Azure 負載均衡器介紹

您現在訪問的是微軟AZURE全球版技術文檔網站，若需要訪問由世紀互聯運營的MICROSOFT AZURE中國區技術文檔網站，請訪問 https://docs.azure.cn.

Azure 負載均衡器概述Azure Load Balancer overview

本文內容

1. 負載均衡器的功能
2. 負載均衡器之間的差異
3. 限制
4. 后續步驟

Azure 負載均衡器可提高應用程序的可用性和網絡性能。Azure Load Balancer delivers high availability and network performance to your applications. 它是第 4 層（TCP、UDP）類型的負載均衡器，可在負載均衡集中定義的運行狀況良好的服務實例之間分配傳入流量。It is a Layer 4 (TCP, UDP) load balancer that distributes incoming traffic among healthy instances of services defined in a load-balanced set.

重要

Azure 負載均衡器支持兩種不同的類型：“基本”和“標准”。Azure Load Balancer supports two different types: Basic and Standard. 本文介紹基本負載均衡器。This article discusses Basic Load Balancer. 雖然基本負載均衡器已推出正式版，但標准負載均衡器目前仍以公共預覽版提供。Although Basic Load Balancer is generally available, Standard Load Balancer is currently in public preview. 有關標准負載均衡器的詳細信息，請參閱標准負載均衡器概述。For more information about Standard Load Balancer, see Standard Load Balancer overview.

可以將 Azure 負載均衡器配置為：Azure Load Balancer can be configured to:

• 對傳入到虛擬機的 Internet 流量進行負載均衡。Load balance incoming Internet traffic to virtual machines. 此配置稱為面向 Internet 的負載均衡。This configuration is known as Internet-facing load balancing.
• 對虛擬網絡中虛擬機之間的流量、雲服務中虛擬機之間的流量或本地計算機和跨界虛擬網絡中虛擬機之間的流量進行負載均衡。Load balance traffic between virtual machines in a virtual network, between virtual machines in cloud services, or between on-premises computers and virtual machines in a cross-premises virtual network. 此配置稱為內部負載均衡。This configuration is known as internal load balancing.
• 將外部流量轉發到特定的虛擬機。Forward external traffic to a specific virtual machine.

雲中的所有資源都需要通過公共 IP 地址從 Internet 進行訪問。All resources in the cloud need a public IP address to be reachable from the Internet. Azure 中的雲基礎結構對其資源使用不可路由的 IP 地址。The cloud infrastructure in Azure uses non-routable IP addresses for its resources. 為了與 Internet 通信，Azure 對公共 IP 地址使用網絡地址轉換 (NAT)。Azure uses network address translation (NAT) with public IP addresses to communicate to the Internet.

負載均衡器的功能Load Balancer features

• 基於哈希的分發Hash-based distribution

  Azure 負載均衡器使用基於哈希的分發算法。Azure Load Balancer uses a hash-based distribution algorithm. 默認情況下，它使用 5 元組哈希（包括源 IP、源端口、目標 IP、目標端口和協議類型）將流量映射到可用服務器。By default, it uses a 5-tuple hash composed of source IP, source port, destination IP, destination port, and protocol type to map traffic to available servers. 它僅在傳輸會話內部提供粘性。It provides stickiness only within a transport session. 同一 TCP 或 UDP 會話中的數據包會定向到負載均衡的終結點后面的同一實例。Packets in the same TCP or UDP session will be directed to the same instance behind the load-balanced endpoint. 當客戶端關閉連接后再重新將其打開，或者從同一源 IP 啟動新的會話時，源端口會變化。When the client closes and reopens the connection or starts a new session from the same source IP, the source port changes. 這可能會導致流量轉到其他數據中心的其他終結點。This may cause the traffic to go to a different endpoint in a different datacenter.

  有關詳細信息，請參閱負載均衡器分發模式。For more details, see Load balancer distribution mode. 下圖顯示了基於哈希的分發：The following graphic shows the hash-based distribution:

  

  圖 - 基於哈希的分發Figure - Hash based distribution

• 端口轉發Port forwarding

  可以使用 Azure 負載均衡器對入站通信的管理方式進行控制。Azure Load Balancer gives you control over how inbound communication is managed. 該通信包括從 Internet 主機、其他雲服務或虛擬網絡中的虛擬機發出的流量。This communication includes traffic initiated from Internet hosts, virtual machines in other cloud services, or virtual networks. 終結點（也稱輸入終結點）代表的就是這種控制。This control is represented by an endpoint (also called an input endpoint).

