建立虛擬網路對等互連 - 不同部署模型和訂用帳戶Create a virtual network peering - different deployment models and subscriptions

在本教學課程中,您會了解如何在透過不同部署模型建立的虛擬網路之間,建立虛擬網路對等互連。In this tutorial, you learn to create a virtual network peering between virtual networks created through different deployment models. 這些虛擬網路存在於不同的訂用帳戶中。The virtual networks exist in different subscriptions. 對等互連兩個虛擬網路,可讓不同虛擬網路中的資源彼此通訊,且通訊時會有相同的頻寬和延遲,彷彿這些資源是位於相同的虛擬網路中。Peering two virtual networks enables resources in different virtual networks to communicate with each other with the same bandwidth and latency as though the resources were in the same virtual network. 深入了解虛擬網路對等互連Learn more about Virtual network peering.

建立虛擬網路對等互連的步驟會因一些因素而有所不同,這取決於虛擬網路是位於相同還是不同的訂用帳戶中,以及是透過哪一個 Azure 部署模型建立虛擬網路。The steps to create a virtual network peering are different, depending on whether the virtual networks are in the same, or different, subscriptions, and which Azure deployment model the virtual networks are created through. 請按一下下表中的案例,以了解如何在其他案例中建立虛擬網路對等互連:Learn how to create a virtual network peering in other scenarios by clicking the scenario from the following table:

Azure 部署模型Azure deployment model Azure 訂用帳戶Azure subscription
兩者皆使用 Resource ManagerBoth Resource Manager 相同Same
兩者皆使用 Resource ManagerBoth Resource Manager 不同Different
一個使用 Resource Manager、一個使用傳統部署模型One Resource Manager, one classic 相同Same

虛擬網路對等互連無法在透過傳統部署模型建立的兩個虛擬網路之間建立。A virtual network peering cannot be created between two virtual networks deployed through the classic deployment model. 本教學課程會使用存在同一個區域中的虛擬網路。This tutorial uses virtual networks that exist in the same region. 此教學課程將同一個區域中的虛擬網路視為對等。This tutorial peers virtual networks in the same region. 您也可以針對不同支援區域中的虛擬網路進行對等互連。You can also peer virtual networks in different supported regions. 建議您在對等互連虛擬網路之前,先熟悉對等互連的需求和限制條件It's recommended that you familiarize yourself with the peering requirements and constraints before peering virtual networks.

在不同訂用帳戶中的虛擬網路之間建立虛擬網路對等互連時,訂用帳戶可以與相同的 Azure Active Directory 租使用者建立關聯。When creating a virtual network peering between virtual networks that exist in different subscriptions, the subscriptions can associated to the same Azure Active Directory tenant. 如果您還沒有 Azure Active Directory 租用戶,可以快速地建立一個租用戶If you don't already have an Azure Active Directory tenant, you can quickly create one.

您可以使用 Azure 入口網站、Azure 命令列介面 (CLI) 或 Azure PowerShell 來建立虛擬網路對等互連。You can use the Azure portal, the Azure command-line interface (CLI), or Azure PowerShell to create a virtual network peering. 按一下任何先前的工具連結,直接前往使用您所選工具建立虛擬網路對等互連的步驟。Click any of the previous tool links to go directly to the steps for creating a virtual network peering using your tool of choice.

建立對等互連 - Azure 入口網站Create peering - Azure portal

本教學課程針對每個訂用帳戶使用不同的帳戶。This tutorial uses different accounts for each subscription. 如果您使用對兩個訂用帳戶都有權限的帳戶,便可以使用該相同帳戶來進行所有步驟、略過登出入口網站的步驟,以及略過指派另一位使用者權限給虛擬網路的步驟。If you're using an account that has permissions to both subscriptions, you can use the same account for all steps, skip the steps for logging out of the portal, and skip the steps for assigning another user permissions to the virtual networks.

  1. 以 UserA 的形式登入 Azure 入口網站Log in to the Azure portal as UserA. 您登入時使用的帳戶必須擁有必要的權限,才能建立虛擬網路對等互連。The account you log in with must have the necessary permissions to create a virtual network peering. 如需權限清單,請參閱虛擬網路對等互連權限For a list of permissions, see Virtual network peering permissions.

  2. 依序按一下 [新增]、[網路] 及 [虛擬網路]。Click + New, click Networking, then click Virtual network.

