保留的 IP 位址 (傳統部署)Reserved IP addresses (classic deployment)

Azure 中的 IP 位址分為兩個類別:動態和保留。IP addresses in Azure fall into two categories: dynamic and reserved. 依預設由 Azure 管理的公用 IP 位址是動態的。Public IP addresses managed by Azure are dynamic by default. 這表示當資源關閉或停止 (解除配置) 時,用於所指定雲端服務的 IP 位址 (VIP) 或用來直接存取 VM 或角色執行個體的 IP 位址 (ILPIP) 可以隨時變更。That means that the IP address used for a given cloud service (VIP) or to access a VM or role instance directly (ILPIP) can change from time to time, when resources are shut down or stopped (deallocated).

若要防止 IP 位址變更,您可以保留 IP 位址。To prevent IP addresses from changing, you can reserve an IP address. 保留的 IP 只能用來作為 VIP,用以確保在即使資源關閉或停止 (解除配置) 的情況下,雲端服務的 IP 位址也會保持相同。Reserved IPs can be used only as a VIP, ensuring that the IP address for the cloud service remains the same, even as resources are shut down or stopped (deallocated). 此外,您可以轉換現有的動態 IP,作為保留的 IP 位址的 VIP。Furthermore, you can convert existing dynamic IPs used as a VIP to a reserved IP address.

重要

Azure 建立和處理資源的部署模型有二種:Resource Manager 和傳統Azure has two different deployment models for creating and working with resources: Resource Manager and classic. 本文涵蓋之內容包括使用傳統部署模型。This article covers using the classic deployment model. Microsoft 建議讓大部分的新部署使用 Resource Manager 模式。Microsoft recommends that most new deployments use the Resource Manager model. 了解如何使用 Resource Manager 部署模型來保留靜態公用 IP 位址。Learn how to reserve a static public IP address using the Resource Manager deployment model.

若要深入了解 Azure 中的 IP 位址,請閱讀 IP 位址文章。To learn more about IP addresses in Azure, read the IP addresses article.

何時需要保留的 IP?When do I need a reserved IP?

  • 您想要確保 IP 會保留在您的訂用帳戶中You want to ensure that the IP is reserved in your subscription. 如果您想要保留一個在任何情況下都不會從您訂用帳戶釋出的 IP 位址,您應該使用保留的公用 IP。If you want to reserve an IP address that is not released from your subscription under any circumstance, you should use a reserved public IP.
  • 即使在已停止或解除配置狀態 (VM),您想要保持 IP 與雲端服務之間的關聯You want your IP to stay with your cloud service even across stopped or deallocated state (VMs). 如果您想要讓使用者使用一個即使雲端服務中的 VM 被關閉或停止 (解除配置) 也不會變更的 IP 位址來存取服務。If you want your service to be accessed by using an IP address that doesn't change, even when VMs in the cloud service are shut down or stop (deallocated).
  • 您想要確保來自 Azure 的輸出流量使用可預測的 IP 位址You want to ensure that outbound traffic from Azure uses a predictable IP address. 您可能必須設定內部部署防火牆,以便僅允許來自特定 IP 位址的流量。You may have your on-premises firewall configured to allow only traffic from specific IP addresses. 藉由保留 IP,您會知道來源 IP 位址,而不必因為 IP 變更而需要更新您的防火牆規則。By reserving an IP, you know the source IP address, and don't need to update your firewall rules due to an IP change.

