集成后 Azure Web 应用程序请求不通过 VNET
Azure web app request is not going through VNET after inegration
我在 Azure 门户上创建了一个 Web 应用程序,并将其与特定 VNET 下的子网集成。
现在,当我尝试从我的 Web 应用程序对我组织的内部中继服务器 IP 之一进行远程登录时,它没有连接。该请求来自 Web 应用程序的 APIPA 地址范围,而不是来自子网的地址范围。我使用 ifconfig 检查了 Web 应用程序的 IP,发现它取自 APIPA 地址范围而不是子网一。
知道我需要采取什么步骤才能使 Web 应用从 VNET 的子网地址范围而不是 APIPA 地址范围获取 IP。
提前致谢。
经过我的验证,当Linux上的应用服务与虚拟网络集成时。有一个额外的 NIC 绑定到应用程序服务。它是来自 APIPA 地址范围的 IP 地址。它看起来像是一种设计行为,因为 Linux 上的应用程序服务在标准 Docker 容器中是 运行,阅读 here. Also, for a normal app service is a multi-tenant environment, you can not get a dedicated IP address unless you are using a dedicated environment---ASE, read 。
此外,从how regional VNet Integration works,您将看到与 vNet 集成的应用程序服务与来自 VNet 的 VM 不同。
Regional VNet Integration works by mounting virtual interfaces with
addresses in the delegated subnet. Because the from address is in your
VNet, it can access most things in or through your VNet like a VM in
your VNet would. The networking implementation is different than
running a VM in your VNet. That's why some networking features aren't
yet available for this feature.
在这种情况下,如果您想为应用服务分配私有 IP 地址,可以使用 Azure Private Endpoint with web apps(Preview). Read this blog 了解更多详情。
Azure Private Endpoint provides private IP address access by using a
network interface controller (NIC) attached to a virtual network
subnet for an Azure web app, allowing access from an on-premise VPN or
ExpressRoute. Implementing an endpoint effectively blocks the public
inbound access. This technology is very similar to an internal App
Service Environment (ASE) but much cheaper.
我在 Azure 门户上创建了一个 Web 应用程序,并将其与特定 VNET 下的子网集成。 现在,当我尝试从我的 Web 应用程序对我组织的内部中继服务器 IP 之一进行远程登录时,它没有连接。该请求来自 Web 应用程序的 APIPA 地址范围,而不是来自子网的地址范围。我使用 ifconfig 检查了 Web 应用程序的 IP,发现它取自 APIPA 地址范围而不是子网一。
知道我需要采取什么步骤才能使 Web 应用从 VNET 的子网地址范围而不是 APIPA 地址范围获取 IP。
提前致谢。
经过我的验证,当Linux上的应用服务与虚拟网络集成时。有一个额外的 NIC 绑定到应用程序服务。它是来自 APIPA 地址范围的 IP 地址。它看起来像是一种设计行为,因为 Linux 上的应用程序服务在标准 Docker 容器中是 运行,阅读 here. Also, for a normal app service is a multi-tenant environment, you can not get a dedicated IP address unless you are using a dedicated environment---ASE, read
此外,从how regional VNet Integration works,您将看到与 vNet 集成的应用程序服务与来自 VNet 的 VM 不同。
Regional VNet Integration works by mounting virtual interfaces with addresses in the delegated subnet. Because the from address is in your VNet, it can access most things in or through your VNet like a VM in your VNet would. The networking implementation is different than running a VM in your VNet. That's why some networking features aren't yet available for this feature.
在这种情况下,如果您想为应用服务分配私有 IP 地址,可以使用 Azure Private Endpoint with web apps(Preview). Read this blog 了解更多详情。
Azure Private Endpoint provides private IP address access by using a network interface controller (NIC) attached to a virtual network subnet for an Azure web app, allowing access from an on-premise VPN or ExpressRoute. Implementing an endpoint effectively blocks the public inbound access. This technology is very similar to an internal App Service Environment (ASE) but much cheaper.