  3. 在 [建立虛擬網路] 刀鋒視窗上,輸入或選取下列設定的值,然後按一下 [建立]:In the Create virtual network blade, enter, or select values for the following settings, then click Create:

    • 名稱myVnetAName: myVnetA
    • 位址空間10.0.0.0/16Address space: 10.0.0.0/16
    • 子網路名稱預設值Subnet name: default
    • 子網路位址範圍10.0.0.0/24Subnet address range: 10.0.0.0/24
    • 訂用帳戶:選取訂用帳戶 A。Subscription: Select subscription A.
    • 資源群組:選取 [新建],然後輸入 myResourceGroupAResource group: Select Create new and enter myResourceGroupA
    • 位置:美國東部Location: East US
  4. 在入口網站頂端的 [搜尋資源] 方塊中,輸入 myVnetAIn the Search resources box at the top of the portal, type myVnetA. 當 myVnetA 出現在搜尋結果中時,按一下 [myVnetA]。Click myVnetA when it appears in the search results. 隨即會顯示 [myVnetA] 虛擬網路刀鋒視窗。A blade appears for the myVnetA virtual network.

  5. 在顯示的 [myVnetA] 刀鋒視窗中,從刀鋒視窗左側的垂直選項清單中按一下 [存取控制 (IAM)]。In the myVnetA blade that appears, click Access control (IAM) from the vertical list of options on the left side of the blade.

  6. 在顯示的 [myVnetA - 存取控制 (IAM)] 刀鋒視窗中,按一下 [+ 新增角色指派]。In the myVnetA - Access control (IAM) blade that appears, click + Add role assignment.

  7. 在顯示的 [新增角色指派] 刀鋒視窗中,選取 [角色] 方塊中的 [網路參與者]。In the Add role assignment blade that appears, select Network contributor in the Role box.

  8. 在 [ 選取 ] 方塊中,選取 [UserB],或輸入 UserB 的電子郵件地址來搜尋它。In the Select box, select UserB, or type UserB's email address to search for it. 顯示的使用者清單來自與您設定對等互連之虛擬網路相同的 Azure Active Directory 租用戶。The list of users shown is from the same Azure Active Directory tenant as the virtual network you're setting up the peering for. 當 UserB 出現在清單中時,按一下 [UserB]。Click UserB when it appears in the list.

  9. 按一下 [儲存]。Click Save.

  10. 以 UserA 身分登出入口網站,然後以 UserB 身分登入。Log out of the portal as UserA, then log in as UserB.

  11. 按一下 [+ 新增],在 [搜尋 Marketplace] 方塊中輸入 虛擬網路,然後按一下搜尋結果中的 [虛擬網路]。Click + New, type Virtual network in the Search the Marketplace box, then click Virtual network in the search results.

  12. 在出現的 [虛擬網路] 刀鋒視窗中,於 [選取部署模型] 方塊中選取 [傳統],然後按一下 [建立]。In the Virtual Network blade that appears, select Classic in the Select a deployment model box, then click Create.

  13. 在顯示的 [建立虛擬網路 (傳統)] 方塊中,輸入下列值:In the Create virtual network (classic) box that appears, enter the following values:

    • 名稱myVnetBName: myVnetB
    • 位址空間10.1.0.0/16Address space: 10.1.0.0/16
    • 子網路名稱預設值Subnet name: default
    • 子網路位址範圍10.1.0.0/24Subnet address range: 10.1.0.0/24
    • 訂用帳戶:選取訂用帳戶 B。Subscription: Select subscription B.
    • 資源群組:選取 [新建],然後輸入 myResourceGroupBResource group: Select Create new and enter myResourceGroupB
    • 位置:美國東部Location: East US
  14. 在入口網站頂端的 [搜尋資源] 方塊中,輸入 myVnetBIn the Search resources box at the top of the portal, type myVnetB. 當 myVnetB 出現在搜尋結果中時,按一下 [myVnetB]。Click myVnetB when it appears in the search results. 隨即會顯示 [myVnetB] 虛擬網路刀鋒視窗。A blade appears for the myVnetB virtual network.

