Azure 虛擬機器擴展集的網路Networking for Azure virtual machine scale sets

透過入口網站部署 Azure 虛擬機器擴展集時,特定的網路屬性為預設,例如具有輸入 NAT 規則的 Azure Load Balancer。When you deploy an Azure virtual machine scale set through the portal, certain network properties are defaulted, for example an Azure Load Balancer with inbound NAT rules. 本文說明如何使用某些您可以使用擴展集設定的更進階網路功能。This article describes how to use some of the more advanced networking features that you can configure with scale sets.

本文所討論的所有概念都可以使用 Azure Resource Manager 範本來設定。You can configure all of the features covered in this article using Azure Resource Manager templates. 選取的功能也會包含 Azure CLI 和 PowerShell 範例。Azure CLI and PowerShell examples are also included for selected features.

加速網路Accelerated Networking

Azure 加速網路可以對虛擬機器啟用 Single Root I/O Virtualization (SR-IOV),大幅提升網路效能。Azure Accelerated Networking improves network performance by enabling single root I/O virtualization (SR-IOV) to a virtual machine. 若要深入了解如何使用加速網路,請參閱 WindowsLinux 虛擬機器的加速網路。To learn more about using Accelerated networking, see Accelerated networking for Windows or Linux virtual machines. 若要搭配擴展集使用加速的網路,請在擴展集的 networkInterfaceConfigurations 設定中,將 enableAcceleratedNetworking 設為 trueTo use accelerated networking with scale sets, set enableAcceleratedNetworking to true in your scale set's networkInterfaceConfigurations settings. 例如:For example:

"networkProfile": {
    "networkInterfaceConfigurations": [
    {
      "name": "niconfig1",
      "properties": {
        "primary": true,
        "enableAcceleratedNetworking" : true,
        "ipConfigurations": [
          ...
        ]
      }
    }
   ]
}

具有 Azure Load Balancer 的 Azure 虛擬機器擴展集Azure virtual machine scale sets with Azure Load Balancer

請參閱 Azure Load Balancer 和虛擬機器擴展集 ,以深入瞭解如何根據您的案例,使用虛擬機器擴展集來設定您的 Standard Load Balancer。See Azure Load Balancer and Virtual Machine Scale Sets to learn more about how to configure your Standard Load Balancer with Virtual Machine Scale Sets based on your scenario.

建立參考應用程式閘道的擴展集Create a scale set that references an Application Gateway

若要建立使用應用程式閘道的擴展集,請和此 ARM 範本設定中一樣,參考擴展集 ipConfigurations 區段中的應用程式閘道後端位址集區:To create a scale set that uses an application gateway, reference the backend address pool of the application gateway in the ipConfigurations section of your scale set as in this ARM template config:

"ipConfigurations": [{
  "name": "{config-name}",
  "properties": {
  "subnet": {
    "id": "{subnet-id}"
  },
  "ApplicationGatewayBackendAddressPools": [{
    "id": "/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/providers/Microsoft.Network/applicationGateways/{gateway-name}/backendAddressPools/{pool-name}"
  }]
}]

注意

請注意,應用程式閘道必須和擴展集位於相同的虛擬網路中,但必須與擴展集位於不同的子網路。Note that the application gateway must be in the same virtual network as the scale set but must be in a different subnet from the scale set.

可設定的 DNS 設定Configurable DNS Settings

根據預設,擴展集會採取 VNET 和它們建立於該子網路的特定 DNS 設定。By default, scale sets take on the specific DNS settings of the VNET and subnet they were created in. 不過,您可以直接設定擴展集的 DNS 設定。You can however, configure the DNS settings for a scale set directly.

使用可設定的 DNS 伺服器建立擴展集Creating a scale set with configurable DNS servers

若要使用 Azure CLI 搭配自訂的 DNS 設定建立擴展集,將 --dns-servers 引數新增至 vmss create 命令,後面接以空格分隔的伺服器 IP 位址。To create a scale set with a custom DNS configuration using the Azure CLI, add the --dns-servers argument to the vmss create command, followed by space separated server ip addresses. 例如:For example:

--dns-servers 10.0.0.6 10.0.0.5

若要在 Azure 範本中設定自訂的 DNS 伺服器,請將 dnsSettings 屬性新增至擴展集 networkInterfaceConfigurations 區段。To configure custom DNS servers in an Azure template, add a dnsSettings property to the scale set networkInterfaceConfigurations section. 例如:For example:

