected to a VNet have outbound connectivity to the Internet by default. 資源的私人 IP 位址會由 Azure 基礎結構進行來源網路位址轉譯 (SNAT) 成為公用 IP 位址。The private IP address of the resource is source network address translated (SNAT) to a public IP address by the Azure infrastructure. 若要深入了解輸出網際網路連線能力,請閱讀了解 Azure 中的輸出連線一文。To learn more about outbound Internet connectivity, read the Understanding outbound connections in Azure article.

若要進行從網際網路通對 Azure 資源的輸入通訊,或進行對網際網路的輸出通訊 (未經 SNAT),則必須指派公用 IP 位址給資源。To communicate inbound to Azure resources from the Internet, or to communicate outbound to the Internet without SNAT, a resource must be assigned a public IP address. 若要深入了解公用 IP 位址,請閱讀公用 IP 位址一文。To learn more about public IP addresses, read the Public IP addresses article.

內部部署連線On-premises connectivity

您可以透過 VPN 連線或直接的私人連線,在您的 VNet 中安全地存取資源。You can access resources in your VNet securely over either a VPN connection, or a direct private connection. 若要在 Azure 虛擬網路和內部部署網路之間傳送網路流量,您必須建立虛擬網路閘道。To send network traffic between your Azure virtual network and your on-premises network, you must create a virtual network gateway. 您要設定閘道的設定以建立所需的連線類型,即 VPN 或 ExpressRoute。You configure settings for the gateway to create the type of connection that you want, either VPN or ExpressRoute.

您可以使用下列選項的任意組合,將內部部署網路連線至 VNet︰You can connect your on-premises network to a VNet using any combination of the following options:

點對站 (透過 SSTP 的 VPN)Point-to-site (VPN over SSTP)

下圖顯示多部電腦與 VNet 之間不同的站對台連線︰The following picture shows separate point to site connections between multiple computers and a VNet:

點對站

在單一電腦與 VNet 之間會建立此連線。This connection is established between a single computer and a VNet. 如果您剛開始使用 Azure,此連線類型就很適合您,也適用於開發人員,因為它幾乎不需要變更您現有的網路。This connection type is great if you're just getting started with Azure, or for developers, because it requires little or no changes to your existing network. 這也是從會議或住家等遠端位置連線時的便利方式。It's also convenient when you are connecting from a remote location such as a conference or home. 點對站連線通常會透過相同的虛擬網路閘道結合站對站連線。Point-to-site connections are often coupled with a site-to-site connection through the same virtual network gateway. 連線會使用 SSTP 通訊協定,透過網際網路提供電腦與 VNet 之間的加密通訊。The connection uses the SSTP protocol to provide encrypted communication over the Internet between the computer and the VNet. 點對站 VPN 的延遲無法預期,因為流量會周遊網際網路。The latency for a point-to-site VPN is unpredictable, since the traffic traverses the Internet.

站對站 (IPsec/IKE VPN 通道)Site-to-site (IPsec/IKE VPN tunnel)

網站間

內部部署的 VPN 裝置與 Azure VPN 閘道之間會建立此連線。This connection is established between your on-premises VPN device and an Azure VPN Gateway. 此連線類型可讓您授權的任何內部部署資源存取 VNet。This connection type enables any on-premises resource that you authorize to access the VNet. 此連線是 IPSec/IKE VPN,可透過網際網路提供內部部署裝置與 Azure VPN 閘道之間的加密通訊。The connection is an IPSec/IKE VPN that provides encrypted communication over the Internet between your on-premises device and the Azure VPN gateway. 您可以將多個內部部署網站連線到同一個 VPN 閘道。You can connect multiple on-premises sites to the same VPN gateway. 每個網站的內部部署 VPN 裝置,都必須有一個對外開放、不是位於 NAT 後方的公用 IP 位址。The on-premises VPN device at each site must have an externally-facing public IP address that is not behind a NAT. 站對站連線的延遲無法預期,因為流量會周遊網際網路。The latency for a site-to-site connection is unpredictable, since the traffic traverses the Internet.