  15. 在顯示的 [myVnetB] 刀鋒視窗中,從刀鋒視窗左側的垂直選項清單中按一下 [屬性]。In the myVnetB blade that appears, click Properties from the vertical list of options on the left side of the blade. 複製 [資源識別碼],在稍後的步驟中將會用到此識別碼。Copy the RESOURCE ID, which is used in a later step. 資源識別碼與下列範例類似: /subscriptions/<Subscription ID>/resourceGroups/myResourceGroupB/providers/Microsoft.ClassicNetwork/virtualNetworks/myVnetBThe resource ID is similar to the following example: /subscriptions/<Subscription ID>/resourceGroups/myResourceGroupB/providers/Microsoft.ClassicNetwork/virtualNetworks/myVnetB

  16. 針對 myVnetB 完成步驟 5-9,其中在步驟 8 輸入 UserAComplete steps 5-9 for myVnetB, entering UserA in step 8.

  17. 以 UserB 身分登出入口網站,然後以 UserA 身分登入。Log out of the portal as UserB and log in as UserA.

  18. 在入口網站頂端的 [搜尋資源] 方塊中,輸入 myVnetAIn the Search resources box at the top of the portal, type myVnetA. 當 myVnetA 出現在搜尋結果中時,按一下 [myVnetA]。Click myVnetA when it appears in the search results. 隨即會顯示 [myVnet] 虛擬網路刀鋒視窗。A blade appears for the myVnet virtual network.

  19. 按一下 [myVnetA]。Click myVnetA.

  20. 在顯示的 [myVnetA] 刀鋒視窗中,從刀鋒視窗左側的垂直選項清單中按一下 [對等]。In the myVnetA blade that appears, click Peerings from the vertical list of options on the left side of the blade.

  21. 在顯示的 [myVnetA - 對等互連] 刀鋒視窗中,按一下 [+ 新增]In the myVnetA - Peerings blade that appeared, click + Add

  22. 在顯示的 [新增對等互連] 刀鋒視窗中,輸入或選取下列選項,然後按一下 [確定]:In the Add peering blade that appears, enter, or select the following options, then click OK:

    • 名稱myVnetAToMyVnetBName: myVnetAToMyVnetB
    • 虛擬網路部署模型︰選取 [傳統]。Virtual network deployment model: Select Classic.
    • 我知道我的資源識別碼:核取此方塊。I know my resource ID: Check this box.
    • 資源識別碼: 輸入來自步驟 15 的 myVnetB 資源識別碼。Resource ID: Enter the resource ID of myVnetB from step 15.
    • 允許虛擬網路存取: 確定已選取 [啟用]。Allow virtual network access: Ensure that Enabled is selected. 本教學課程中不會使用其他設定。No other settings are used in this tutorial. 若要了解所有對等互連設定,請閱讀管理虛擬網路對等互連To learn about all peering settings, read Manage virtual network peerings.
  23. 在上一個步驟中按一下 [確定] 之後,[新增對等互連] 刀鋒視窗隨就會關閉,而您則會再次看到 [myVnetA - 對等] 刀鋒視窗。After clicking OK in the previous step, the Add peering blade closes and you see the myVnetA - Peerings blade again. 幾秒之後,您建立的對等互連會出現在刀鋒視窗中。After a few seconds, the peering you created appears in the blade. 您所建立之 myVnetAToMyVnetB 對等互連的 [對等互連狀態] 資料行中會列出 [已連接]。Connected is listed in the PEERING STATUS column for the myVnetAToMyVnetB peering you created. 現在已建立對等互連。The peering is now established. 沒有必要將虛擬網路 (傳統) 對等互連到虛擬網路 (Resource Manager)。There is no need to peer the virtual network (classic) to the virtual network (Resource Manager).

    您在任何一個虛擬網路中建立的任何 Azure 資源現在能夠透過其 IP 位址彼此通訊。Any Azure resources you create in either virtual network are now able to communicate with each other through their IP addresses. 如果您使用虛擬網路的預設 Azure 名稱解析,則虛擬網路中的資源無法跨虛擬網路解析名稱。If you're using default Azure name resolution for the virtual networks, the resources in the virtual networks are not able to resolve names across the virtual networks. 如果您想要跨對等互連中的虛擬網路解析名稱,您必須建立自己的 DNS 伺服器。If you want to resolve names across virtual networks in a peering, you must create your own DNS server. 了解如何設定使用自己的 DNS 伺服器進行名稱解析Learn how to set up Name resolution using your own DNS server.

  24. 選擇性:雖然本教學課程未涵蓋建立虛擬機器,但您可以在每個虛擬網路中建立一部虛擬機器,並從一部虛擬機器連線至另一部來驗證連線。Optional: Though creating virtual machines is not covered in this tutorial, you can create a virtual machine in each virtual network and connect from one virtual machine to the other, to validate connectivity.

