設定的軟體負載平衡器負載平衡和網路位址轉譯 (NAT)Configure the Software Load Balancer for Load Balancing and Network Address Translation (NAT)

適用於:Windows Server(以每年次管道)、Windows Server 2016Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016

您可以使用本主題以了解如何使用軟體定義網路 (SDN) 軟體負載平衡器 (SLB) 提供輸出網路位址轉譯 NAT,輸入 NAT,或負載平衡之間多個應用程式執行個體。You can use this topic to learn how to use the Software Defined Networking (SDN) software load balancer (SLB) to provide outbound network address translation NAT, inbound NAT, or load balancing between multiple instances of an application.

本主題包含下列各節。This topic contains the following sections.

軟體負載平衡器概觀Software Load Balancer Overview

SDN 軟體負載平衡器 (SLB) 提供高可用性和網路效能,您的應用程式。The SDN Software Load Balancer (SLB) delivers high availability and network performance to your applications. 它是層級 4 \(TCP、UDP\)負載平衡器分散傳入良好的服務執行個體雲端服務或虛擬機器定義負載平衡將流量之。It is a Layer 4 (TCP, UDP) load balancer that distributes incoming traffic among healthy service instances in cloud services or virtual machines defined in a load-balancer set.

您可以設定 SLB 執行動作。You can configure SLB to do the following.

  • 負載平衡傳入流量外部虛擬機器 (VMs) virtual 網路。Load balance incoming traffic external to a virtual network to virtual machines (VMs). 這稱為公用 VIP 負載平衡。This is called public VIP load balancing.
  • 負載平衡傳入流量之間 Vm 中 virtual 網路、之間 Vm 中的雲端服務,或在跨先 virtual 網路 Vm 先在電腦之間。Load balance incoming traffic between VMs in a virtual network, between VMs in cloud services, or between on-premises computers and VMs in a cross-premises virtual network.
  • 往後 VM 的網路流量 virtual 網路外部使用網路位址轉譯 (NAT) 的目的地。Forward VM network traffic from the virtual network to external destinations using network address translation (NAT). 這稱為 nat 輸出。This is called outbound NAT.
  • 將外部流量轉寄給特定 VM。Forward external traffic to a specific VM. 這稱為輸入 nat。This is called inbound NAT.

重要

已知的問題會防止負載平衡器中的物件 NetworkController Windows PowerShell 模組在 Windows Server 2016 5 正確運作。A known issue prevents the Load Balancer objects in the NetworkController Windows PowerShell module from working correctly in Windows Server 2016 5. 因應措施是改為使用動態 hash 表格和 Invoke-WebRequest。The workaround is to use dynamic hash tables and Invoke-WebRequest instead. 下列範例圖示範此方法。This method is demonstrated in the following examples.

範例:建立負載平衡 virtual 網路上的兩個 Vm 的集區與公用 VIPExample: Create a public VIP for load balancing a pool of two VMs on a virtual network

您可以使用此範例中,以做為可要求 VIP 集區成員建立負載平衡器物件公用 VIP 和兩個 Vm。You can use this example to create a load balancer object with a public VIP and two VMs as pool members to serve requests to the VIP. 此程式碼範例,也新增 HTTP 健康探查偵測您是否有一個集區成員變成非回應。This example code also adds a HTTP health probe to detect whether one of the pool members becomes non-responsive.

步驟 1:準備負載平衡器物件Step 1: Prepare the load balancer object

您可以使用以下的範例準備負載平衡器物件。You can use the following example to prepare the load balancer object.

$lbresourceId = "LB2"

$lbproperties = @{}
$lbproperties.frontendipconfigurations = @()
$lbproperties.backendAddressPools = @()
$lbproperties.probes = @()
$lbproperties.loadbalancingRules = @()
$lbproperties.OutboundNatRules = @()

步驟 2:指派前端 IPStep 2: Assign a front-end IP

前端 IP 通常為 Virtual IP (VIP)。The front-end IP is commonly referred to as a Virtual IP (VIP). 必須從未使用的 IP 其中一個 IP 集區之前贈與負載平衡器管理員邏輯網路獲得 VIP。The VIP must be taken from an unused IP in one of the logical network IP Pool which has been previously given to the load balancer manager.

您可以使用以下的範例指派前端 IP 位址。You can use the following example to assign a front-end IP address.