"dnsSettings":{
    "dnsServers":["10.0.0.6", "10.0.0.5"]
}

使用可設定的虛擬機器網域名稱建立擴展集Creating a scale set with configurable virtual machine domain names

若要使用 CLI 搭配自訂的虛擬機器 DNS 名稱建立擴展集,將 --vm-domain-name 引數新增至 virtual machine scale set create 命令,後面接著代表網域名稱的字串。To create a scale set with a custom DNS name for virtual machines using the CLI, add the --vm-domain-name argument to the virtual machine scale set create command, followed by a string representing the domain name.

若要在 Azure 範本中設定網域名稱,請將 dnsSettings 屬性新增至擴展集 networkInterfaceConfigurations 區段。To set the domain name in an Azure template, add a dnsSettings property to the scale set networkInterfaceConfigurations section. 例如:For example:

"networkProfile": {
  "networkInterfaceConfigurations": [
    {
    "name": "nic1",
    "properties": {
      "primary": true,
      "ipConfigurations": [
      {
        "name": "ip1",
        "properties": {
          "subnet": {
            "id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/virtualNetworks/', variables('vnetName'), '/subnets/subnet1')]"
          },
          "publicIPAddressconfiguration": {
            "name": "publicip",
            "properties": {
            "idleTimeoutInMinutes": 10,
              "dnsSettings": {
                "domainNameLabel": "[parameters('vmssDnsName')]"
              }
            }
          }
        }
      }
    ]
    }
}

個別虛擬機器 DNS 名稱的輸出格式如下:The output, for an individual virtual machine dns name would be in the following form:

<vm><vmindex>.<specifiedVmssDomainNameLabel>

每個虛擬機器的公用 IPv4Public IPv4 per virtual machine

一般情況下,Azure 擴展集虛擬機器不需要自己的公用 IP 位址。In general, Azure scale set virtual machines do not require their own public IP addresses. 在大部分的情況下,將公用 IP 位址與負載平衡器或個別虛擬機器相關聯 (也稱為 jumpbox) ,然後視 (需要將連入連線路由至擴展集虛擬機器,例如透過輸入 NAT 規則) 。For most scenarios, it is more economical and secure to associate a public IP address to a load balancer or to an individual virtual machine (also known as a jumpbox), which then routes incoming connections to scale set virtual machines as needed (for example, through inbound NAT rules).

但是,某些情況會要求擴展集虛擬機器具備自己的公用 IP 位址。However, some scenarios do require scale set virtual machines to have their own public IP addresses. 例如遊戲,其中主控台需要直接連線至雲端虛擬機器,進而執行遊戲實體流程。An example is gaming, where a console needs to make a direct connection to a cloud virtual machine, which is doing game physics processing. 另一個範例是虛擬機器需要對另一個分散式資料庫中跨區域的虛擬機器進行外部連線。Another example is where virtual machines need to make external connections to one another across regions in a distributed database.

使用公用 IP 每虛擬機器建立擴展集Creating a scale set with public IP per virtual machine

若要使用 CLI 建立將公用 IP 位址指派給每個虛擬機器的擴展集,請將 --public-ip-per-vm 參數新增至 vmss create 命令。To create a scale set that assigns a public IP address to each virtual machine with the CLI, add the --public-ip-per-vm parameter to the vmss create command.

若要使用 Azure 範本建立擴展集,請確定 Microsoft.Compute/virtualMachineScaleSets 資源的 API 版本至少為 2017-03-30,並將 publicIpAddressConfiguration JSON 屬性新增至擴展集 ipConfigurations 區段。To create a scale set using an Azure template, make sure the API version of the Microsoft.Compute/virtualMachineScaleSets resource is at least 2017-03-30, and add a publicIpAddressConfiguration JSON property to the scale set ipConfigurations section. 例如:For example:

"publicIpAddressConfiguration": {
    "name": "pub1",
    "properties": {
      "idleTimeoutInMinutes": 15
    }
}

範本範例:201-vmss-public-ip-linuxExample template: 201-vmss-public-ip-linux

查詢擴展集中虛擬機器的公用 IP 位址Querying the public IP addresses of the virtual machines in a scale set

若要列出使用 CLI 指派給擴展集虛擬機器的公用 IP 位址,請使用 az vmss list-instance-public-ips 命令。To list the public IP addresses assigned to scale set virtual machines using the CLI, use the az vmss list-instance-public-ips command.

