在 Azure 中部署 IPv6 雙重堆疊應用程式-PowerShellDeploy an IPv6 dual stack application in Azure - PowerShell

本文說明如何使用 Azure 中的 Standard Load Balancer,在 Azure 中部署雙堆疊 (IPv4 + IPv6) 應用程式,其中包含雙重堆疊虛擬網路和子網、雙 (IPv4 + IPv6) 前端設定的 Standard Load Balancer、具有雙重 IP 設定的 Nic、網路安全性群組和公用 Ip。This article shows you how to deploy a dual stack (IPv4 + IPv6) application using Standard Load Balancer in Azure that includes a dual stack virtual network and subnet, a Standard Load Balancer with dual (IPv4 + IPv6) front-end configurations, VMs with NICs that have a dual IP configuration, network security group, and public IPs.

使用 Azure Cloud ShellUse Azure Cloud Shell

Azure Cloud Shell 是裝載於 Azure 中的互動式殼層環境,可在瀏覽器中使用。Azure hosts Azure Cloud Shell, an interactive shell environment that you can use through your browser. 您可以使用 Bash 或 PowerShell 搭配 Cloud Shell,與 Azure 服務共同使用。You can use either Bash or PowerShell with Cloud Shell to work with Azure services. Azure Cloud Shell 已預先安裝一些命令,可讓您執行本文提到的程式碼,而不必在本機環境上安裝任何工具。You can use the Cloud Shell preinstalled commands to run the code in this article without having to install anything on your local environment.

要啟動 Azure Cloud Shell:To start Azure Cloud Shell:

選項Option 範例/連結Example/Link
選取程式碼區塊右上角的 [試試看]。Select Try It in the upper-right corner of a code block. 選取 [試用] 並不會自動將程式碼複製到 Cloud Shell 中。Selecting Try It doesn't automatically copy the code to Cloud Shell. Azure Cloud Shell 的試試看範例
請前往 https://shell.azure.com 或選取 [啟動 Cloud Shell] 按鈕,在瀏覽器中開啟 Cloud Shell。Go to https://shell.azure.com, or select the Launch Cloud Shell button to open Cloud Shell in your browser. 在新視窗中啟動 Cloud ShellLaunch Cloud Shell in a new window
選取 Azure 入口網站右上方功能表列上的 [Cloud Shell] 按鈕。Select the Cloud Shell button on the menu bar at the upper right in the Azure portal. Azure 入口網站中的 [Cloud Shell] 按鈕

若要在 Azure Cloud Shell 中執行本文中的程式碼:To run the code in this article in Azure Cloud Shell:

  1. 啟動 Cloud Shell。Start Cloud Shell.

  2. 選取程式碼區塊上的 [複製] 按鈕,複製程式碼。Select the Copy button on a code block to copy the code.

  3. 在 Windows 和 Linux 上選取 Ctrl+Shift+V;或在 macOS 上選取 Cmd+Shift+V,將程式碼貼到 Cloud Shell 工作階段中。Paste the code into the Cloud Shell session by selecting Ctrl+Shift+V on Windows and Linux or by selecting Cmd+Shift+V on macOS.

  4. 選取 Enter 鍵執行程式碼。Select Enter to run the code.

如果您選擇在本機安裝和使用 PowerShell,本文會要求使用 Azure PowerShell 模組 6.9.0 版或更新版本。If you choose to install and use PowerShell locally, this article requires the Azure PowerShell module version 6.9.0 or later. 執行 Get-Module -ListAvailable Az 來了解安裝的版本。Run Get-Module -ListAvailable Az to find the installed version. 如果您需要升級,請參閱安裝 Azure PowerShell 模組If you need to upgrade, see Install Azure PowerShell module. 如果您在本機執行 PowerShell,則也需要執行 Connect-AzAccount 以建立與 Azure 的連線。If you are running PowerShell locally, you also need to run Connect-AzAccount to create a connection with Azure.

