教學課程:使用 Azure 入口網站以虛擬網路對等互連連線虛擬網路Tutorial: Connect virtual networks with virtual network peering using the Azure portal

您可以使用虛擬網路對等互連,讓虛擬網路彼此連線。You can connect virtual networks to each other with virtual network peering. 這些虛擬網路可位於相同或不同的區域 (也稱為全域 VNet 對等互連)。These virtual networks can be in the same region or different regions (also known as Global VNet peering). 一旦虛擬網路對等互連,兩個虛擬網路中的資源就可以彼此通訊,且通訊時會有相同的延遲和頻寬,彷彿這些資源是位於相同的虛擬網路中。Once virtual networks are peered, resources in both virtual networks are able to communicate with each other, with the same latency and bandwidth as if the resources were in the same virtual network. 在本教學課程中,您了解如何:In this tutorial, you learn how to:

  • 建立兩個虛擬網路Create two virtual networks
  • 使用虛擬網路對等互連連線兩個虛擬網路Connect two virtual networks with a virtual network peering
  • 將虛擬機器 (VM) 部署到每個虛擬網路Deploy a virtual machine (VM) into each virtual network
  • 虛擬機器之間的通訊Communicate between VMs

您可以依偏好使用 Azure CLIAzure PowerShell 完成本教學課程。If you prefer, you can complete this tutorial using the Azure CLI or Azure PowerShell.

如果您沒有 Azure 訂用帳戶,請在開始前建立 免費帳戶If you don't have an Azure subscription, create a free account before you begin.

登入 AzureLog in to Azure

https://portal.azure.com 上登入 Azure 入口網站。Log in to the Azure portal at https://portal.azure.com.

建立虛擬網路Create virtual networks

  1. 選取 Azure 入口網站左上角的 [+ 建立資源]。Select + Create a resource on the upper, left corner of the Azure portal.

  2. 選取 [網絡],然後選取 [虛擬網路]。Select Networking, and then select Virtual network.

  3. 輸入或選取下列資訊、接受其餘設定的預設值,然後選取 [建立]:Enter, or select, the following information, accept the defaults for the remaining settings, and then select Create:

    設定Setting Value
    NameName myVirtualNetwork1myVirtualNetwork1
    位址空間Address space 10.0.0.0/1610.0.0.0/16
    訂用帳戶Subscription 選取您的訂用帳戶。Select your subscription.
    資源群組Resource group 選取 [新建],然後輸入 myResourceGroupSelect Create new and enter myResourceGroup.
    位置Location 選取 [美國東部]。Select East US.
    子網路名稱Subnet Name Subnet1Subnet1
    子網路位址範圍Subnet Address range 10.0.0.0/2410.0.0.0/24

    建立虛擬網路

  4. 以下列變更再次完成步驟 1-3:Complete steps 1-3 again, with the following changes:

    設定Setting Value
    NameName myVirtualNetwork2myVirtualNetwork2
    位址空間Address space 10.1.0.0/1610.1.0.0/16
    資源群組Resource group 選取 [使用現有的],然後選取 [myResourceGroup]。Select Use existing and then select myResourceGroup.
    子網路位址範圍Subnet Address range 10.1.0.0/2410.1.0.0/24

對等互連虛擬網路Peer virtual networks

  1. 在 Azure 入口網站頂端的 [搜尋] 方塊中,開始輸入 MyVirtualNetwork1。In the Search box at the top of the Azure portal, begin typing MyVirtualNetwork1. 當搜尋結果中出現 myVirtualNetwork1 時加以選取。When myVirtualNetwork1 appears in the search results, select it.

  2. 選取 [設定] 底下的 [對等互連],然後選取 [+新增],如下圖所示:Select Peerings, under SETTINGS, and then select + Add, as shown in the following picture:

    建立對等互連

  3. 輸入或選取下列資訊、接受其餘設定的預設值,然後選取 [確定]。Enter, or select, the following information, accept the defaults for the remaining settings, and then select OK.

    設定Setting Value
    NameName myVirtualNetwork1-myVirtualNetwork2myVirtualNetwork1-myVirtualNetwork2
    訂用帳戶Subscription 選取您的訂用帳戶。Select your subscription.
    虛擬網路Virtual network myVirtualNetwork2 - 若要選取 myVirtualNetwork2 虛擬網路,請選取 [虛擬網路],然後選取 [myVirtualNetwork2]。myVirtualNetwork2 - To select the myVirtualNetwork2 virtual network, select Virtual network, then select myVirtualNetwork2. 您可以選取相同區域或不同區域中的虛擬網路。You can select a virtual network in the same region or in a different region.