若要使用 PowerShell 列出擴展集公用 IP 位址,請使用 Get-AzPublicIpAddress 命令。To list scale set public IP addresses using PowerShell, use the Get-AzPublicIpAddress command. 例如:For example:

Get-AzPublicIpAddress -ResourceGroupName myrg -VirtualMachineScaleSetName myvmss

您也可以直接參考公用 IP 位址組態的資源識別碼,以查詢公用 IP 位址。You can also query the public IP addresses by referencing the resource ID of the public IP address configuration directly. 例如:For example:

Get-AzPublicIpAddress -ResourceGroupName myrg -Name myvmsspip

您也可以查詢 Azure 資源總管,或 Azure REST API 版本 2017-03-30 或更高版本,來顯示指派給擴展集虛擬機器的公用 IP 位址。You can also display the public IP addresses assigned to the scale set virtual machines by querying the Azure Resource Explorer or the Azure REST API with version 2017-03-30 or higher.

若要查詢 Azure 資源總管To query the Azure Resource Explorer:

  1. 在 Web 瀏覽器中開啟 Azure 資源總管Open Azure Resource Explorer in a web browser.
  2. 從左側按一下 [訂用帳戶] 旁的 [+],即可展開訂用帳戶。Expand subscriptions on the left side by clicking the + next to it. 如果 [訂用帳戶] 底下只有一個項目,則可能已經展開。If you only have one item under subscriptions, it may already be expanded.
  3. 展開您的訂用帳戶。Expand your subscription.
  4. 展開您的資源群組。Expand your resource group.
  5. 展開 [提供者]。Expand providers.
  6. 展開 [ Microsoft. 計算]。Expand Microsoft.Compute.
  7. 展開 [virtualMachineScaleSets]。Expand virtualMachineScaleSets.
  8. 展開您的擴展集。Expand your scale set.
  9. 按一下 [publicipaddresses]。Click on publicipaddresses.

若要查詢 Azure REST API:To query the Azure REST API:

GET https://management.azure.com/subscriptions/{your sub ID}/resourceGroups/{RG name}/providers/Microsoft.Compute/virtualMachineScaleSets/{scale set name}/publicipaddresses?api-version=2017-03-30

Azure 資源總管和 Azure REST API 的輸出範例:Example output from the Azure Resource Explorer and Azure REST API:

{
  "value": [
    {
      "name": "pub1",
      "id": "/subscriptions/your-subscription-id/resourceGroups/your-rg/providers/Microsoft.Compute/virtualMachineScaleSets/pipvmss/virtualMachines/0/networkInterfaces/pipvmssnic/ipConfigurations/yourvmssipconfig/publicIPAddresses/pub1",
      "etag": "W/\"a64060d5-4dea-4379-a11d-b23cd49a3c8d\"",
      "properties": {
        "provisioningState": "Succeeded",
        "resourceGuid": "ee8cb20f-af8e-4cd6-892f-441ae2bf701f",
        "ipAddress": "13.84.190.11",
        "publicIPAddressVersion": "IPv4",
        "publicIPAllocationMethod": "Dynamic",
        "idleTimeoutInMinutes": 15,
        "ipConfiguration": {
          "id": "/subscriptions/your-subscription-id/resourceGroups/your-rg/providers/Microsoft.Compute/virtualMachineScaleSets/yourvmss/virtualMachines/0/networkInterfaces/yourvmssnic/ipConfigurations/yourvmssipconfig"
        }
      }
    },
    {
      "name": "pub1",
      "id": "/subscriptions/your-subscription-id/resourceGroups/your-rg/providers/Microsoft.Compute/virtualMachineScaleSets/yourvmss/virtualMachines/3/networkInterfaces/yourvmssnic/ipConfigurations/yourvmssipconfig/publicIPAddresses/pub1",
      "etag": "W/\"5f6ff30c-a24c-4818-883c-61ebd5f9eee8\"",
      "properties": {
        "provisioningState": "Succeeded",
        "resourceGuid": "036ce266-403f-41bd-8578-d446d7397c2f",
        "ipAddress": "13.84.159.176",
        "publicIPAddressVersion": "IPv4",
        "publicIPAllocationMethod": "Dynamic",
        "idleTimeoutInMinutes": 15,
        "ipConfiguration": {
          "id": "/subscriptions/your-subscription-id/resourceGroups/your-rg/providers/Microsoft.Compute/virtualMachineScaleSets/yourvmss/virtualMachines/3/networkInterfaces/yourvmssnic/ipConfigurations/yourvmssipconfig"
        }
      }
    }