常見問題集FAQs

  • 我是否可以針對所有 Azure 服務都使用保留的 IP?Can I use a reserved IP for all Azure services? 否。No. 保留的 IP 僅可用於 VM 和雲端服務透過 VIP 公開的執行個體角色。Reserved IPs can only be used for VMs and cloud service instance roles exposed through a VIP.
  • 我可以有多少保留的 IP?How many reserved IPs can I have? 如需詳細資訊,請參閱 Azure 限制一文。For details, see the Azure limits article.
  • 保留的 IP 是否會收取費用?Is there a charge for reserved IPs? 有時是。Sometimes. 如需定價詳細資料,請參閱保留的 IP 位址定價詳細資料頁面。For pricing details, see the Reserved IP Address Pricing Details page.
  • 我該如何保留 IP 位址?How do I reserve an IP address? 您可以使用 PowerShell、Azure 管理 REST APIAzure 入口網站,在 Azure 區域中保留 IP 位址。You can use PowerShell, the Azure Management REST API, or the Azure portal to reserve an IP address in an Azure region. 保留的 IP 位址會與您的訂用帳戶關聯。A reserved IP address is associated to your subscription.
  • 我是否可以將保留的 IP 位址與同質群組型 VNet 搭配使用?Can I use a reserved IP with affinity group-based VNets? 否。No. 保留的 IP 僅在區域 VNet 才受支援。Reserved IPs are only supported in regional VNets. 與同質群組關聯的 VNet 不支援保留的 IP。Reserved IPs are not supported for VNets that are associated with affinity groups. 如需有關將 VNet 與區域或同質群組建立關聯的詳細資訊,請參閱關於區域 VNet 與同質群組一文。For more information about associating a VNet with a region or affinity group, see the About Regional VNets and Affinity Groups article.

管理保留的 VIPManage reserved VIPs

使用 Azure PowerShell (傳統)Using Azure PowerShell (classic)

您必須將保留的 IP 新增至訂用帳戶才能使用。Before you can use reserved IPs, you must add it to your subscription. 請在「美國中部」位置從可用的公用 IP 位址集區建立保留的 IP,如下所示:Create a reserved IP from the pool of public IP addresses available in the Central US location as follows:

注意

若為傳統部署模型,則必須安裝 Azure PowerShell 的服務管理版本。For classic deployment model, you must install the Service Management version of Azure PowerShell. 如需詳細資訊,請參閱安裝 Azure PowerShell 服務管理模組For more information, see Install the Azure PowerShell Service Management module.

  New-AzureReservedIP –ReservedIPName MyReservedIP –Location "Central US"

但是請注意,您無法指定正在保留的 IP。Notice, however, that you cannot specify what IP is being reserved. 若要檢視哪些 IP 位址會保留在訂用帳戶中,執行下列 PowerShell 命令,並注意 ReservedIPNameAddress 的值:To view what IP addresses are reserved in your subscription, run the following PowerShell command, and notice the values for ReservedIPName and Address:

Get-AzureReservedIP

預期的輸出:Expected output:

ReservedIPName       : MyReservedIP
Address              : 23.101.114.211
Id                   : d73be9dd-db12-4b5e-98c8-bc62e7c42041
Label                :
Location             : Central US
State                : Created
InUse                : False
ServiceName          :
DeploymentName       :
OperationDescription : Get-AzureReservedIP
OperationId          : 55e4f245-82e4-9c66-9bd8-273e815ce30a
OperationStatus      : Succeeded

注意

使用 PowerShell 來建立保留的 IP 位址時,您無法指定資源群組以在其中建立保留的 IP。When you create a reserved IP address with PowerShell, you cannot specify a resource group to create the reserved IP in. Azure 會自動將它放在名為 Default-Networking 的資源群組中。Azure places it into a resource group named Default-Networking automatically. 如果您使用 Azure 入口網站來建立保留的 IP,則可以指定您選擇的任何資源群組。If you create the reserved IP using the Azure portal, you can specify any resource group you choose. 不過,如果您是在 Default-Networking 以外的資源群組中建立保留的 IP,則每當您使用 Get-AzureReservedIPRemove-AzureReservedIP 之類的命令來參考保留的 IP 時,都必須參考 Group resource-group-name reserved-ip-name 名稱。If you create the reserved IP in a resource group other than Default-Networking however, whenever you reference the reserved IP with commands such as Get-AzureReservedIP and Remove-AzureReservedIP, you must reference the name Group resource-group-name reserved-ip-name. 例如,如果您在名為 myResourceGroup 的資源群組中建立名為 myReservedIP 的保留 IP,就必須以 Group myResourceGroup myReservedIP 的形式參考保留的 IP 名稱。For example, if you create a reserved IP named myReservedIP in a resource group named myResourceGroup, you must reference the name of the reserved IP as Group myResourceGroup myReservedIP.