    對等互連設定

    「對等互連狀態」是「已啟動」,如下圖所示:The PEERING STATUS is Initiated, as shown in the following picture:

    對等互連狀態

    如果您沒有看到狀態,請重新整理瀏覽器。If you don't see the status, refresh your browser.

  4. 在 Azure 入口網站頂端的 [搜尋] 方塊中,開始輸入 MyVirtualNetwork2。In the Search box at the top of the Azure portal, begin typing MyVirtualNetwork2. 當搜尋結果中出現 myVirtualNetwork2 時加以選取。When myVirtualNetwork2 appears in the search results, select it.

  5. 以下列變更再次完成步驟 2-3,然後選取 [確定]:Complete steps 2-3 again, with the following changes, and then select OK:

    設定Setting Value
    NameName myVirtualNetwork2-myVirtualNetwork1myVirtualNetwork2-myVirtualNetwork1
    虛擬網路Virtual network myVirtualNetwork1myVirtualNetwork1

    「對等互連狀態」是「已連線」。The PEERING STATUS is Connected. Azure 也會將 myVirtualNetwork2-myVirtualNetwork1 對等互連的對等互連狀態從「已啟動」變更為「已連線」。Azure also changed the peering status for the myVirtualNetwork2-myVirtualNetwork1 peering from Initiated to Connected. 在兩個虛擬網路的對等互連狀態變為「已連線」之後,您才能成功建立虛擬網路對等互連。Virtual network peering is not fully established until the peering status for both virtual networks is Connected.

建立虛擬機器Create virtual machines

在每個虛擬網路中建立虛擬機器,以便您可以在稍後的步驟中於彼此之間通訊。Create a VM in each virtual network so that you can communicate between them in a later step.

建立第一個 VMCreate the first VM

  1. 選取 Azure 入口網站左上角的 [+ 建立資源]。Select + Create a resource on the upper, left corner of the Azure portal.

  2. 選取 [計算],然後選取 [Windows Server 2016 Datacenter]。Select Compute, and then select Windows Server 2016 Datacenter. 您可以選取不同的作業系統,但是其餘步驟假設您選取的是 Windows Server 2016 DatacenterYou can select a different operating system, but the remaining steps assume you selected Windows Server 2016 Datacenter.

  3. 針對 [基本資料] 輸入或選取下列資訊、接受其餘設定的預設值,然後選取 [建立]:Enter, or select, the following information for Basics, accept the defaults for the remaining settings, and then select Create:

    設定Setting Value
    NameName myVm1myVm1
    使用者名稱User name 輸入您選擇的使用者名稱。Enter a user name of your choosing.
    密碼Password 輸入您選擇的密碼。Enter a password of your choosing. 密碼長度至少必須有 12 個字元,而且符合定義的複雜度需求The password must be at least 12 characters long and meet the defined complexity requirements.
    資源群組Resource group 選取 [使用現有的],然後選取 [myResourceGroup]。Select Use existing and then select myResourceGroup.
    位置Location 選取 [美國東部]。Select East US.
  4. 在 [選擇大小] 底下選取虛擬機器大小。Select a VM size under Choose a size.

  5. 針對 [設定] 選取下列值,然後選取 [確定]:Select the following values for Settings, then select OK:

    設定Setting Value
    虛擬網路Virtual network myVirtualNetwork1 - 若未選取,請選取 [虛擬網路],然後在 [選擇虛擬網路] 底下選取 [myVirtualNetwork1]。myVirtualNetwork1 - If it's not already selected, select Virtual network and then select myVirtualNetwork1 under Choose virtual network.
    子網路Subnet Subnet1 - 若未選取,請選取 [子網路],然後在 [選擇子網路] 底下選取 [Subnet1]。Subnet1 - If it's not already selected, select Subnet and then select Subnet1 under Choose subnet.

    虛擬機器設定

  6. 在 [摘要] 的 [建立] 底下,選取 [建立] 來開始部署虛擬機器。Under Create in the Summary, select Create to start the VM deployment.

建立第二個 VMCreate the second VM

以下列變更再次完成步驟 1-6:Complete steps 1-6 again, with the following changes:

設定Setting Value
NameName myVm2myVm2
虛擬網路Virtual network myVirtualNetwork2myVirtualNetwork2

可能需要數分鐘才會建立虛擬機器。The VMs take a few minutes to create. 請等到這兩個虛擬機器都已建立,再繼續進行其餘步驟。Do not continue with the remaining steps until both VMs are created.

虛擬機器之間的通訊Communicate between VMs

  1. 在入口網站頂端的 [搜尋] 方塊中,開始輸入 myVm1。In the Search box at the top of the portal, begin typing myVm1. myVm1 出現在搜尋結果中時,選取它。When myVm1 appears in the search results, select it.