  25. 選擇性:若要刪除您在本教學課程中建立的資源,請完成本文中 刪除資源一節的步驟。Optional: To delete the resources that you create in this tutorial, complete the steps in the Delete resources section of this article.

建立對等互連 - Azure CLICreate peering - Azure CLI

本教學課程針對每個訂用帳戶使用不同的帳戶。This tutorial uses different accounts for each subscription. 如果您使用對兩個訂用帳戶都有權限的帳戶,便可以使用該相同帳戶來進行所有步驟、略過登出 Azure 的步驟,以及移除建立使用者角色指派項目的指令碼行。If you're using an account that has permissions to both subscriptions, you can use the same account for all steps, skip the steps for logging out of Azure, and remove the lines of script that create user role assignments. 請使用您要用於 UserA 和 UserB 的使用者名稱來取代下列指令碼中的 UserA@azure.com 和 UserB@azure.com。Replace UserA@azure.com and UserB@azure.com in all of the following scripts with the usernames you're using for UserA and UserB. 使用 Azure 傳統 CLI 與 Azure CLI 完成下列步驟。Complete the following steps using the Azure classic CLI and the Azure CLI. 您可以從 Azure Cloud Shell 完成這些步驟,只需在下列任一步驟中選取 [試用] 按鈕,或安裝傳統 CLICLI 並在您的本機電腦上執行命令。You can complete the steps from the Azure Cloud Shell, by just selecting the Try it button in any of the following steps, or by installing the classic CLI and CLI and running the commands on your local computer.

  1. 如果使用 Cloud Shell,請跳至步驟 2,因為 Cloud Shel l會自動將您登入 Azure。If using the Cloud Shell, skip to step 2, because the Cloud Shell automatically signs you in to Azure. 開啟命令工作階段,然後使用 azure login 命令來登入 Azure。Open a command session and sign in to Azure using the azure login command.

  2. 輸入 azure config mode asm 命令來以「服務管理」模式執行傳統 CLI。Run the classic CLI in Service Management mode by entering the azure config mode asm command.

  3. 輸入下列傳統 CLI 命令來建立虛擬網路 (傳統):Enter the following classic CLI command to create the virtual network (classic):

    azure network vnet create --vnet myVnetB --address-space 10.1.0.0 --cidr 16 --location "East US"
    
  4. 必須使用 bash 殼層搭配 Azure CLI (而不是傳統 CLI) 完成其餘步驟。The remaining steps must be completed using a bash shell with the Azure CLI (not the classic CLI).

  5. 將下列指令碼複製到您電腦上的文字編輯器中。Copy the following script to a text editor on your PC. 使用您的訂用帳戶 ID 來取代 <SubscriptionB-Id>Replace <SubscriptionB-Id> with your subscription ID. 如果您不知道您的訂用帳戶 ID,請輸入 az account show 命令。If you don't know your subscription Id, enter the az account show command. 輸出中的 識別碼 值是您的訂用帳戶識別碼。請複製修改過的腳本,將它貼到您的 CLI 會話中,然後按下 EnterThe value for id in the output is your subscription Id. Copy the modified script, paste it in to your CLI session, and then press Enter.

    az role assignment create \
      --assignee UserA@azure.com \
      --role "Classic Network Contributor" \
      --scope /subscriptions/<SubscriptionB-Id>/resourceGroups/Default-Networking/providers/Microsoft.ClassicNetwork/virtualNetworks/myVnetB
    

    當您在步驟 4 中建立虛擬網路 (傳統) 時,Azure 是在 Default-Networking 資源群組中建立該虛擬網路。When you created the virtual network (classic) in step 4, Azure created the virtual network in the Default-Networking resource group.

  6. 將 UserB 登出 Azure,然後在 CLI 中以 UserA 身分登入。Log UserB out of Azure and log in as UserA in the CLI.

  7. 建立資源群組和虛擬網路 (Resource Manager)。Create a resource group and a virtual network (Resource Manager). 請複製下列指令碼並貼到您的 CLI 工作階段中,然後按 EnterCopy the following script, paste it in to your CLI session, and then press Enter.