  輸入終結點偵聽公共端口，並將流量轉發到內部端口。An input endpoint listens on a public port and forwards traffic to an internal port. 可以對內部或外部終結點映射相同端口，也可以對其使用其他端口。You can map the same ports for an internal or external endpoint or use a different port for them. 例如，可以將 Web 服務器配置為偵聽端口 81，而公共終結點映射則為端口 80。For example, you can have a web server configured to listen to port 81 while the public endpoint mapping is port 80. 創建公共終結點這一操作會觸發負載均衡器實例的創建。The creation of a public endpoint triggers the creation of a load balancer instance.

  使用 Azure 門戶進行創建時，該門戶會針對遠程桌面協議 (RDP) 和遠程 Windows PowerShell 會話流量自動創建虛擬機的終結點。When created using the Azure portal, the portal automatically creates endpoints to the virtual machine for the Remote Desktop Protocol (RDP) and remote Windows PowerShell session traffic. 可以使用這些終結點通過 Internet 遠程管理虛擬機。You can use these endpoints to remotely administer the virtual machine over the Internet.

• 自動重新配置Automatic reconfiguration

  增加或減少實例時，Azure 負載均衡器會立即自行重新配置。Azure Load Balancer instantly reconfigures itself when you scale instances up or down. 例如，增加雲服務中 Web 角色/輔助角色的實例計數時，或者向同一負載均衡集中添加更多虛擬機時，會發生這樣的重新配置。For example, this reconfiguration happens when you increase the instance count for web/worker roles in a cloud service or when you add additional virtual machines into the same load-balanced set.

• 服務監視Service monitoring

  Azure 負載均衡器可以探測各種服務器實例的運行狀況。Azure Load Balancer can probe the health of the various server instances. 當探測無法響應時，負載均衡器會停止向狀況不良的實例發送新連接。When a probe fails to respond, the load balancer stops sending new connections to the unhealthy instances. 現有連接不受影響。Existing connections are not impacted.

  支持三種類型的探測：Three types of probes are supported:

  • 來賓代理探測（僅用於平台即服務虛擬機）：負載均衡器利用虛擬機中的來賓代理。Guest agent probe (on Platform as a Service Virtual Machines only): The load balancer utilizes the guest agent inside the virtual machine. 該來賓代理僅在實例處於“就緒”狀態（即實例不處於“忙”、“正在回收”或“正在停止”這樣的狀態）時偵聽並使用“HTTP 200 正常”響應消息進行響應。The guest agent listens and responds with an HTTP 200 OK response only when the instance is in the ready state (i.e. the instance is not in a state like busy, recycling, or stopping). 如果代理沒有使用“HTTP 200 正常”進行響應，則負載均衡器會將實例標記為無響應，並停止向該實例發送流量。If the agent fails to respond with an HTTP 200 OK, the load balancer marks the instance as unresponsive and stops sending traffic to that instance. 負載均衡器將繼續 ping 實例。The load balancer continues to ping the instance. 如果來賓代理使用 HTTP 200 進行了響應，則負載均衡器將再次向該實例發送流量。If the guest agent responds with an HTTP 200, the load balancer will send traffic to that instance again. 使用 Web 角色時，網站代碼通常在不受 Azure 結構或來賓代理監視的 w3wp.exe 中運行。When you're using a web role, your website code typically runs in w3wp.exe, which is not monitored by the Azure fabric or guest agent. 這意味着，系統不會向來賓代理報告 w3wp.exe 中的失敗（例如，HTTP 500 響應），並且負載均衡器不會知道將該實例退出輪轉。This means that failures in w3wp.exe (e.g. HTTP 500 responses) will not be reported to the guest agent, and the load balancer will not know to take that instance out of rotation.
  • HTTP 自定義探測：此探測將替代默認（來賓代理）探測。HTTP custom probe: This probe overrides the default (guest agent) probe. 可以使用此探測來創建自己的自定義邏輯，以便確定角色實例的運行狀況。You can use it to create your own custom logic to determine the health of the role instance. 負載均衡器將定期探測終結點（默認情況下，每隔 15 秒探測 1 次）。The load balancer will regularly probe your endpoint (every 15 seconds, by default). 如果實例在超時期限內（默認為 31 秒）使用 TCP ACK 或 HTTP 200 進行了響應，則認為該實例處於輪換狀態。The instance is considered to be in rotation if it responds with a TCP ACK or HTTP 200 within the timeout period (default of 31 seconds). 若要實現自己的邏輯以便從負載均衡器輪換中刪除實例，這非常有用。This is useful for implementing your own logic to remove instances from the load balancer's rotation. 例如，可以將實例配置為在實例的 CPU 使用率超出 90% 時返回非 200 狀態。For example, you can configure the instance to return a non-200 status if the instance is above 90% CPU. 如果 Web 角色使用 w3wp.exe，則也可以自動監視網站，因為網站代碼出錯會導致探測時返回非 200 狀態。For web roles that use w3wp.exe, you also get automatic monitoring of your website, since failures in your website code return a non-200 status to the probe.