每個 NIC 的多個 IP 位址Multiple IP addresses per NIC

擴展集中連接到 VM 的每個 NIC 皆有一或多個 IP 組態與其相關聯。Every NIC attached to a VM in a scale set can have one or more IP configurations associated with it. 每個組態會獲派一個私人 IP 位址。Each configuration is assigned one private IP address. 每個組態可能也會有一個關聯的公用 IP 位址資源。Each configuration may also have one public IP address resource associated with it. 若要了解多少個 IP 位址可以指派到 NIC,和您可以在 Azure 訂用帳戶中使用多少個公用 IP 位址,請參閱 Azure 限制To understand how many IP addresses can be assigned to a NIC, and how many public IP addresses you can use in an Azure subscription, refer to Azure limits.

每個虛擬機器的多個 NICMultiple NICs per virtual machine

每個虛擬機器可擁有最多 8 個 NIC,根據機器大小而定。You can have up to 8 NICs per virtual machine, depending on machine size. 每部電腦的 NIC 最大數目可在VM 大小文章中找到。The maximum number of NICs per machine is available in the VM size article. 連線至 VM 執行個體的 NIC 全都必須連線至相同的虛擬網路。All NICs connected to a VM instance must connect to the same virtual network. NIC 可以連線至不同子網路,但子網路必須全都屬於相同的虛擬網路。The NICs can connect to different subnets, but all subnets must be part of the same virtual network.

下列範例是顯示多個 NIC 項目的擴展集網路設定檔,以及每個虛擬機器的多個公用 IP:The following example is a scale set network profile showing multiple NIC entries, and multiple public IPs per virtual machine:

"networkProfile": {
    "networkInterfaceConfigurations": [
        {
        "name": "nic1",
        "properties": {
            "primary": true,
            "ipConfigurations": [
            {
                "name": "ip1",
                "properties": {
                "subnet": {
                    "id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/virtualNetworks/', variables('vnetName'), '/subnets/subnet1')]"
                },
                "publicipaddressconfiguration": {
                    "name": "pub1",
                    "properties": {
                    "idleTimeoutInMinutes": 15
                    }
                },
                "loadBalancerInboundNatPools": [
                    {
                    "id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/loadBalancers/', variables('lbName'), '/inboundNatPools/natPool1')]"
                    }
                ],
                "loadBalancerBackendAddressPools": [
                    {
                    "id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/loadBalancers/', variables('lbName'), '/backendAddressPools/addressPool1')]"
                    }
                ]
                }
            }
            ]
        }
        },
        {
        "name": "nic2",
        "properties": {
            "primary": false,
            "ipConfigurations": [
            {
                "name": "ip1",
                "properties": {
                "subnet": {
                    "id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/virtualNetworks/', variables('vnetName'), '/subnets/subnet1')]"
                },
                "publicipaddressconfiguration": {
                    "name": "pub1",
                    "properties": {
                    "idleTimeoutInMinutes": 15
                    }
                },
                "loadBalancerInboundNatPools": [
                    {
                    "id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/loadBalancers/', variables('lbName'), '/inboundNatPools/natPool1')]"
                    }
                ],
                "loadBalancerBackendAddressPools": [
                    {
                    "id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/loadBalancers/', variables('lbName'), '/backendAddressPools/addressPool1')]"
                    }
                ]
                }
            }
            ]
        }
        }
    ]
}

每個擴展集的 NSG 和 ASGNSG & ASGs per scale set

網路安全性群組可讓您使用安全性規則篩選在 Azure 虛擬網路中進出於 Azure 資源的流量。Network Security Groups allow you to filter traffic to and from Azure resources in an Azure virtual network using security rules. 應用程式安全性群組可讓您處理 Azure 資源的網路安全性,並將其群組為應用程式結構的擴充功能。Application Security Groups enable you to handle network security of Azure resources and group them as an extension of your application's structure.