$vipip = "10.127.132.5"
$vipln = get-networkcontrollerlogicalnetwork -ConnectionUri $uri -resourceid "f8f67956-3906-4303-94c5-09cf91e7e311"

$fe = @{}
$fe.resourceId = "FE1"
$fe.resourceRef = "/loadBalancers/$lbresourceId/frontendIPConfigurations/$($fe.resourceId)"
$fe.properties = @{}
$fe.properties.subnet = @{}
$fe.properties.subnet.ResourceRef = $vipln.properties.Subnets[0].ResourceRef
$fe.properties.privateIPAddress = $vipip
$fe.properties.privateIPAllocationMethod = "Static"
$lbproperties.frontendipconfigurations += $fe

步驟 3:配置集區端地址Step 3: Allocate a backend address pool

地址後端集區包含動態 IPs (DIPs) 組成負載平衡集 Vm 的成員。The backend address pool contains the Dynamic IPs (DIPs) that make up the members of the load balanced set of VMs. 在此步驟,您只能配置集區。IP 設定會在接下來的步驟來新增。In this step you only allocate the pool; the IP configurations are added in a later step.

您可以使用以下的範例配置後端地址集區。You can use the following example to allocate a back-end address pool.

$backend = @{}
$backend.resourceId = "BE1"
$backend.resourceRef = "/loadBalancers/$lbresourceId/backendAddressPools/$($backend.resourceId)"
$lbproperties.backendAddressPools += $backend

步驟 4:定義健康探查Step 4: Define a health probe

健康探查使用負載平衡器來判斷成員後端集區的健康狀態。Health probes are used by the load balancer to determine the health state of the backend pool members. 使用此範例中,您定義查詢 HTTP 探查 RequestPath 的「日 health.htm」。With this example, you define a HTTP probe that queries to the RequestPath of "/health.htm". 查詢執行每個 5 秒,所指定的 IntervalInSeconds 屬性。THe query is performed every 5 seconds, as specified by the IntervalInSeconds property.

健康探查必須接收的健康狀態端 ip 探查 11 連續查詢 200 HTTP 回應程式碼。The health probe must receive an HTTP response code of 200 for 11 consecutive queries for the probe to consider the backend IP to be healthy. 如果不良好端 IP,負載平衡器不會傳送資料傳輸至 IP。If the backend IP is not healthy, the load balancer will not send traffic to the IP.

注意

請務必的任何存取控制清單套用至端 IP 不會阻止或從第一次的 IP 子網路中的資料傳輸因為這是原始的探查點。It is important that any Access Control Lists that you apply to the back-end IP do not block traffic to or from the first IP in the subnet, because that is the origination point for the probes.

您可以使用以下的範例,來定義健康探查。You can use the following example to define a health probe.

$lbprobe = @{}
$lbprobe.ResourceId = "Probe1"
$lbprobe.resourceRef = "/loadBalancers/$lbresourceId/Probes/$($lbprobe.resourceId)"
$lbprobe.properties = @{}
$lbprobe.properties.protocol = "HTTP"
$lbprobe.properties.port = "80"
$lbprobe.properties.RequestPath = "/health.htm"
$lbprobe.properties.IntervalInSeconds = 5
$lbprobe.properties.NumberOfProbes = 11
$lbproperties.probes += $lbprobe

步驟 5:定義負載平衡規則Step 5: Define a load balancing rule

此負載平衡規則定義流量之到達前端 IP 是傳送到端 IP。This load balancing rule defines how traffic that arrives at the front-end IP is to be sent to the backend IP. 在此範例中,TCP 連接埠 80 流量會傳送至端集區。In this example, TCP traffic to port 80 is sent to the backend pool.

您可以使用以下的範例,來定義負載平衡規則。You can use the following example to define a load balancing rule.

$lbrule = @{}
$lbrule.ResourceId = "webserver1"
$lbrule.properties = @{}
$lbrule.properties.FrontEndIPConfigurations = @()
$lbrule.properties.FrontEndIPConfigurations += $fe
$lbrule.properties.backendaddresspool = $backend 
$lbrule.properties.protocol = "TCP"
$lbrule.properties.frontendPort = 80
$lbrule.properties.Probe = $lbprobe
$lbproperties.loadbalancingRules += $lbrule

步驟 6:加入 Network Controller 負載平衡器設定Step 6: Add the load balancer configuration to Network Controller

到目前為止在此範例中,所有建立的物件的記憶體中的 Windows PowerShell 工作階段。Thus far in this example, all created objects are in the memory of the Windows PowerShell session. 這個步驟加入 Network Controller 的物件。This step adds the objects to Network Controller.