一旦保留 IP,其就會與您的訂用帳戶相關聯,直到刪除為止。Once an IP is reserved, it remains associated to your subscription until you delete it. 請刪除保留的 IP,如下所示:Delete a reserved IP as follows:

Remove-AzureReservedIP -ReservedIPName "MyReservedIP"

使用 Azure CLI (傳統)Using Azure CLI (classic)

請在「美國中部」位置從可用的公用 IP 位址集區建立保留的 IP,如「使用 Azure 傳統 CLI」所示:Create a reserved IP from the pool of public IP addresses available in the Central US location as Using Azure classic CLI follows:

注意

若為傳統部署,則必須使用 Azure 傳統 CLI。For classic deployment, you must use Azure classic CLI. 如需安裝 Azure 傳統 CLI 的相關資訊,請參閱安裝 Azure 傳統 CLIFor information about installing Azure classic CLI, see Install the Azure classic CLI

命令:Command:

azure network reserved-ip create <name> <location>

範例:Example:

azure network reserved-ip create MyReservedIP centralus

您可以使用 Azure CLI 來檢視訂用帳戶中保留了哪些 IP 位址,如下所示:You can view what IP addresses are reserved in your subscription using Azure CLI as follows:

命令:Command:

azure network reserved-ip list

一旦保留 IP,其就會與您的訂用帳戶相關聯,直到刪除為止。Once an IP is reserved, it remains associated to your subscription until you delete it. 請刪除保留的 IP,如下所示:Delete a reserved IP as follows:

命令:Command:

azure network reserved-ip delete <name>

範例:Example:

azure network reserved-ip delete MyReservedIP

保留現有雲端服務的 IP 位址Reserve the IP address of an existing cloud service

您可以新增 -ServiceName 參數,以保留現有雲端服務的 IP 位址。You can reserve the IP address of an existing cloud service by adding the -ServiceName parameter. 請在「美國中部」位置保留雲端服務 TestService 的 IP 位址,如下所示:Reserve the IP address of a cloud service TestService in the Central US location as follows:

  • 使用 Azure PowerShell (傳統):Using Azure PowerShell (classic):

    New-AzureReservedIP –ReservedIPName MyReservedIP –Location "Central US" -ServiceName TestService
    
  • 使用 Azure CLI (傳統):Using Azure CLI (classic):

    命令:Command:

     azure network reserved-ip create <name> <location> -r <service-name> -d <deployment-name>
    

    範例:Example:

      azure network reserved-ip create MyReservedIP centralus -r TestService -d asmtest8942
    

建立保留的 IP 至新雲端服務的關聯Associate a reserved IP to a new cloud service

下列指令碼會建立新的保留 IP,然後將它與名為 TestService 的新雲端服務建立關聯。The following script creates a new reserved IP, then associates it to a new cloud service named TestService.

使用 Azure PowerShell (傳統)Using Azure PowerShell (classic)

New-AzureReservedIP –ReservedIPName MyReservedIP –Location "Central US"

$image = Get-AzureVMImage|?{$_.ImageName -like "*RightImage-Windows-2012R2-x64*"}

New-AzureVMConfig -Name TestVM -InstanceSize Small -ImageName $image.ImageName `
| Add-AzureProvisioningConfig -Windows -AdminUsername adminuser -Password MyP@ssw0rd!! `
| New-AzureVM -ServiceName TestService -ReservedIPName MyReservedIP -Location "Central US"

注意

當您建立保留的 IP 以與雲端服務搭配使用時,仍需使用 VIP:<連接埠號碼> 來參照 VM 以進行輸入通訊。When you create a reserved IP to use with a cloud service, you still refer to the VM by using VIP:<port number> for inbound communication. 保留 IP 並不表示您可以直接連接至 VM。Reserving an IP does not mean you can connect to the VM directly. 保留的 IP 會指派給已部署 VM 的雲端服務。The reserved IP is assigned to the cloud service that the VM has been deployed to. 如果您想要透過 IP 直接連接到 VM,您必須設定執行個體層級公用 IP。If you want to connect to a VM by IP directly, you have to configure an instance-level public IP. 執行個體層級公用 IP 是一種直接指派給您 VM 的公用 IP (稱為 ILPIP)。An instance-level public IP is a type of public IP (called an ILPIP) that is assigned directly to your VM. 此類型 IP 無法保留。It cannot be reserved. 如需詳細資訊,請參閱執行個體層級公用 IP (ILPIP) 一文。For more information, read the Instance-level Public IP (ILPIP) article.