您可以將「網路安全性群組」直接套用至擴展集,方法是將參考新增至擴展集虛擬機器屬性的網路介面設定區段。Network Security Groups can be applied directly to a scale set, by adding a reference to the network interface configuration section of the scale set virtual machine properties.

「應用程式安全性群組」也可以直接指定至擴展集,方法是將參考新增至擴展集虛擬機器屬性的網路介面 IP 組態區段。Application Security Groups can also be specified directly to a scale set, by adding a reference to the network interface ip configurations section of the scale set virtual machine properties.

例如:For example:

"networkProfile": {
    "networkInterfaceConfigurations": [
        {
            "name": "nic1",
            "properties": {
                "primary": true,
                "ipConfigurations": [
                    {
                        "name": "ip1",
                        "properties": {
                            "subnet": {
                                "id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/virtualNetworks/', variables('vnetName'), '/subnets/subnet1')]"
                            },
                            "applicationSecurityGroups": [
                                {
                                    "id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/applicationSecurityGroups/', variables('asgName'))]"
                                }
                            ],
                "loadBalancerInboundNatPools": [
                                {
                                    "id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/loadBalancers/', variables('lbName'), '/inboundNatPools/natPool1')]"
                                }
                            ],
                            "loadBalancerBackendAddressPools": [
                                {
                                    "id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/loadBalancers/', variables('lbName'), '/backendAddressPools/addressPool1')]"
                                }
                            ]
                        }
                    }
                ],
                "networkSecurityGroup": {
                    "id": "[concat('/subscriptions/', subscription().subscriptionId,'/resourceGroups/', resourceGroup().name, '/providers/Microsoft.Network/networkSecurityGroups/', variables('nsgName'))]"
                }
            }
        }
    ]
}

若要確認您的網路安全性群組是否與擴展集相關聯,請使用 az vmss show 命令。To verify your Network Security Group is associated with your scale set, use the az vmss show command. 下列範例會使用 --query 來篩選結果,並且只會顯示與輸出相關的區段。The below example uses --query to filter the results and only show the relevant section of the output.

az vmss show \
    -g myResourceGroup \
    -n myScaleSet \
    --query virtualMachineProfile.networkProfile.networkInterfaceConfigurations[].networkSecurityGroup

[
  {
    "id": "/subscriptions/.../resourceGroups/myResourceGroup/providers/Microsoft.Network/networkSecurityGroups/nsgName",
    "resourceGroup": "myResourceGroup"
  }
]

若要確認您的應用程式安全性群組是否與擴展集相關聯,請使用 az vmss show 命令。To verify your Application Security Group is associated with your scale set, use the az vmss show command. 下列範例會使用 --query 來篩選結果,並且只會顯示與輸出相關的區段。The below example uses --query to filter the results and only show the relevant section of the output.

az vmss show \
    -g myResourceGroup \
    -n myScaleSet \
    --query virtualMachineProfile.networkProfile.networkInterfaceConfigurations[].ipConfigurations[].applicationSecurityGroups

[
  [
    {
      "id": "/subscriptions/.../resourceGroups/myResourceGroup/providers/Microsoft.Network/applicationSecurityGroups/asgName",
      "resourceGroup": "myResourceGroup"
    }
  ]
]

對特定實例進行網路更新Make networking updates to specific instances

您可以對特定的虛擬機器擴展集實例進行網路更新。You can make networking updates to specific virtual machine scale set instances.

您可以 PUT 針對實例更新網路設定。You can PUT against the instance to update the network configuration. 這可以用來做一些事,像是新增或移除網路介面卡) (Nic,或從後端集區移除實例。This can be used to do things like add or remove network interface cards (NICs), or remove an instance from a backend pool.

PUT https://management.azure.com/subscriptions/.../resourceGroups/vmssnic/providers/Microsoft.Compute/virtualMachineScaleSets/vmssnic/virtualMachines/1/?api-version=2019-07-01

下列範例顯示如何將第二個 IP 設定新增至 NIC。The following example shows how to add a second IP Configuration to your NIC.

  1. GET 特定虛擬機器擴展集實例的詳細資料。GET the details for a specific virtual machine scale set instance.

    GET https://management.azure.com/subscriptions/.../resourceGroups/vmssnic/providers/Microsoft.Compute/virtualMachineScaleSets/vmssnic/virtualMachines/1/?api-version=2019-07-01
    

    以下已簡化為只顯示此範例的網路參數。The following was simplified to show only networking parameters for this example.