建立資源群組Create a resource group

您必須先使用 >new-azresourcegroup建立資源群組,才能建立雙重堆疊虛擬網路。Before you can create your dual-stack virtual network, you must create a resource group with New-AzResourceGroup. 下列範例會在 美國東部 位置建立名為 myRGDualStack 的資源群組:The following example creates a resource group named myRGDualStack in the east us location:

   $rg = New-AzResourceGroup `
  -ResourceGroupName "dsRG1"  `
  -Location "east us"

建立 IPv4 和 IPv6 公用 IP 位址Create IPv4 and IPv6 public IP addresses

若要從網際網路存取您的虛擬機器,您需要負載平衡器的 IPv4 和 IPv6 公用 IP 位址。To access your virtual machines from the Internet, you need IPv4 and IPv6 public IP addresses for the load balancer. 使用 New-AzPublicIpAddress 建立公用 IP 位址。Create public IP addresses with New-AzPublicIpAddress. 下列範例會在 dsRG1 資源群組中建立名為 dsPublicIP_v4dsPublicIP_v6 的 IPv4 和 IPv6 公用 IP 位址:The following example creates IPv4 and IPv6 public IP address named dsPublicIP_v4 and dsPublicIP_v6 in the dsRG1 resource group:

$PublicIP_v4 = New-AzPublicIpAddress `
  -Name "dsPublicIP_v4" `
  -ResourceGroupName $rg.ResourceGroupName `
  -Location $rg.Location  `
  -AllocationMethod Static `
  -IpAddressVersion IPv4 `
  -Sku Standard
  
$PublicIP_v6 = New-AzPublicIpAddress `
  -Name "dsPublicIP_v6" `
  -ResourceGroupName $rg.ResourceGroupName `
  -Location $rg.Location  `
  -AllocationMethod Static `
  -IpAddressVersion IPv6 `
  -Sku Standard

若要使用 RDP 連線來存取虛擬機器,請使用 >get-azpublicipaddress建立虛擬機器的 IPV4 公用 IP 位址。To access your virtual machines using a RDP connection, create a IPV4 public IP addresses for the virtual machines with New-AzPublicIpAddress.

  $RdpPublicIP_1 = New-AzPublicIpAddress `
  -Name "RdpPublicIP_1" `
  -ResourceGroupName $rg.ResourceGroupName `
  -Location $rg.Location  `
  -AllocationMethod Static `
  -Sku Standard `
  -IpAddressVersion IPv4
  
  $RdpPublicIP_2 = New-AzPublicIpAddress `
   -Name "RdpPublicIP_2" `
   -ResourceGroupName $rg.ResourceGroupName `
   -Location $rg.Location  `
   -AllocationMethod Static `
   -Sku Standard `
   -IpAddressVersion IPv4

建立標準負載平衡器Create Standard Load Balancer

在本節中,您會為負載平衡器設定雙重前端 IP (IPv4 和 IPv6) 和後端位址集區,然後建立 Standard Load Balancer。In this section, you configure dual frontend IP (IPv4 and IPv6) and the back-end address pool for the load balancer and then create a Standard Load Balancer.

建立前端 IPCreate front-end IP

使用 New->new-azloadbalancerfrontendipconfig建立前端 IP。Create a front-end IP with New-AzLoadBalancerFrontendIpConfig. 下列範例會建立名為 dsLbFrontEnd_v4dsLbFrontEnd_v6 的 IPV4 和 IPv6 前端 IP 設定:The following example creates IPv4 and IPv6 frontend IP configurations named dsLbFrontEnd_v4 and dsLbFrontEnd_v6:

$frontendIPv4 = New-AzLoadBalancerFrontendIpConfig `
  -Name "dsLbFrontEnd_v4" `
  -PublicIpAddress $PublicIP_v4

$frontendIPv6 = New-AzLoadBalancerFrontendIpConfig `
  -Name "dsLbFrontEnd_v6" `
  -PublicIpAddress $PublicIP_v6

設定後端位址集區Configure back-end address pool

使用 New->new-azloadbalancerbackendaddresspoolconfig來建立後端位址集區。Create a back-end address pool with New-AzLoadBalancerBackendAddressPoolConfig. 在其餘步驟中,VM 會連結至此後端集區。The VMs attach to this back-end pool in the remaining steps. 下列範例會建立名為 dsLbBackEndPool_v4 的後端位址集區,並 dsLbBackEndPool_v6 以包含具有 IPV4 和 IPv6 NIC 配置的 vm:The following example creates back-end address pools named dsLbBackEndPool_v4 and dsLbBackEndPool_v6 to include VMs with both IPV4 and IPv6 NIC configurations:

$backendPoolv4 = New-AzLoadBalancerBackendAddressPoolConfig `
-Name "dsLbBackEndPool_v4"

$backendPoolv6 = New-AzLoadBalancerBackendAddressPoolConfig `
-Name "dsLbBackEndPool_v6"

建立健康狀態探查Create a health probe

使用 >new-azloadbalancerprobeconfig 建立健康情況探查,以監視 vm 的健康情況。Use Add-AzLoadBalancerProbeConfig to create a health probe to monitor the health of the VMs.

$probe = New-AzLoadBalancerProbeConfig -Name MyProbe -Protocol tcp -Port 3389 -IntervalInSeconds 15 -ProbeCount 2

建立負載平衡器規則Create a load balancer rule

負載平衡器規則用來定義如何將流量分散至 VM。A load balancer rule is used to define how traffic is distributed to the VMs. 您可定義連入流量的前端 IP 組態及後端 IP 集區來接收流量,以及所需的來源和目的地連接埠。You define the frontend IP configuration for the incoming traffic and the backend IP pool to receive the traffic, along with the required source and destination port. 若要確定只有狀況良好的 Vm 會接收流量,您可以選擇性地定義健康情況探查。To make sure only healthy VMs receive traffic, you can optionally define a health probe. 基本負載平衡器會使用 IPv4 探查來評估 Vm 上 IPv4 和 IPv6 端點的健康情況。Basic load balancer uses an IPv4 probe to assess health for both IPv4 and IPv6 endpoints on the VMs. 標準負載平衡器包含明確 IPv6 健康情況探查的支援。Standard load balancer includes support for explicitly IPv6 health probes.

使用 Add-AzLoadBalancerRuleConfig 建立負載平衡器規則。Create a load balancer rule with Add-AzLoadBalancerRuleConfig. 下列範例會建立名為 dsLBrule_v4 的負載平衡器規則,並 dsLBrule_v6 ,並將 TCP 通訊埠 80 上的流量平衡至 IPv4 和 IPv6 前端 IP 設定:The following example creates load balancer rules named dsLBrule_v4 and dsLBrule_v6 and balances traffic on TCP port 80 to the IPv4 and IPv6 frontend IP configurations:

$lbrule_v4 = New-AzLoadBalancerRuleConfig `
  -Name "dsLBrule_v4" `
  -FrontendIpConfiguration $frontendIPv4 `
  -BackendAddressPool $backendPoolv4 `
  -Protocol Tcp `
  -FrontendPort 80 `
  -BackendPort 80 `
   -probe $probe

$lbrule_v6 = New-AzLoadBalancerRuleConfig `
  -Name "dsLBrule_v6" `
  -FrontendIpConfiguration $frontendIPv6 `
  -BackendAddressPool $backendPoolv6 `
  -Protocol Tcp `
  -FrontendPort 80 `
  -BackendPort 80 `
   -probe $probe

建立負載平衡器Create load balancer

使用 >new-azloadbalancer建立 Standard Load Balancer。Create a Standard Load Balancer with New-AzLoadBalancer. 下列範例會使用 IPv4 和 IPv6 前端 IP 設定、後端集區,以及您在先前步驟中建立的負載平衡規則,建立名為 myLoadBalancer 的公用 Standard Load Balancer:The following example creates a public Standard Load Balancer named myLoadBalancer using the IPv4 and IPv6 frontend IP configurations, backend pools, and load-balancing rules that you created in the preceding steps:

$lb = New-AzLoadBalancer `
-ResourceGroupName $rg.ResourceGroupName `
-Location $rg.Location  `
-Name "MyLoadBalancer" `
-Sku "Standard" `
-FrontendIpConfiguration $frontendIPv4,$frontendIPv6 `
-BackendAddressPool $backendPoolv4,$backendPoolv6 `
-LoadBalancingRule $lbrule_v4,$lbrule_v6 `
-Probe $probe

建立網路資源Create network resources

部署一些 Vm 並可以測試您的平衡器之前,您必須先建立支援的網路資源-可用性設定組、網路安全性群組、虛擬網路和虛擬 Nic。Before you deploy some VMs and can test your balancer, you must create supporting network resources - availability set, network security group, virtual network, and virtual NICs.