ExpressRoute (專用的私人連線)ExpressRoute (dedicated private connection)

ExpressRoute

您的網路與 Azure 之間會透過 ExpressRoute 合作夥伴建立此類型的連線。This type of connection is established between your network and Azure, through an ExpressRoute partner. 此連線是私人連線。This connection is private. 流量不会遍历 Internet。Traffic does not traverse the Internet. ExpressRoute 連線的延遲無法預期,因為流量不會周遊網際網路。The latency for an ExpressRoute connection is predictable, since traffic doesn't traverse the Internet. ExpressRoute 可以結合站對站連線。ExpressRoute can be combined with a site-to-site connection.

若要深入了解所有先前的連線選項,請閱讀連線拓撲圖一文。To learn more about all the previous connection options, read the Connection topology diagrams article.

負載平衡和流量方向Load balancing and traffic direction

Microsoft Azure 提供多個服務,可管理分配網路流量和負載平衡的方式。Microsoft Azure provides multiple services for managing how network traffic is distributed and load balanced. 您可以合併或分開使用下列任一項功能︰You can use any of the following capabilities separately or together:

DNS 負載平衡DNS load balancing

Azure 流量管理員服務提供全域 DNS 負載平衡。The Azure Traffic Manager service provides global DNS load balancing. 流量管理員會根據下列其中一項路由方式,以狀況良好之端點的 IP 位址回應用戶端︰Traffic Manager responds to clients with the IP address of a healthy endpoint, based on one of the following routing methods:

  • 地理: 根據使用者的 DNS 查詢來自哪個地理位置,將用戶端導向特定端點 (Azure、外部或巢狀)。Geographic: Clients are directed to specific endpoints (Azure, external or nested) based on which geographic location their DNS query originates from. 在必須知道用戶端所在的地理區域並根據此位置進行路由的情況下,適合採取此方式。This method enables scenarios where knowing a client's geographic region, and routing them based on it, is important. 例如,遵守資料主權規定、內容和使用者經驗的當地語系化,以及測量來自不同區域的流量。Examples include complying with data sovereignty mandates, localization of content & user experience, and measuring traffic from different regions.
  • 效能: 傳回至用戶端的 IP 位址「最靠近」用戶端。Performance: The IP address returned to the client is the "closest" to the client. 「最靠近」的端點不一定是地理距離測量上最靠近的端點。The 'closest' endpoint is not necessarily closest as measured by geographic distance. 此方法是透過測量網路延遲來決定最靠近的端點。Instead, this method determines the closest endpoint by measuring network latency. 流量管理員會維護「網際網路延遲資料表」,以追蹤 IP 位址範圍與每個 Azure 資料中心之間的往返時間。Traffic Manager maintains an Internet latency table to track the round-trip time between IP address ranges and each Azure datacenter.
  • 優先順序: 流量會導向主要 (最高優先順序) 端點。Priority: Traffic is directed to the primary (highest-priority) endpoint. 如果主要端點無法使用,流量管理員會將流量路由傳送至第二個端點。If the primary endpoint is not available, Traffic Manager routes the traffic to the second endpoint. 如果主要和次要端點都無法供使用,系統就會將流量傳送到第三個端點,依此類推。If both the primary and secondary endpoints are not available, the traffic goes to the third, and so on. 端點的可用性是取決於已設定的狀態 (已啟用或已停用) 和持續的端點監視。Availability of the endpoint is based on the configured status (enabled or disabled) and the ongoing endpoint monitoring.
  • 加權循環配置資源: 針對每個要求,流量管理員會隨機選擇可用的端點。Weighted round-robin: For each request, Traffic Manager randomly chooses an available endpoint. 選擇端點的機率是根據指派給所有可用端點的權數。The probability of choosing an endpoint is based on the weights assigned to all available endpoints. 所有端點都使用相同的權數會形成平均的流量分配。Using the same weight across all endpoints results in an even traffic distribution. 在特定端點上使用較高或較低的權數會導致 DNS 回應中較經常或較不常傳回這些端點。Using higher or lower weights on specific endpoints causes those endpoints to be returned more or less frequently in the DNS responses.