    #!/bin/bash
    
    # Variables for common values used throughout the script.
    rgName="myResourceGroupA"
    location="eastus"
    
    # Create a resource group.
    az group create \
      --name $rgName \
      --location $location
    
    # Create virtual network A (Resource Manager).
    az network vnet create \
      --name myVnetA \
      --resource-group $rgName \
      --location $location \
      --address-prefix 10.0.0.0/16
    
    # Get the id for myVnetA.
    vNetAId=$(az network vnet show \
      --resource-group $rgName \
      --name myVnetA \
      --query id --out tsv)
    
    # Assign UserB permissions to myVnetA.
    az role assignment create \
      --assignee UserB@azure.com \
      --role "Network Contributor" \
      --scope $vNetAId
    
  8. 在透過不同部署模型建立的兩個虛擬網路之間,建立虛擬網路對等互連。Create a virtual network peering between the two virtual networks created through the different deployment models. 將下列指令碼複製到您電腦上的文字編輯器中。Copy the following script to a text editor on your PC. <SubscriptionB-id>以您的訂用帳戶 Id 取代。如果您不知道您的訂用帳戶識別碼,請輸入 az account show 命令。Replace <SubscriptionB-id> with your subscription Id. If you don't know your subscription Id, enter the az account show command. 輸出中的 識別碼 值是您的訂用帳戶識別碼。 Azure 建立了虛擬網路,) (您在步驟4中建立的虛擬網路,並在名為 [ 預設網路] 的資源群組中建立。The value for id in the output is your subscription Id. Azure created the virtual network (classic) you created in step 4 in a resource group named Default-Networking. 請將修改過的指令碼貼到您的 CLI 工作階段中,然後按 EnterPaste the modified script in your CLI session, and then press Enter.

    # Peer VNet1 to VNet2.
    az network vnet peering create \
      --name myVnetAToMyVnetB \
      --resource-group $rgName \
      --vnet-name myVnetA \
      --remote-vnet-id  /subscriptions/<SubscriptionB-id>/resourceGroups/Default-Networking/providers/Microsoft.ClassicNetwork/virtualNetworks/myVnetB \
      --allow-vnet-access
    
  9. 在指令碼執行之後,檢閱虛擬網路 (Resource Manager) 的對等互連。After the script executes, review the peering for the virtual network (Resource Manager). 請複製下列指令碼,然後將它貼到您的 CLI 工作階段中:Copy the following script, and then paste it in your CLI session:

    az network vnet peering list \
      --resource-group $rgName \
      --vnet-name myVnetA \
      --output table
    

    輸出會在 PeeringState 資料行中顯示 ConnectedThe output shows Connected in the PeeringState column.

    您在任何一個虛擬網路中建立的任何 Azure 資源現在能夠透過其 IP 位址彼此通訊。Any Azure resources you create in either virtual network are now able to communicate with each other through their IP addresses. 如果您使用虛擬網路的預設 Azure 名稱解析,則虛擬網路中的資源無法跨虛擬網路解析名稱。If you're using default Azure name resolution for the virtual networks, the resources in the virtual networks are not able to resolve names across the virtual networks. 如果您想要跨對等互連中的虛擬網路解析名稱,您必須建立自己的 DNS 伺服器。If you want to resolve names across virtual networks in a peering, you must create your own DNS server. 了解如何設定使用自己的 DNS 伺服器進行名稱解析Learn how to set up Name resolution using your own DNS server.

  10. 選擇性:雖然本教學課程未涵蓋建立虛擬機器,但您可以在每個虛擬網路中建立一部虛擬機器,並從一部虛擬機器連線至另一部來驗證連線。Optional: Though creating virtual machines is not covered in this tutorial, you can create a virtual machine in each virtual network and connect from one virtual machine to the other, to validate connectivity.

  11. 選擇性:若要刪除您在本教學課程中所建立的資源,請完成本文中 刪除資源的步驟。Optional: To delete the resources that you create in this tutorial, complete the steps in Delete resources in this article.

建立對等互連 - PowerShellCreate peering - PowerShell

本教學課程針對每個訂用帳戶使用不同的帳戶。This tutorial uses different accounts for each subscription. 如果您使用對兩個訂用帳戶都有權限的帳戶,便可以使用該相同帳戶來進行所有步驟、略過登出 Azure 的步驟,以及移除建立使用者角色指派項目的指令碼行。If you're using an account that has permissions to both subscriptions, you can use the same account for all steps, skip the steps for logging out of Azure, and remove the lines of script that create user role assignments. 請使用您要用於 UserA 和 UserB 的使用者名稱來取代下列指令碼中的 UserA@azure.com 和 UserB@azure.com。Replace UserA@azure.com and UserB@azure.com in all of the following scripts with the usernames you're using for UserA and UserB.