您可以使用以下的範例加入 Network Controller 負載平衡器設定。You can use the following example to add the load balancer configuration to Network Controller.

$lb = @{}
$lb.ResourceId = $lbresourceid
$lb.properties = $lbproperties

$body = convertto-json $lb -Depth 100

Invoke-WebRequest -Headers @{"Accept"="application/json"} -ContentType "application/json; charset=UTF-8" -Method "Put" -Uri "$uri/Networking/v1/loadbalancers/$lbresourceid" -Body $body -DisableKeepAlive -UseBasicParsing

在此步驟後,您必須遵循下列到此端集區中新增的網路介面範例。After this step you will need to follow the example below to add the network interfaces to this backend pool.

範例:使用 SLB 輸出 NATExample: Use SLB for outbound NAT

您可以使用此範例中,設定 SLB 後端集區提供輸出 NAT 功能連接到網際網路輸出 vm virtual 網路位址私密空間。You can use this example to configure SLB with a back-end pool for providing outbound NAT capability for a VM on a virtual network's private address space to reach outbound to the internet.

步驟 1:建立 loadbalancer 屬性,前端 IP 和端集區。Step 1: Create the loadbalancer properties, front-end IP and Backend Pool.

若要建立 loadbalancer 屬性,前端 IP 和端集區,您可以使用以下的範例。You can use the following example to create the loadbalancer properties, front-end IP and Backend Pool.

$lbresourceId = "OutboundNATMembers"
$vipip = "10.127.132.7"

$vipln = get-networkcontrollerlogicalnetwork -ConnectionUri $uri -resourceid "f8f67956-3906-4303-94c5-09cf91e7e311"

$lbproperties = @{}
$lbproperties.frontendipconfigurations = @()
$lbproperties.backendAddressPools = @()
$lbproperties.probes = @()
$lbproperties.loadbalancingRules = @()
$lbproperties.OutboundNatRules = @()

$fe = @{}
$fe.resourceId = "FE1"
$fe.resourceRef = "/loadBalancers/$lbresourceId/frontendIPConfigurations/$($fe.resourceId)"
$fe.properties = @{}
$fe.properties.subnet = @{}
$fe.properties.subnet.ResourceRef = $vipln.properties.Subnets[0].ResourceRef
$fe.properties.privateIPAddress = $vipip
$fe.properties.privateIPAllocationMethod = "Static"
$lbproperties.frontendipconfigurations += $fe

$backend = @{}
$backend.resourceId = "BE1"
$backend.resourceRef = "/loadBalancers/$lbresourceId/backendAddressPools/$($backend.resourceId)"
$lbproperties.backendAddressPools += $backend

步驟 2:定義輸出 NAT 規則Step 2: Define the outbound NAT rule

您可以使用以下的範例定義的輸出 NAT 規則。You can use the following example to define the outbound NAT rule.

$onat = @{}
$onat.ResourceId = "onat1"
$onat.properties = @{}
$onat.properties.frontendipconfigurations = @()
$onat.properties.frontendipconfigurations += $fe
$onat.properties.backendaddresspool = $backend
$onat.properties.protocol = "ALL"
$lbproperties.OutboundNatRules += $onat

步驟 3: Network Controller 中新增負載平衡器物件Step 3: Add the load balancer object in Network Controller

您可以使用以下的範例 Network Controller 中新增負載平衡器物件。You can use the following example to add the load balancer object in Network Controller.

$lb = @{}
$lb.ResourceId = $lbresourceid
$lb.properties = $lbproperties

$body = convertto-json $lb -Depth 100

Invoke-WebRequest -Headers @{"Accept"="application/json"} -ContentType "application/json; charset=UTF-8" -Method "Put" -Uri "$uri/Networking/v1/loadbalancers/$lbresourceid" -Body $body -DisableKeepAlive -UseBasicParsing

在下一個步驟中,您可以新增您想要提供網際網路存取權的網路介面。In the next step, you can add the network interfaces to which you want to provide internet access.

範例:後端集區中新增網路介面Example: Add network interfaces to the back-end pool

您可以使用此範例中新增網路介面後端集區。You can use this example to add network interfaces to the back-end pool.