下圖顯示導向 Web App 端點的 Web 應用程式要求。The following picture shows a request for a web application directed to a Web App endpoint. 端點也可以是其他 Azure 服務,例如 VM 和雲端服務。Endpoints can also be other Azure services such as VMs and Cloud Services.

流量管理員

用戶端直接連線至該端點。The client connects directly to that endpoint. Azure 流量管理員會在偵測到端點狀況不良時,將用戶端重新導向至其他狀況良好的端點。Azure Traffic Manager detects when an endpoint is unhealthy and then redirects clients to a different, healthy endpoint. 若要深入了解流量管理員,請閱讀 Azure 流量管理員概觀一文。To learn more about Traffic Manager, read the Azure Traffic Manager overview article.

應用程式負載平衡Application load balancing

Azure 應用程式閘道服務提供應用程式傳遞控制站 (ADC) 服務。The Azure Application Gateway service provides application delivery controller (ADC) as a service. 應用程式閘道為您的應用程式提供各種第 7 層 (HTTP/HTTPS) 負載平衡功能,包括保護 Web 應用程式以防範漏洞和攻擊的 Web 應用程式防火牆。Application Gateway offers various Layer 7 (HTTP/HTTPS) load-balancing capabilities for your applications, including a web application firewall to protect your web applications from vulnerabilities and exploits. 應用程式閘道還會將 CPU 密集 SSL 終止卸載至應用程式閘道,讓客戶最佳化 Web 伺服陣列的產能。Application Gateway also allows you to optimize web farm productivity by offloading CPU-intensive SSL termination to the application gateway.

其他第 7 層路由功能包括循環配置連入流量、以 Cookie 為基礎的工作階段同質、URL 路徑型路由,以及在單一應用程式閘道背後代管多個網站的能力。Other Layer 7 routing capabilities include round-robin distribution of incoming traffic, cookie-based session affinity, URL path-based routing, and the ability to host multiple websites behind a single application gateway. 應用程式閘道可以設定為連結網際網路的閘道、內部專用閘道或兩者混合。Application Gateway can be configured as an Internet-facing gateway, an internal-only gateway, or a combination of both. 應用程式閘道完全由 Azure 管理、可調整且可用性極高。Application Gateway is fully Azure managed, scalable, and highly available. 它提供一組豐富的診斷和記錄功能,很好管理。It provides a rich set of diagnostics and logging capabilities for better manageability. 若要深入了解應用程式閘道,請閱讀應用程式閘道概觀一文。To learn more about Application Gateway, read the Application Gateway overview article.

下圖顯示以 URL 路徑為基礎的路由與應用程式閘道︰The following picture shows URL path-based routing with Application Gateway:

应用程序网关

網路負載平衡Network load balancing

Azure Load Balancer 針對所有 UDP 和 TCP 通訊協定提供高效能、低延遲的第 4 層負載平衡。The Azure Load Balancer provides high-performance, low-latency Layer 4 load-balancing for all UDP and TCP protocols. 它會管理輸入及輸出連線。It manages inbound and outbound connections. 您可以設定公用和內部負載平衡端點。You can configure public and internal load-balanced endpoints. 您可以使用 TCP 和 HTTP 健全狀況探查選項定義規則,將輸入連線對應至後端集區目的地,以管理服務可用性。You can define rules to map inbound connections to back-end pool destinations by using TCP and HTTP health-probing options to manage service availability. 若要深入了解負載平衡器,請閱讀負載平衡器概觀一文。To learn more about Load Balancer, read the Load Balancer overview article.