  1. 安裝最新版的 PowerShell AzureAz 模組。Install the latest version of the PowerShell Azure and Az modules. 如果您不熟悉 Azure PowerShell,請參閱 Azure PowerShell 概觀If you're new to Azure PowerShell, see Azure PowerShell overview.

  2. 啟動 PowerShell 工作階段。Start a PowerShell session.

  3. 在 PowerShell 中,輸入 Add-AzureAccount 命令來以 UserB 身分登入 UserB 的訂用帳戶。In PowerShell, log in to UserB's subscription as UserB by entering the Add-AzureAccount command. 您登入時使用的帳戶必須擁有必要的權限,才能建立虛擬網路對等互連。The account you log in with must have the necessary permissions to create a virtual network peering. 如需權限清單,請參閱虛擬網路對等互連權限For a list of permissions, see Virtual network peering permissions.

  4. 若要使用 PowerShell 來建立虛擬網路 (傳統),您必須建立一個新的或修改現有的網路組態檔。To create a virtual network (classic) with PowerShell, you must create a new, or modify an existing, network configuration file. 了解如何匯出、更新及匯入網路組態檔Learn how to export, update, and import network configuration files. 就本教學課程中使用的虛擬網路而言,此檔案應該包含下列 VirtualNetworkSite 元素:The file should include the following VirtualNetworkSite element for the virtual network used in this tutorial:

    <VirtualNetworkSite name="myVnetB" Location="East US">
      <AddressSpace>
        <AddressPrefix>10.1.0.0/16</AddressPrefix>
      </AddressSpace>
      <Subnets>
        <Subnet name="default">
          <AddressPrefix>10.1.0.0/24</AddressPrefix>
        </Subnet>
      </Subnets>
    </VirtualNetworkSite>
    

    警告

    匯入變更過的網路組態檔會導致您訂用帳戶中現有的虛擬網路 (傳統) 發生變更。Importing a changed network configuration file can cause changes to existing virtual networks (classic) in your subscription. 請確定您只新增先前的虛擬網路,並且未變更或移除您訂用帳戶中任何現有的虛擬網路。Ensure you only add the previous virtual network and that you don't change or remove any existing virtual networks from your subscription.

  5. 輸入 Connect-AzAccount 命令來以 UserB 身分登入 UserB 的訂用帳戶,以使用 Resource Manager 命令。Log in to UserB's subscription as UserB to use Resource Manager commands by entering the Connect-AzAccount command.

  6. 將 UserA 權限指派給虛擬網路 B。將下列指令碼複製到您電腦上的文字編輯器中,並使用訂用帳戶 B 的 ID 來取代 <SubscriptionB-id>。如果您不知道訂用帳戶 ID,請輸入 Get-AzSubscription 命令來檢視它。Assign UserA permissions to virtual network B. Copy the following script to a text editor on your PC and replace <SubscriptionB-id> with the ID of subscription B. If you don't know the subscription Id, enter the Get-AzSubscription command to view it. 傳回之輸出中的 Id 值就是您的訂用帳戶 ID。The value for Id in the returned output is your subscription ID. Azure 已將您在步驟 4 中建立的虛擬網路 (傳統) 建立在名為 Default-Networking 的資源群組中。Azure created the virtual network (classic) you created in step 4 in a resource group named Default-Networking. 若要執行指令碼,請複製修改過的指令碼並貼到 PowerShell 中,然後按 EnterTo execute the script, copy the modified script, paste it in to PowerShell, and then press Enter.

    New-AzRoleAssignment `
      -SignInName UserA@azure.com `
      -RoleDefinitionName "Classic Network Contributor" `
      -Scope /subscriptions/<SubscriptionB-id>/resourceGroups/Default-Networking/providers/Microsoft.ClassicNetwork/virtualNetworks/myVnetB
    
  7. 以 UserB 身分登出 Azure,然後輸入 Connect-AzAccount 命令來以 UserA 身分登入 UserA 的訂用帳戶。Log out of Azure as UserB and log in to UserA's subscription as UserA by entering the Connect-AzAccount command. 您登入時使用的帳戶必須擁有必要的權限,才能建立虛擬網路對等互連。The account you log in with must have the necessary permissions to create a virtual network peering. 如需權限清單,請參閱虛擬網路對等互連權限For a list of permissions, see Virtual network peering permissions.