您必須重複此步驟針對每個可處理網路介面要求 VIP 對的。You must repeat this step for each network interface that can process requests that are made to the VIP. 您也可以重複此程序在單一網路介面新增多個負載平衡器物件。You can also repeat this process on a single network interface to add it to multiple load balancer objects. 例如,如果您的網頁伺服器 VIP 負載平衡器物件不同負載平衡器物件,以提供 nat 輸出。For example, if you have a load balancer object for a Web Server VIP and a separate load balancer object to provide outbound NAT.

步驟 1:取得負載平衡器物件包含後端集區,您將會新增網路介面Step 1: Get the load balancer object containing the back-end pool to which you will add a network interface

您可以使用以下的範例擷取負載平衡器物件。You can use the following example to retrieve the load balancer object.

$lbresourceid = "LB2"
$lb = (Invoke-WebRequest -Headers @{"Accept"="application/json"} -ContentType "application/json; charset=UTF-8" -Method "Get" -Uri "$uri/Networking/v1/loadbalancers/$lbresourceid" -DisableKeepAlive -UseBasicParsing).content | convertfrom-json 

步驟 2:取得的網路介面並新增到 loadbalancerbackendaddresspools 陣列 backendaddress 集區。Step 2: Get the network interface and add the backendaddress pool to the loadbalancerbackendaddresspools array.

您可以使用以下的範例取得的網路介面並新增到 loadbalancerbackendaddresspools 陣列 backendaddress 集區。You can use the following example to get the network interface and add the backendaddress pool to the loadbalancerbackendaddresspools array.

$nic = get-networkcontrollernetworkinterface  -connectionuri $uri -resourceid 6daca142-7d94-0000-1111-c38c0141be06
$nic.properties.IpConfigurations[0].properties.LoadBalancerBackendAddressPools += $lb.properties.backendaddresspools[0]

步驟 3:放套用變更的網路介面Step 3: Put the network interface to apply the change

您可以使用以下的範例將網路介面套用變更。You can use the following example to put the network interface to apply the change.

new-networkcontrollernetworkinterface  -connectionuri $uri -resourceid 6daca142-7d94-0000-1111-c38c0141be06 -properties $nic.properties -force

範例:轉送流量使用軟體負載平衡器Example: Use the Software Load Balancer for forwarding traffic

如果您需要不定義個人連接埠對應 virtual 網路上的單一網路介面 Virtual IP,您可以建立 L3 轉接規則。If you need to map a Virtual IP to a single network interface on a virtual network without defining individual ports, you can create a L3 forwarding rule. 此規則會轉送透過指派 VIP,必須包含在 PublicIPAddress 物件 VM 中的所有的資料傳輸。This rule forwards all traffic to and from the VM via the assigned VIP, which must be contained in a PublicIPAddress object.

如果 VIP 和 DIP 定義相同的子網路,然後這相當於執行而不需要 NAT L3 轉接If the VIP and DIP are defined as the same subnet, then this is equivalent to performing L3 forwarding without NAT.

注意

此程序不需要建立負載平衡器物件。This process does not require you to create a load balancer object. 指定的網路介面 PublicIPAddress 是不足,無法軟體負載平衡器執行設定的資訊。Assigning the PublicIPAddress to the network interface is enough information for the Software Load Balancer to perform its configuration.

步驟 1:建立包含 VIP 公用 IP 物件Step 1: Create a public IP object to contain the VIP

您可以使用以下的範例建立公用 IP 物件。You can use the following example to create a public IP object.

$publicIPProperties = new-object Microsoft.Windows.NetworkController.PublicIpAddressProperties
$publicIPProperties.ipaddress = "10.127.132.6"
$publicIPProperties.PublicIPAllocationMethod = "static"
$publicIPProperties.IdleTimeoutInMinutes = 4
$publicIP = New-NetworkControllerPublicIpAddress -ResourceId "MyPIP" -Properties $publicIPProperties -ConnectionUri $uri

步驟 2: PublicIPAddress 為網路介面Step 2: Assign the PublicIPAddress to a network interface

您可以使用以下的範例 PublicIPAddress 為網路介面。You can use the following example to assign the PublicIPAddress to a network interface.

$nic = get-networkcontrollernetworkinterface  -connectionuri $uri -resourceid 6daca142-7d94-0000-1111-c38c0141be06
$nic.properties.IpConfigurations[0].Properties.PublicIPAddress = $publicIP
New-NetworkControllerNetworkInterface -ConnectionUri $uri -ResourceId $nic.ResourceId -Properties $nic.properties