下圖顯示同時使用外部和內部負載平衡器的網際網路對向多層應用程式︰The following picture shows an Internet-facing multi-tier application that utilizes both external and internal load balancers:

負載平衡器

安全性Security

您可以使用下列選項來篩選 Azure 資源的輸入和輸出流量︰You can filter traffic to and from Azure resources using the following options:

  • 網路: 您可以實作 Azure 網路安全性群組 (NSG) 來篩選 Azure 資源的輸入和輸出流量。Network: You can implement Azure network security groups (NSGs) to filter inbound and outbound traffic to Azure resources. 每個 NSG 可包含一或多個輸入和輸出規則。Each NSG contains one or more inbound and outbound rules. 每個規則可指定用來篩選流量的來源 IP 位址、目的地 IP 位址、連接埠和通訊協定。Each rule specifies the source IP addresses, destination IP addresses, port, and protocol that traffic is filtered with. NSG 可套用至個別的子網路和個別的 VM。NSGs can be applied to individual subnets and individual VMs. 若要深入了解 NSG,請閱讀網路安全性群組概觀一文。To learn more about NSGs, read the Network security groups overview article.
  • 應用程式: 同時使用應用程式閘道和 Web 應用程式防火牆,可保護您的應用程式以防範漏洞和攻擊。Application: By using an Application Gateway with web application firewall you can protect your web applications from vulnerabilities and exploits. 常見的範例包括 SQL 插入式攻擊、跨網站指令碼和格式不正確的標頭。Common examples are SQL injection attacks, cross site scripting, and malformed headers. 應用程式閘道會篩選掉此流量,使它無法到達您的 Web 伺服器。Application gateway filters out this traffic and stops it from reaching your web servers. 您可以設定要啟用的規則。You are able to configure what rules you want enabled. 您可以設定 SSL 交涉原則,以允許停用某些原則。The ability to configure SSL negotiation policies is provided to allow certain policies to be disabled. 若要深入了解 Web 應用程式防火牆,請閱讀 Web 應用程式防火牆一文。To learn more about the web application firewall, read the Web application firewall article.

如果您需要 Azure 未提供的網路功能,或想要使用您在內部部署使用的網路應用程式,您可以在 VM 中實作這些產品,並將它們連線到您的 VNet。If you need network capability Azure doesn't provide, or want to use network applications you use on-premises, you can implement the products in VMs and connect them to your VNet. Azure Marketplace 包含數種不同的 VM,這些 VM 已預先設定您目前可能使用的網路應用程式。The Azure Marketplace contains several different VMs pre-configured with network applications you may currently use. 這些預先設定的 VM 通常稱為網路虛擬裝置 (NVA)。These pre-configured VMs are typically referred to as network virtual appliances (NVA). NVA 已搭載防火牆和 WAN 最佳化等應用程式。NVAs are available with applications such as firewall and WAN optimization.

路由Routing

Azure 預設會建立路由表,讓連線至任何 VNet 中任何子網路的資源彼此通訊。Azure creates default route tables that enable resources connected to any subnet in any VNet to communicate with each other. 您可以實作下列一或兩個類型的路由,覆寫 Azure 所建立的預設路由︰You can implement either or both of the following types of routes to override the default routes Azure creates:

  • 使用者定義: 您可以建立自訂路由表,其中的路由可控制每個子網路的流量會路由傳送至的位置。User-defined: You can create custom route tables with routes that control where traffic is routed to for each subnet. 若要深入了解使用者定義的路由,請閱讀使用者定義的路由文章。To learn more about user-defined routes, read the User-defined routes article.
  • 邊界閘道協定 (BGP): 如果您使用 Azure VPN 閘道或 ExpressRoute 連線將 VNet 連線至內部部署網路,則可將 BGP 路由傳播至 VNet。Border gateway protocol (BGP): If you connect your VNet to your on-premises network using an Azure VPN Gateway or ExpressRoute connection, you can propagate BGP routes to your VNets. BGP 是常用於網際網路的標準路由通訊協定,可交換兩個或多個網路之間的路由和可執行性資訊。BGP is the standard routing protocol commonly used in the Internet to exchange routing and reachability information between two or more networks. 在 Azure 虛擬網路的內容中使用時,BGP 會啟用 Azure VPN 閘道,以及內部部署 VPN 裝置 (稱為 BGP 對等互連或鄰近項目) 來交換「路由」,其會通知這兩個閘道對要通過閘道的首碼或所涉及之路由器的可用性和可執行性。When used in the context of Azure Virtual Networks, BGP enables the Azure VPN Gateways and your on-premises VPN devices, called BGP peers or neighbors, to exchange "routes" that inform both gateways on the availability and reachability for those prefixes to go through the gateways or routers involved. BGP 也可以傳播從一個 BGP 對等互連到所有其他 BGP 對等所識別的 BGP 閘道,來啟用多個網路之間的傳輸路由。BGP can also enable transit routing among multiple networks by propagating routes a BGP gateway learns from one BGP peer to all other BGP peers. 若要深入了解 BGP,請參閱 BGP 搭配 Azure VPN 閘道概觀一文。To learn more about BGP, see the BGP with Azure VPN Gateways overview article.