  • TCP 自定義探測：此探測依賴於在定義的探測端口上成功建立 TCP 會話。TCP custom probe: This probe relies on successful TCP session establishment to a defined probe port.

    有關詳細信息，請參閱 LoadBalancerProbe 架構。For more information, see the LoadBalancerProbe schema.

• 源 NATSource NAT

  所有源自服務且流向 Internet 的出站流量都使用與傳入流量相同的 VIP 地址進行源 NAT (SNAT) 操作。All outbound traffic to the Internet that originates from your service undergoes source NAT (SNAT) by using the same VIP address as the incoming traffic. SNAT 的重要優勢在於：SNAT provides important benefits:

  • 可以輕松地對服務進行升級和災難恢復操作，因為 VIP 可以動態映射到服務的其他實例。It enables easy upgrade and disaster recovery of services, since the VIP can be dynamically mapped to another instance of the service.

  • 簡化了訪問控制列表 (ACL) 管理。It makes access control list (ACL) management easier. 以 VIP 表示的 ACL 不會隨着服務的增加、減少或重新部署而更改。ACLs expressed in terms of VIPs do not change as services scale up, down, or get redeployed.

    負載均衡器配置支持適用於 UDP 的完整圓錐型 NAT。The load balancer configuration supports full cone NAT for UDP. 完整圓錐型 NAT 是一種類型的 NAT，其中的端口允許入站連接來自任何外部主機（響應出站請求）。Full cone NAT is a type of NAT where the port allows inbound connections from any external host (in response to an outbound request).

    對於虛擬機啟動的每個新的出站連接，還會由負載均衡器分配出站端口。For each new outbound connection that a virtual machine initiates, an outbound port is also allocated by the load balancer. 外部主機會看到分配了虛擬 IP (VIP) 的端口的流量。The external host sees traffic with a virtual IP (VIP)-allocated port. 對於需要大量出站連接的方案，建議使用實例層級公共 IP 地址，這樣 VM 就有一個專用於 SNAT 的出站 IP 地址。For scenarios that require a large number of outbound connections, it is recommended to use instance-level public IP addresses so that the VMs have a dedicated outbound IP address for SNAT. 這可降低端口耗盡的風險。This reduces the risk of port exhaustion.

    有關此主題的更多詳細信息，請參閱出站連接一文。Please see outbound connections article for more details on this topic.

支持為虛擬機提供多個負載均衡的 IP 地址Support for multiple load-balanced IP addresses for virtual machines

可將多個負載均衡的公共 IP 地址分配給一組虛擬機。You can assign more than one load-balanced public IP address to a set of virtual machines. 可以通過此功能在同一組虛擬機上托管多個 SSL 網站和/或多個 SQL Server AlwaysOn 可用性組偵聽器。With this ability, you can host multiple SSL websites and/or multiple SQL Server AlwaysOn Availability Group listeners on the same set of virtual machines. 有關詳細信息，請參閱每個雲服務多個 VIP。For more information, see Multiple VIPs per cloud service.

負載均衡器之間的差異Load Balancer differences

使用 Microsoft Azure 分配網絡流量有不同的選項。There are different options to distribute network traffic using Microsoft Azure. 這些選項的工作方式彼此不同，具有不同的功能集，並支持不同的方案。These options work differently from each other, having a different feature set and support different scenarios. 這些選項每個都能單獨使用，也可以組合使用。They can each be used in isolation, or combining them.

• Azure 負載均衡器 在傳輸層（OSI 網絡參考堆棧中的第 4 層）工作。Azure Load Balancer works at the transport layer (Layer 4 in the OSI network reference stack). 它可對同一 Azure 數據中心中運行的應用程序實例間的流量進行網絡級分配。It provides network-level distribution of traffic across instances of an application running in the same Azure data center.
• 應用程序網關在應用程序層（OSI 網絡參考堆棧中的第 7 層）工作。Application Gateway works at the application layer (Layer 7 in the OSI network reference stack). 它充當反向代理服務，終止客戶端連接，並將請求轉發到后端終結點。It acts as a reverse-proxy service, terminating the client connection and forwarding requests to back-end endpoints.
• 流量管理器在 DNS 級別工作。Traffic Manager works at the DNS level. 它使用 DNS 響應將最終用戶流量定向到全球分布的終結點。It uses DNS responses to direct end-user traffic to globally distributed endpoints. 客戶端然后直接連接到這些終結點。Clients then connect to those endpoints directly.