  8. 複製下列指令碼並貼到 PowerShell 中,然後按 Enter,以建立虛擬網路 (Resource Manager):Create the virtual network (Resource Manager) by copying the following script, pasting it in to PowerShell, and then pressing Enter:

    # Variables for common values
      $rgName='MyResourceGroupA'
      $location='eastus'
    
    # Create a resource group.
    New-AzResourceGroup `
      -Name $rgName `
      -Location $location
    
    # Create virtual network A.
    $vnetA = New-AzVirtualNetwork `
      -ResourceGroupName $rgName `
      -Name 'myVnetA' `
      -AddressPrefix '10.0.0.0/16' `
      -Location $location
    
  9. 將 UserB 權限指派給 myVnetA。Assign UserB permissions to myVnetA. 將下列指令碼複製到您電腦上的文字編輯器中,並使用訂用帳戶 A 的 ID 來取代 <SubscriptionA-Id>。如果您不知道訂用帳戶 ID,請輸入 Get-AzSubscription 命令來檢視它。Copy the following script to a text editor on your PC and replace <SubscriptionA-Id> with the ID of subscription A. If you don't know the subscription Id, enter the Get-AzSubscription command to view it. 傳回之輸出中的 Id 值就是您的訂用帳戶 ID。The value for Id in the returned output is your subscription ID. 將修改過的指令碼版本貼到 PowerShell 中,然後按 Enter 來執行它。Paste the modified version of the script in PowerShell, and then press Enter to execute it.

    New-AzRoleAssignment `
      -SignInName UserB@azure.com `
      -RoleDefinitionName "Network Contributor" `
      -Scope /subscriptions/<SubscriptionA-Id>/resourceGroups/myResourceGroupA/providers/Microsoft.Network/VirtualNetworks/myVnetA
    
  10. 將下列指令碼複製到您電腦上的文字編輯器中,並使用訂用帳戶 B 的 ID 來取代 <SubscriptionB-id>。若要將 myVnetA 對等互連到 myVNetB,請複製修改過的指令碼並貼到 PowerShell 中,然後按 EnterCopy the following script to a text editor on your PC, and replace <SubscriptionB-id> with the ID of subscription B. To peer myVnetA to myVNetB, copy the modified script, paste it in to PowerShell, and then press Enter.

    Add-AzVirtualNetworkPeering `
      -Name 'myVnetAToMyVnetB' `
      -VirtualNetwork $vnetA `
      -RemoteVirtualNetworkId /subscriptions/<SubscriptionB-id>/resourceGroups/Default-Networking/providers/Microsoft.ClassicNetwork/virtualNetworks/myVnetB
    
  11. 複製下列指令碼並貼到 PowerShell 中,然後按 Enter,以檢視 myVnetA 的對等互連狀態。View the peering state of myVnetA by copying the following script, pasting it into PowerShell, and pressing Enter.

    Get-AzVirtualNetworkPeering `
      -ResourceGroupName $rgName `
      -VirtualNetworkName myVnetA `
      | Format-Table VirtualNetworkName, PeeringState
    

    狀態為 ConnectedThe state is Connected. 在您設定從 myVnetB 到 myVnetA 的對等互連之後,它就會變更為 ConnectedIt changes to Connected once you set up the peering to myVnetA from myVnetB.

    您在任何一個虛擬網路中建立的任何 Azure 資源現在能夠透過其 IP 位址彼此通訊。Any Azure resources you create in either virtual network are now able to communicate with each other through their IP addresses. 如果您使用虛擬網路的預設 Azure 名稱解析,則虛擬網路中的資源無法跨虛擬網路解析名稱。If you're using default Azure name resolution for the virtual networks, the resources in the virtual networks are not able to resolve names across the virtual networks. 如果您想要跨對等互連中的虛擬網路解析名稱,您必須建立自己的 DNS 伺服器。If you want to resolve names across virtual networks in a peering, you must create your own DNS server. 了解如何設定使用自己的 DNS 伺服器進行名稱解析Learn how to set up Name resolution using your own DNS server.