可管理性Manageability

Azure 提供下列工具來監視和管理網路功能︰Azure provides the following tools to monitor and manage networking:

  • 活動記錄: 所有 Azure 資源都有提供作業發生、作業狀態和起始作業者的活動記錄。Activity logs: All Azure resources have activity logs which provide information about operations taken place, status of operations and who initiated the operation. 若要深入了解活動記錄,請閱讀活動記錄概觀一文。To learn more about activity logs, read the Activity logs overview article.
  • 診斷記錄: 建立網路資源並登入 Azure 儲存體帳戶,或傳送到 Azure 事件中樞、 Azure 監視器記錄檔定期和自發地事件。Diagnostic logs: Periodic and spontaneous events are created by network resources and logged in Azure storage accounts, sent to an Azure Event Hub, or sent to Azure Monitor logs. 診斷記錄可讓您深入了解資源的健全狀況。Diagnostic logs provide insight to the health of a resource. 負載平衡器 (網際網路對向)、網路安全性群組、路由和應用程式閘道均提供診斷記錄。Diagnostic logs are provided for Load Balancer (Internet-facing), Network Security Groups, routes, and Application Gateway. 若要深入了解診斷記錄,請閱讀診斷記錄概觀一文。To learn more about diagnostic logs, read the Diagnostic logs overview article.
  • 度量: 計量是在一段時間內所收集到關於資源的效能測量數據和計數器。Metrics: Metrics are performance measurements and counters collected over a period of time on resources. 計量可用來根據臨界值觸發警示。Metrics can be used to trigger alerts based on thresholds. 目前有針對應用程式閘道的計量。Currently metrics are available on Application Gateway. 若要深入了解計量,請閱讀計量概觀一文。To learn more about metrics, read the Metrics overview article.
  • 疑難排解: 在 Azure 入口網站中,可直接存取疑難排解資訊。Troubleshooting: Troubleshooting information is accessible directly in the Azure portal. 此資訊有助於診斷和下列網路資源有關的常見問題:ExpressRoute、VPN 閘道、應用程式閘道、網路安全性記錄、路由、DNS、負載平衡器和流量管理員。The information helps diagnose common problems with ExpressRoute, VPN Gateway, Application Gateway, Network Security Logs, Routes, DNS, Load Balancer, and Traffic Manager.
  • 角色型存取控制 (RBAC): 使用角色型存取控制 (RBAC),控制誰可以建立和管理網路資源。Role-based access control (RBAC): Control who can create and manage networking resources with role-based access control (RBAC). 若要深入了解 RBAC,請閱讀開始使用 RBAC 一文。Learn more about RBAC by reading the Get started with RBAC article.
  • 封包擷取︰ Azure 網路監看員服務可透過 VM 內的擴充功能,在 VM 上執行封包擷取。Packet capture: The Azure Network Watcher service provides the ability to run a packet capture on a VM through an extension within the VM. Linux 和 Windows VM 均提供此功能。This capability is available for Linux and Windows VMs. 若要深入了解封包擷取,請閱讀封包擷取概觀一文。To learn more about packet capture, read the Packet capture overview article.
  • 驗證 IP 流量: 網路監看員可讓您驗證 Azure VM 和遠端資源之間的 IP 流量,以決定允許或拒絕封包。Verify IP flows: Network Watcher allows you to verify IP flows between an Azure VM and a remote resource to determine whether packets are allowed or denied. 系統管理員可利用此功能快速診斷連線問題。This capability provides administrators the ability to quickly diagnose connectivity issues. 若要深入了解如何驗證 IP 流量,請閱讀 IP 流量驗證概觀一文。To learn more about how to verify IP flows, read the IP flow verify overview article.
  • 疑難排解 VPN 連線︰ 網路監看員的 VPN 疑難排解員功能可查詢連線或閘道,以確認資源的健全狀況。Troubleshoot VPN connectivity: The VPN troubleshooter capability of Network Watcher provides the ability to query a connection or gateway and verify the health of the resources. 若要深入了解對 VPN 連線進行疑難排解,請閱讀 VPN 連線疑難排解概觀一文。To learn more about troubleshooting VPN connections, read the VPN connectivity troubleshooting overview article.
  • 檢視網路拓撲︰ 使用網路監看員,以圖形化方式檢視 VNet 中的網路資源。View network topology: View a graphical representation of the network resources in a VNet with Network Watcher. 若要深入了解檢視網路拓撲,請閱讀拓撲概觀一文。To learn more about viewing network topology, read the Topology overview article.