下表總結了每個服務提供的功能：The following table summarizes the features offered by each service:

服務Service	Azure 負載均衡器Azure Load Balancer	應用程序網關Application Gateway	流量管理器Traffic Manager
技術Technology	傳輸層（第 4 層）Transport level (Layer 4)	應用程序層（第 7 層）Application level (Layer 7)	DNS 級別DNS level
支持的應用程序協議Application protocols supported	任意Any	HTTP、HTTPS 和 WebSocketHTTP, HTTPS, and WebSockets	任何（HTTP 終結點是終結點監視所必需的）Any (An HTTP endpoint is required for endpoint monitoring)
終結點Endpoints	Azure VM 和雲服務角色實例Azure VMs and Cloud Services role instances	任何 Azure 內部 IP 地址、公共 Internet IP 地址、Azure VM 或 Azure 雲服務Any Azure internal IP address, public internet IP address, Azure VM, or Azure Cloud Service	Azure VM、雲服務、Azure Web 應用和外部終結點Azure VMs, Cloud Services, Azure Web Apps, and external endpoints
虛擬網絡支持Vnet support	可用於面向 Internet 的應用程序和內部 (Vnet) 應用程序Can be used for both Internet facing and internal (Vnet) applications	可用於面向 Internet 的應用程序和內部 (Vnet) 應用程序Can be used for both Internet facing and internal (Vnet) applications	僅支持面向 Internet 的應用程序Only supports Internet-facing applications
終結點監視Endpoint Monitoring	通過探測支持Supported via probes	通過探測支持Supported via probes	通過 HTTP/HTTPS GET 支持Supported via HTTP/HTTPS GET

Azure 負載均衡器和應用程序網關都將網絡流量路由到終結點，但它們具有處理流量的不同使用方案。Azure Load Balancer and Application Gateway route network traffic to endpoints but they have different usage scenarios to which traffic to handle. 下表有助於了解這兩種負載均衡器之間的區別：The following table helps understanding the difference between the two load balancers:

類型Type	Azure 負載均衡器Azure Load Balancer	應用程序網關Application Gateway
協議Protocols	UDP/TCPUDP/TCP	HTTP、HTTPS 和 WebSocketHTTP, HTTPS, and WebSockets
IP 保留IP reservation	支持Supported	不支持Not supported
負載均衡模式Load balancing mode	5 元組（源 IP、源端口、目標 IP、目標端口、協議類型）5-tuple(source IP, source port, destination IP, destination port, protocol type)	輪循機制Round Robin 基於 URL 的路由Routing based on URL
負載均衡模式（源 IP/粘性會話）Load balancing mode (source IP /sticky sessions)	2 元組（源 IP 和目標 IP）、3 元組（源 IP、目標 IP 和端口）。2-tuple (source IP and destination IP), 3-tuple (source IP, destination IP, and port). 可以根據虛擬機數增加或減少Can scale up or down based on the number of virtual machines	基於 Cookie 的相關性Cookie-based affinity 基於 URL 的路由Routing based on URL
運行狀況探測Health probes	默認值：探測間隔 - 15 秒。Default: probe interval - 15 secs. 退出循環：2 次連續失敗。Taken out of rotation: 2 Continuous failures. 支持用戶定義的探測Supports user-defined probes	空閑探測間隔 30 秒。Idle probe interval 30 secs. 在 5 次連續實時通信失敗或空閑模式下單次探測失敗后取出。Taken out after 5 consecutive live traffic failures or a single probe failure in idle mode. 支持用戶定義的探測Supports user-defined probes
SSL 卸載SSL offloading	不支持Not supported	支持Supported
基於 URL 的路由Url-based routing	不支持Not supported	支持Supported
SSL 策略SSL Policy	不支持Not supported	支持Supported

限制Limitations

負載均衡器后端池可以包含任意 VM SKU，基本層除外。Load Balancer backend pools can contain any VM SKU except Basic tier.

后續步驟Next steps

• 詳細了解面向 Internet 的負載均衡器Learn more about Internet-facing load balancer

• 詳細了解內部負載均衡器概述Learn more about Internal load balancer overview

• 創建面向 Internet 的負載均衡器Create an Internet-facing load balancer

• 了解 Azure 的部分其他關鍵網絡功能Learn about some of the other key networking capabilities of Azure