從執行中部署移除保留的 IPRemove a reserved IP from a running deployment

請將已新增到新雲端服務的保留 IP 移除,如下所示:Remove a reserved IP added to a new cloud service as follows:

使用 Azure PowerShell (傳統)Using Azure PowerShell (classic)

Remove-AzureReservedIPAssociation -ReservedIPName MyReservedIP -ServiceName TestService

使用 Azure CLI (傳統)Using Azure CLI (classic)

命令:Command:

azure network reserved-ip disassociate <name> <service-name> <deployment-name>

範例:Example:

azure network reserved-ip disassociate MyReservedIP TestService asmtest8942

注意

從執行中部署移除保留的 IP 並不會從您的訂用帳戶移除保留項目。Removing a reserved IP from a running deployment does not remove the reservation from your subscription. 這僅會釋出 IP,以便訂用帳戶中的其他資源可以使用。It simply frees the IP to be used by another resource in your subscription.

若要從訂用帳戶中徹底移除保留的 IP,請執行下列命令:To remove a reserved IP completely from a subscription, run the following command:

命令:Command:

azure network reserved-ip delete <name>

範例:Example:

azure network reserved-ip delete MyReservedIP

建立保留的 IP 至執行中部署的關聯Associate a reserved IP to a running deployment

使用 Azure PowerShell (傳統)Using Azure PowerShell (classic)

下列命令會建立一個名為 TestService2 且具有名為 TestVM2 之新 VM 的雲端服務。The following commands create a cloud service named TestService2 with a new VM named TestVM2. 現有名為 MyReservedIP 的保留 IP 會接著與雲端服務建立關聯。The existing reserved IP named MyReservedIP is then associated to the cloud service.

$image = Get-AzureVMImage|?{$_.ImageName -like "*RightImage-Windows-2012R2-x64*"}

New-AzureVMConfig -Name TestVM2 -InstanceSize Small -ImageName $image.ImageName `
| Add-AzureProvisioningConfig -Windows -AdminUsername adminuser -Password MyP@ssw0rd!! `
| New-AzureVM -ServiceName TestService2 -Location "Central US"

Set-AzureReservedIPAssociation -ReservedIPName MyReservedIP -ServiceName TestService2

使用 Azure CLI (傳統)Using Azure CLI (classic)

您可以使用 Azure CLI 將新的保留 IP 關聯至執行中的雲端服務部署,如下所示:You can associate a new reserved IP to your running cloud service deployment using Azure CLI as follows:

命令:Command:

azure network reserved-ip associate <name> <service-name> <deployment-name>

範例:Example:

azure network reserved-ip associate MyReservedIP TestService asmtest8942

使用服務組態檔建立保留的 IP 至雲端服務的關聯Associate a reserved ip to a cloud service by using a service configuration file

您也可以使用服務組態 (CSCFG) 檔建立保留的 IP 至雲端服務的關聯。You can also associate a reserved IP to a cloud service by using a service configuration (CSCFG) file. 下列範例 XML 示範如何將雲端服務設定成使用名為 MyReservedIP 的保留 VIP:The following sample xml shows how to configure a cloud service to use a reserved VIP named MyReservedIP:

   <?xml version="1.0" encoding="utf-8"?>
    <ServiceConfiguration serviceName="ReservedIPSample" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceConfiguration" osFamily="4" osVersion="*" schemaVersion="2014-01.2.3">
      <Role name="WebRole1">
        <Instances count="1" />
        <ConfigurationSettings>
          <Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" value="UseDevelopmentStorage=true" />
        </ConfigurationSettings>
      </Role>
      <NetworkConfiguration>
        <AddressAssignments>
          <ReservedIPs>
           <ReservedIP name="MyReservedIP"/>
          </ReservedIPs>
        </AddressAssignments>
      </NetworkConfiguration>
    </ServiceConfiguration>

後續步驟Next steps