  12. 選擇性:雖然本教學課程未涵蓋建立虛擬機器,但您可以在每個虛擬網路中建立一部虛擬機器,並從一部虛擬機器連線至另一部來驗證連線。Optional: Though creating virtual machines is not covered in this tutorial, you can create a virtual machine in each virtual network and connect from one virtual machine to the other, to validate connectivity.

  13. 選擇性:若要刪除您在本教學課程中所建立的資源,請完成本文中 刪除資源的步驟。Optional: To delete the resources that you create in this tutorial, complete the steps in Delete resources in this article.

刪除資源Delete resources

當您完成本教學課程時,您可能會想刪除您在教學課程中建立的資源,以免產生使用費。When you've finished this tutorial, you might want to delete the resources you created in the tutorial, so you don't incur usage charges. 刪除資源群組同時會刪除其內含的所有資源。Deleting a resource group also deletes all resources that are in the resource group.

Azure 入口網站Azure portal

  1. 在入口網站搜尋方塊中,輸入 myResourceGroupAIn the portal search box, enter myResourceGroupA. 在搜尋結果中,按一下 [myResourceGroupA]。In the search results, click myResourceGroupA.
  2. 在 [myResourceGroupA] 刀鋒視窗中,按一下 [刪除] 圖示。On the myResourceGroupA blade, click the Delete icon.
  3. 若要確認刪除,請在 [輸入資源群組名稱] 方塊中輸入 myResourceGroupA,然後按一下 [刪除]。To confirm the deletion, in the TYPE THE RESOURCE GROUP NAME box, enter myResourceGroupA, and then click Delete.
  4. 在入口網站頂端的 [搜尋資源] 方塊中,輸入 myVnetBIn the Search resources box at the top of the portal, type myVnetB. 當 myVnetB 出現在搜尋結果中時,按一下 [myVnetB]。Click myVnetB when it appears in the search results. 隨即會顯示 [myVnetB] 虛擬網路刀鋒視窗。A blade appears for the myVnetB virtual network.
  5. 在 [myVnetB] 刀鋒視窗中,按一下 [刪除]。In the myVnetB blade, click Delete.
  6. 若要確認刪除,請在 [刪除虛擬網路] 方塊中,按一下 [是]。To confirm the deletion, click Yes in the Delete virtual network box.

Azure CLIAzure CLI

  1. 使用 CLI 來登入 Azure,以使用下列命令來刪除虛擬網路 (Resource Manager):Log in to Azure using the CLI to delete the virtual network (Resource Manager) with the following command:

    az group delete --name myResourceGroupA --yes
    
  2. 使用傳統 CLI 來登入 Azure,以使用下列命令來刪除虛擬網路 (傳統):Sign in to Azure using the classic CLI to delete the virtual network (classic) with the following commands:

    azure config mode asm
    
    azure network vnet delete --vnet myVnetB --quiet
    

PowerShellPowerShell

  1. 在 PowerShell 命令提示字元中,輸入下列命令來刪除虛擬網路 (Resource Manager):At the PowerShell command prompt, enter the following command to delete the virtual network (Resource Manager):

    Remove-AzResourceGroup -Name myResourceGroupA -Force
    
  2. 若要使用 PowerShell 來刪除虛擬網路 (傳統),您必須修改現有的網路組態檔。To delete the virtual network (classic) with PowerShell, you must modify an existing network configuration file. 了解如何匯出、更新及匯入網路組態檔Learn how to export, update, and import network configuration files. 針對本教學課程中使用的虛擬網路,請移除下列 VirtualNetworkSite 元素:Remove the following VirtualNetworkSite element for the virtual network used in this tutorial:

    <VirtualNetworkSite name="myVnetB" Location="East US">
      <AddressSpace>
        <AddressPrefix>10.1.0.0/16</AddressPrefix>
      </AddressSpace>
      <Subnets>
        <Subnet name="default">
          <AddressPrefix>10.1.0.0/24</AddressPrefix>
        </Subnet>
      </Subnets>
    </VirtualNetworkSite>
    

    警告

    匯入變更過的網路組態檔會導致您訂用帳戶中現有的虛擬網路 (傳統) 發生變更。Importing a changed network configuration file can cause changes to existing virtual networks (classic) in your subscription. 請確定您只移除先前的虛擬網路,並且未變更或移除您訂用帳戶中任何其他現有的虛擬網路。Ensure you only remove the previous virtual network and that you don't change or remove any other existing virtual networks from your subscription.

後續步驟Next steps