部署和設定工具Deployment and configuration tools

您可以使用下列任一項工具來部署和設定 Azure 網路資源︰You can deploy and configure Azure networking resources with any of the following tools:

  • Azure 入口網站: 在瀏覽器中執行的圖形化使用者介面。Azure portal: A graphical user interface that runs in a browser. 開啟 Azure 入口網站Open the Azure portal.
  • Azure PowerShell: 從 Windows 電腦管理 Azure 的命令列工具。Azure PowerShell: Command-line tools for managing Azure from Windows computers. 若要深入了解 Azure PowerShell,請閱讀 Azure PowerShell 概觀一文。Learn more about Azure PowerShell by reading the Azure PowerShell overview article.
  • Azure 命令列介面 (CLI): 從 Linux、macOS 或 Windows 電腦管理 Azure 的命令列工具。Azure command-line interface (CLI): Command-line tools for managing Azure from Linux, macOS, or Windows computers. 若要深入了解 Azure CLI,請閱讀 Azure CLI 概觀一文。Learn more about the Azure CLI by reading the Azure CLI overview article.
  • Azure Resource Manager 範本: 定義 Azure 解決方案之基礎結構和組態的檔案 (JSON 格式)。Azure Resource Manager templates: A file (in JSON format) that defines the infrastructure and configuration of an Azure solution. 透過範本,您可以在整個生命週期中重複部署方案,並確信您的資源會以一致的狀態部署。By using a template, you can repeatedly deploy your solution throughout its lifecycle and have confidence your resources are deployed in a consistent state. 若要深入了解製作範本,請閱讀建立範本的最佳做法一文。To learn more about authoring templates, read the Best practices for creating templates article. 您可以使用 Azure 入口網站、CLI 或 PowerShell 來部署範本。Templates can be deployed with the Azure portal, CLI, or PowerShell. 若要立即開始使用範本,請部署 Azure 快速入門範本程式庫中的其中一個預先設定範本。To get started with templates right away, deploy one of the many pre-configured templates in the Azure Quickstart Templates library.

價格Pricing

有些 Azure 網路服務需要收費,其他則是免費提供。Some of the Azure networking services have a charge, while others are free. 如需詳細資訊,請參閱虛擬網路VPN 閘道應用程式閘道負載平衡器網路監看員DNS流量管理員ExpressRoute 的定價頁面。View the Virtual network, VPN Gateway, Application Gateway, Load Balancer, Network Watcher, DNS, Traffic Manager and ExpressRoute pricing pages for more information.

後續步驟Next steps