建立可用性設定組Create an availability set

若要改善您應用程式的高可用性,請將 VM 放在可用性設定組中。To improve the high availability of your app, place your VMs in an availability set.

使用 New-AzAvailabilitySet 建立可用性設定組。Create an availability set with New-AzAvailabilitySet. 下列範例會建立名為 myAvailabilitySet 的可用性設定組:The following example creates an availability set named myAvailabilitySet:

$avset = New-AzAvailabilitySet `
  -ResourceGroupName $rg.ResourceGroupName `
  -Location $rg.Location  `
  -Name "dsAVset" `
  -PlatformFaultDomainCount 2 `
  -PlatformUpdateDomainCount 2 `
  -Sku aligned

建立網路安全性群組Create network security group

針對將在您的 VNET 中管理輸入和輸出通訊的規則,建立網路安全性群組。Create a network security group for the rules that will govern inbound and outbound communication in your VNET.

建立連接埠 3389 的網路安全性群組規則Create a network security group rule for port 3389

使用 New-AzNetworkSecurityRuleConfig 建立網路安全性群組規則,以允許透過連接埠 3389 的 RDP 連線。Create a network security group rule to allow RDP connections through port 3389 with New-AzNetworkSecurityRuleConfig.

$rule1 = New-AzNetworkSecurityRuleConfig `
-Name 'myNetworkSecurityGroupRuleRDP' `
-Description 'Allow RDP' `
-Access Allow `
-Protocol Tcp `
-Direction Inbound `
-Priority 100 `
-SourceAddressPrefix * `
-SourcePortRange * `
-DestinationAddressPrefix * `
-DestinationPortRange 3389

建立連接埠 80 的網路安全性群組規則Create a network security group rule for port 80

使用 >new-aznetworksecurityruleconfig建立網路安全性群組規則,以允許透過埠80的網際網路連線。Create a network security group rule to allow internet connections through port 80 with New-AzNetworkSecurityRuleConfig.

$rule2 = New-AzNetworkSecurityRuleConfig `
  -Name 'myNetworkSecurityGroupRuleHTTP' `
  -Description 'Allow HTTP' `
  -Access Allow `
  -Protocol Tcp `
  -Direction Inbound `
  -Priority 200 `
  -SourceAddressPrefix * `
  -SourcePortRange * `
  -DestinationAddressPrefix * `
  -DestinationPortRange 80

建立網路安全性群組Create a network security group

使用 New-AzNetworkSecurityGroup 建立網路安全性群組。Create a network security group with New-AzNetworkSecurityGroup.

$nsg = New-AzNetworkSecurityGroup `
-ResourceGroupName $rg.ResourceGroupName `
-Location $rg.Location  `
-Name "dsNSG1"  `
-SecurityRules $rule1,$rule2

建立虛擬網路Create a virtual network

使用 New-AzVirtualNetwork 建立虛擬網路。Create a virtual network with New-AzVirtualNetwork. 下列範例會使用 >mysubnet 建立名為 dsVnet 的虛擬網路:The following example creates a virtual network named dsVnet with mySubnet:

# Create dual stack subnet
$subnet = New-AzVirtualNetworkSubnetConfig `
-Name "dsSubnet" `
-AddressPrefix "10.0.0.0/24","fd00:db8:deca:deed::/64"

# Create the virtual network
$vnet = New-AzVirtualNetwork `
  -ResourceGroupName $rg.ResourceGroupName `
  -Location $rg.Location  `
  -Name "dsVnet" `
  -AddressPrefix "10.0.0.0/16","fd00:db8:deca::/48"  `
  -Subnet $subnet

建立 NICCreate NICs

使用 get-aznetworkinterface建立虛擬 nic。Create virtual NICs with New-AzNetworkInterface. 下列範例會建立兩個具有 IPv4 和 IPv6 設定的虛擬 Nic。The following example creates two virtual NICs both with IPv4 and IPv6 configurations. (您在下列步驟中針對應用程式建立的每部 VM 都有一個虛擬 NIC)。(One virtual NIC for each VM you create for your app in the following steps).