  2. 藉由選取 [連線] 來建立與 myVm1 虛擬機器的遠端桌面連線,如下圖所示:Create a remote desktop connection to the myVm1 VM by selecting Connect, as shown in the following picture:

    連線至虛擬機器

  3. 若要連線至虛擬機器,請開啟所下載的 RDP 檔案。To connect to the VM, open the downloaded RDP file. 如果出現提示,請選取 [連接]。If prompted, select Connect.

  4. 輸入您在建立虛擬機器時指定的使用者名稱和密碼 (您可能需要選取 [更多選擇],然後選取 [使用不同的帳戶] 以指定您在建立虛擬機器時輸入的認證),然後選取 [確定]。Enter the user name and password you specified when creating the VM (you may need to select More choices, then Use a different account, to specify the credentials you entered when you created the VM), then select OK.

  5. 您可能會在登入過程中收到憑證警告。You may receive a certificate warning during the sign-in process. 選取 [是] 以繼續進行連線。Select Yes to proceed with the connection.

  6. 稍後的步驟會使用 ping 從 myVm1 虛擬機器與 myVm2 虛擬機器通訊。In a later step, ping is used to communicate with the myVm2 VM from the myVm1 VM. Ping 會使用網際網路控制訊息通訊協定 (ICMP),它在通過 Windows 防火牆時預設會遭到拒絕。Ping uses the Internet Control Message Protocol (ICMP), which is denied through the Windows Firewall, by default. myVm1 VM 上,讓 ICMP 能夠通過 Windows 防火牆,您就能在稍後的步驟中使用 PowerShell,從 myVm2 針對此 VM 進行 Ping 操作:On the myVm1 VM, enable ICMP through the Windows firewall, so that you can ping this VM from myVm2 in a later step, using PowerShell:

    New-NetFirewallRule –DisplayName “Allow ICMPv4-In” –Protocol ICMPv4
    

    雖然本教學課程使用 Ping 在 VM 之間進行通訊,但不建議在生產環境部署中允許 ICMP 通過 Windows 防火牆。Though ping is used to communicate between VMs in this tutorial, allowing ICMP through the Windows Firewall for production deployments is not recommended.

  7. 若要連線至 myVm2 虛擬機器,請在 myVm1 虛擬機器上從命令提示字元輸入下列命令:To connect to the myVm2 VM, enter the following command from a command prompt on the myVm1 VM:

    mstsc /v:10.1.0.4
    
  8. 由於您在 myVm1 上啟用 ping,您現在可以依據 IP 位址來 ping 它:Since you enabled ping on myVm1, you can now ping it by IP address:

    ping 10.0.0.4
    
  9. 同時中斷與 myVm1 和 myVm2 的 RDP 工作階段。Disconnect your RDP sessions to both myVm1 and myVm2.

清除資源Clean up resources

當不再需要資源群組時,請將資源群組及其包含的所有資源刪除:When no longer needed, delete the resource group and all resources it contains:

  1. 在入口網站頂端的 [搜尋] 方塊中,輸入 myResourceGroup。Enter myResourceGroup in the Search box at the top of the portal. 當您在搜尋結果中看到 myResourceGroup 時,請加以選取。When you see myResourceGroup in the search results, select it.
  2. 選取 [刪除資源群組]。Select Delete resource group.
  3. 針對 [輸入資源群組名稱:] 輸入 myResourceGroup,然後選取 [刪除]。Enter myResourceGroup for TYPE THE RESOURCE GROUP NAME: and select Delete.

後續步驟Next steps

在本教學課程中,您已了解如何使用虛擬網路對等互連來連線相同 Azure 區域中的兩個網路。In this tutorial, you learned how to connect two networks in the same Azure region, with virtual network peering. 您也可以針對不同支援區域不同 Azure 訂用帳戶中的虛擬網路進行對等互連,以及使用對等互連來建立中樞和輪輻網路設計You can also peer virtual networks in different supported regions and in different Azure subscriptions, as well as create hub and spoke network designs with peering. 若要深入了解虛擬網路對等互連,請參閱虛擬網路對等互連概觀管理虛擬網路對等互連To learn more about virtual network peering, see Virtual network peering overview and Manage virtual network peerings.

若要透過 VPN 將自己的電腦連線到虛擬網路,並且與虛擬網路中或已對等互連之虛擬網路中的資源進行互動,請參閱將電腦連線至虛擬網路To connect your own computer to a virtual network through a VPN, and interact with resources in a virtual network, or in peered virtual networks, see Connect your computer to a virtual network.