当前位置：文江博客话题详情

通过Azure Cloud连接不同国家 /地区的2台虚拟机

发布于 2025-01-22 07:12:32 字数 348 浏览 5 评论 0原文

我想连接两台虚拟机，一个在北美，另一台在亚洲。

当我说我想连接两台虚拟机时，仅仅是建立了此隧道后，他们就可以通过IP互相交谈，然后连接/交谈，就像在同一网络中一样。只有这两台机器会互相交谈。

我希望这种联系通过Azure云这样：

北美的机器将连接到北美的Azure云。
亚洲的机器将连接到亚洲的Azure。
北美和亚洲之间的数据仅是Azure云到Azure Cloud。

我已经阅读了有关Bastion，Gateway和其他Azure网络产品的阅读，但我不确定我需要真正实现这一目标。我对Azure提供的所有产品感到不知所措，我不确定我应该用什么来做我需要的事情。

原文

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

幸福还没到 2025-01-29 07:12:32

•由于您想在北美地区部署一台虚拟机，而另一台虚拟机在亚洲部署，此外，您希望它们之间的通信能够通过Azure Cloud本身进行，因此建议您使用“全球vnet peering”为此目的。正如您将在各个区域的虚拟网络中部署虚拟机，该虚拟网络由Azure Service Fabric的网络资源提供商管理，您可以在Azure的Backbone网络本身中凝视这些虚拟网络，并因此通过虚拟机的端口打开端口独立网络安全组。上面给出的上述方案的说明如下： -

•在不同位置连接两个VNET的第二种方法是使用VNET到VNET连接。 VNET到VNET连接本质上是两个不同的Azure位置之间的VPN。 VNET到VNET连接在VPN网关上建立。这意味着与全局VNET对等相比，您的流量将产生两个额外的流量跳跃（两端的两个网关）。这也意味着您会产生额外的延迟，并且VPN网关可以成为带宽的障碍。使用VNET到VNET连接的一个好处是，使用IPSEC对不同Azure区域之间的流量进行加密。 VNET对等在Microsoft骨干线上未加密运行，而VNET到VNET连接使用IPSEC将两个VNET连接在一起。以上所述的说明如下： -

•另外，您可以使用'ExpressRoute'将多个Azure区域中的VNET连接在一起。连接到Expressroute电路的每个VNET成为同一路由域的一部分。这意味着与Expressroute连接的每个VNET，无论它是在同一区域还是在另一个区域中，都将彼此之间具有连接性。该连接模型的缺点是所有流量都是将头发固定在Expressroute对等地点上的头发。这意味着您介绍其他网络延迟。两个网关之间的连接将在对等地点发生，但不会越过凝视网络。意思是，该连接停留在Microsoft网络上，但发夹发生在对等地点。上述所述的说明如下： -

• Since you want to deploy one of your virtual machines in North America region and the other one in Asia, and further you want the communication between them to happen over Azure cloud itself, then would suggest you to please use the ‘Global VNET peering’ option for this purpose. As you will deploy virtual machines in the respective region’s virtual network which are managed by Azure service fabric’s network resource provider, you can peer these virtual networks which are deployed in their respective regions over Azure’s backbone network itself and accordingly open the ports through the virtual machine’s independent network security group. An illustration of the above scenario is given below: -

• A second way to connect two VNETs in different locations is by using a VNET-to-VNET connection. A VNET-to-VNET connection is essentially a VPN between the two different Azure locations. The VNET-to-VNET connection is established on a VPN gateway. This means your traffic will incur two additional traffic hops as compared to global VNET peering (the two gateways on each end). This also means that you will incur additional latency, and the VPN gateways can become a bandwidth chokepoint. The one benefit of using a VNET-to-VNET connection is that the traffic between the different Azure regions will be encrypted using IPSEC. VNET peering runs over the Microsoft backbone unencrypted, while a VNET-to-VNET connection uses IPSEC to connect the two VNETs together. An illustration of the above said is given below: -

• Also, you can use ‘Expressroute’ to connect VNETs in multiple Azure regions together. Each VNET that is connected to an Expressroute circuit, becomes part of the same routing domain. This means that each VNET that is connected to Expressroute, regardless of whether it is in the same region or in a different region, will have connectivity to each other. The downside of this connection model is that all the traffic is hair pinned over the Expressroute peering location. This means you introduce additional network latency. The connection between the two gateways would happen at the peering location but would not go over the peered network. Meaning, the connection stays on the Microsoft network, but the hairpin happens at the peering location. An illustration of the above said is given below: -