  $Ip4Config=New-AzNetworkInterfaceIpConfig `
    -Name dsIp4Config `
    -Subnet $vnet.subnets[0] `
    -PrivateIpAddressVersion IPv4 `
    -LoadBalancerBackendAddressPool $backendPoolv4 `
    -PublicIpAddress  $RdpPublicIP_1
      
  $Ip6Config=New-AzNetworkInterfaceIpConfig `
    -Name dsIp6Config `
    -Subnet $vnet.subnets[0] `
    -PrivateIpAddressVersion IPv6 `
    -LoadBalancerBackendAddressPool $backendPoolv6
    
  $NIC_1 = New-AzNetworkInterface `
    -Name "dsNIC1" `
    -ResourceGroupName $rg.ResourceGroupName `
    -Location $rg.Location  `
    -NetworkSecurityGroupId $nsg.Id `
    -IpConfiguration $Ip4Config,$Ip6Config 
    
  $Ip4Config=New-AzNetworkInterfaceIpConfig `
    -Name dsIp4Config `
    -Subnet $vnet.subnets[0] `
    -PrivateIpAddressVersion IPv4 `
    -LoadBalancerBackendAddressPool $backendPoolv4 `
    -PublicIpAddress  $RdpPublicIP_2  

  $NIC_2 = New-AzNetworkInterface `
    -Name "dsNIC2" `
    -ResourceGroupName $rg.ResourceGroupName `
    -Location $rg.Location  `
    -NetworkSecurityGroupId $nsg.Id `
    -IpConfiguration $Ip4Config,$Ip6Config 

建立虛擬機器Create virtual machines

使用 Get-credential 來設定 VM 的系統管理員使用者名稱和密碼:Set an administrator username and password for the VMs with Get-Credential:

$cred = get-credential -Message "DUAL STACK VNET SAMPLE:  Please enter the Administrator credential to log into the VMs."

現在您可以使用 New-AzVM 建立 VM。Now you can create the VMs with New-AzVM. 下列範例會建立兩個 VM 及必要的虛擬網路元件 (如果尚未存在)。The following example creates two VMs and the required virtual network components if they do not already exist.

$vmsize = "Standard_A2"
$ImagePublisher = "MicrosoftWindowsServer"
$imageOffer = "WindowsServer"
$imageSKU = "2019-Datacenter"

$vmName= "dsVM1"
$VMconfig1 = New-AzVMConfig -VMName $vmName -VMSize $vmsize -AvailabilitySetId $avset.Id 3> $null | Set-AzVMOperatingSystem -Windows -ComputerName $vmName -Credential $cred -ProvisionVMAgent 3> $null | Set-AzVMSourceImage -PublisherName $ImagePublisher -Offer $imageOffer -Skus $imageSKU -Version "latest" 3> $null | Set-AzVMOSDisk -Name "$vmName.vhd" -CreateOption fromImage  3> $null | Add-AzVMNetworkInterface -Id $NIC_1.Id  3> $null 
$VM1 = New-AzVM -ResourceGroupName $rg.ResourceGroupName  -Location $rg.Location  -VM $VMconfig1 

$vmName= "dsVM2"
$VMconfig2 = New-AzVMConfig -VMName $vmName -VMSize $vmsize -AvailabilitySetId $avset.Id 3> $null | Set-AzVMOperatingSystem -Windows -ComputerName $vmName -Credential $cred -ProvisionVMAgent 3> $null | Set-AzVMSourceImage -PublisherName $ImagePublisher -Offer $imageOffer -Skus $imageSKU -Version "latest" 3> $null | Set-AzVMOSDisk -Name "$vmName.vhd" -CreateOption fromImage  3> $null | Add-AzVMNetworkInterface -Id $NIC_2.Id  3> $null 
$VM2 = New-AzVM -ResourceGroupName $rg.ResourceGroupName  -Location $rg.Location  -VM $VMconfig2

判斷 IPv4 和 IPv6 端點的 IP 位址Determine IP addresses of the IPv4 and IPv6 endpoints

取得資源群組中的所有網路介面物件,以摘要說明在此部署中使用的 IP get-AzNetworkInterfaceGet all Network Interface Objects in the resource group to summarize the IP's used in this deployment with get-AzNetworkInterface. 此外,也請使用取得 IPv4 和 IPv6 端點的 Load Balancer 前端位址 get-AzpublicIpAddressAlso, get the Load Balancer's frontend addresses of the IPv4 and IPv6 endpoints with get-AzpublicIpAddress.