    {
      ...
      "properties": {
        ...
        "networkProfileConfiguration": {
          "networkInterfaceConfigurations": [
            {
              "name": "vmssnic-vnet-nic01",
              "properties": {
                "primary": true,
                "enableAcceleratedNetworking": false,
                "networkSecurityGroup": {
                  "id": "/subscriptions/123a1a12-a123-1ab1-12a1-12a1a1234ab1/resourceGroups/vmssnic/providers/Microsoft.Network/networkSecurityGroups/basicNsgvmssnic-vnet-nic01"
                },
                "dnsSettings": {
                  "dnsServers": []
                },
                "enableIPForwarding": false,
                "ipConfigurations": [
                  {
                    "name": "vmssnic-vnet-nic01-defaultIpConfiguration",
                    "properties": {
                      "publicIPAddressConfiguration": {
                        "name": "publicIp-vmssnic-vnet-nic01",
                        "properties": {
                          "idleTimeoutInMinutes": 15,
                          "ipTags": [],
                          "publicIPAddressVersion": "IPv4"
                        }
                      },
                      "primary": true,
                      "subnet": {
                        "id": "/subscriptions/123a1a12-a123-1ab1-12a1-12a1a1234ab1/resourceGroups/vmssnic/providers/Microsoft.Network/virtualNetworks/vmssnic-vnet/subnets/default"
                      },
                      "privateIPAddressVersion": "IPv4"
                    }
                  }
                ]
              }
            }
          ]
        },
        ...
      }
    }
    
  2. PUT 針對實例,更新以新增額外的 IP 設定。PUT against the instance, updating to add the additional IP configuration. 這與新增額外的類似 networkInterfaceConfigurationThis is similar for adding additional networkInterfaceConfiguration.

    PUT https://management.azure.com/subscriptions/.../resourceGroups/vmssnic/providers/Microsoft.Compute/virtualMachineScaleSets/vmssnic/virtualMachines/1/?api-version=2019-07-01
    

    以下已簡化為只顯示此範例的網路參數。The following was simplified to show only networking parameters for this example.

      {
      ...
      "properties": {
        ...
        "networkProfileConfiguration": {
          "networkInterfaceConfigurations": [
            {
              "name": "vmssnic-vnet-nic01",
              "properties": {
                "primary": true,
                "enableAcceleratedNetworking": false,
                "networkSecurityGroup": {
                  "id": "/subscriptions/123a1a12-a123-1ab1-12a1-12a1a1234ab1/resourceGroups/vmssnic/providers/Microsoft.Network/networkSecurityGroups/basicNsgvmssnic-vnet-nic01"
                },
                "dnsSettings": {
                  "dnsServers": []
                },
                "enableIPForwarding": false,
                "ipConfigurations": [
                  {
                    "name": "vmssnic-vnet-nic01-defaultIpConfiguration",
                    "properties": {
                      "publicIPAddressConfiguration": {
                        "name": "publicIp-vmssnic-vnet-nic01",
                        "properties": {
                          "idleTimeoutInMinutes": 15,
                          "ipTags": [],
                          "publicIPAddressVersion": "IPv4"
                        }
                      },
                      "primary": true,
                      "subnet": {
                        "id": "/subscriptions/123a1a12-a123-1ab1-12a1-12a1a1234ab1/resourceGroups/vmssnic/providers/Microsoft.Network/virtualNetworks/vmssnic-vnet/subnets/default"
                      },
                      "privateIPAddressVersion": "IPv4"
                    }
                  },
                  {
                    "name": "my-second-config",
                    "properties": {
                      "subnet": {
                        "id": "/subscriptions/123a1a12-a123-1ab1-12a1-12a1a1234ab1/resourceGroups/vmssnic/providers/Microsoft.Network/virtualNetworks/vmssnic-vnet/subnets/default"
                      },
                      "privateIPAddressVersion": "IPv4"
                    }
                  }
                ]
              }
            }
          ]
        },
        ...
      }
    }
    

後續步驟Next steps

如需 Azure 虛擬網路的詳細資訊,請參閱 Azure 虛擬網路概觀For more information about Azure virtual networks, see Azure virtual networks overview.