$rgName= "dsRG1"
$NICsInRG= get-AzNetworkInterface -resourceGroupName $rgName 
write-host `nSummary of IPs in this Deployment: 
write-host ******************************************
foreach ($NIC in $NICsInRG) {
 
    $VMid= $NIC.virtualmachine.id 
    $VMnamebits= $VMid.split("/") 
    $VMname= $VMnamebits[($VMnamebits.count-1)] 
    write-host `nPrivate IP addresses for $VMname 
    $IPconfigsInNIC= $NIC.IPconfigurations 
    foreach ($IPconfig in $IPconfigsInNIC) {
 
        $IPaddress= $IPconfig.privateipaddress 
        write-host "    "$IPaddress 
        IF ($IPconfig.PublicIpAddress.ID) {
 
            $IDbits= ($IPconfig.PublicIpAddress.ID).split("/")
            $PipName= $IDbits[($IDbits.count-1)]
            $PipObject= get-azPublicIpAddress -name $PipName -resourceGroup $rgName
            write-host "    "RDP address:  $PipObject.IpAddress
                 }
         }
 }
 
 
 
  write-host `nPublic IP addresses on Load Balancer:
 
  (get-AzpublicIpAddress -resourcegroupname $rgName | where { $_.name -notlike "RdpPublicIP*" }).IpAddress

下圖顯示的範例輸出會列出兩個 Vm 的私人 IPv4 和 IPv6 位址,以及 Load Balancer 的前端 IPv4 和 IPv6 IP 位址。The following figure shows a sample output that lists the private IPv4 and IPv6 addresses of the two VMs, and the frontend IPv4 and IPv6 IP addresses of the Load Balancer.

Azure 中的雙重堆疊 (IPv4/IPv6) 應用程式部署的 IP 摘要

在 Azure 入口網站中查看 IPv6 雙重堆疊虛擬網路View IPv6 dual stack virtual network in Azure portal

您可以在 Azure 入口網站中看到 IPv6 雙重堆疊虛擬網路,如下所示:You can view the IPv6 dual stack virtual network in Azure portal as follows:

  1. 在入口網站的搜尋列中,輸入 dsVnetIn the portal's search bar, enter dsVnet.
  2. dsVnet 出現在搜尋結果中時,請加以選取。When dsVnet appears in the search results, select it. 這會啟動名為 dsVnet 的雙重堆疊虛擬網路的 [總覽] 頁面。This launches the Overview page of the dual stack virtual network named dsVnet. 雙重堆疊虛擬網路會顯示兩個 Nic,兩者皆位於名為 dsSubnet 的雙重堆疊子網中的 IPv4 和 IPv6 設定。The dual stack virtual network shows the two NICs with both IPv4 and IPv6 configurations located in the dual stack subnet named dsSubnet.

Azure 中的 IPv6 雙重堆疊虛擬網路

清除資源Clean up resources

當不再需要時,您可以使用 Remove-AzResourceGroup 命令來移除資源群組、VM 及所有相關資源。When no longer needed, you can use the Remove-AzResourceGroup command to remove the resource group, VM, and all related resources.

Remove-AzResourceGroup -Name dsRG1

後續步驟Next steps

在本文中,您已建立具有雙重前端 IP 設定 (IPv4 和 IPv6) 的 Standard Load Balancer。In this article, you created a Standard Load Balancer with a dual frontend IP configuration (IPv4 and IPv6). 您也建立了兩部虛擬機器,其中包含雙 IP 設定 (IPV4 + IPv6) 的 Nic,並已新增至負載平衡器的後端集區。You also created a two virtual machines that included NICs with dual IP configurations (IPV4 + IPv6) that were added to the back-end pool of the load balancer. 若要深入瞭解 Azure 虛擬網路中的 IPv6 支援,請參閱 什麼是 Azure 虛擬網路的 ipv6?To learn more about IPv6 support in Azure virtual networks, see What is IPv6 for Azure Virtual Network?