英文:
2 VNETs vs. 1 VNET with 2 subnets?
问题
在Azure中,我可以创建:
- 一个虚拟网络(VNET)和其中的2个子网,或者
- 我可以创建两个虚拟网络(VNET),每个都有一个子网。
在实际中会有什么后果或区别?例如在路由、隔离等方面...
英文:
In Azure I can create
- one VNET and 2 subnets in it or
- I can create two VNETs, each with one subnet in it.
What are the practical consequences/differences? E.g in terms of routing, isolation...?
答案1
得分: 1
- 默认情况下,虚拟网络内子网之间的流量是允许的,而虚拟网络到虚拟网络的流量是不允许的。这些设置可以通过对等连接、网络安全组(NSG)等进行更改,但这可能会让你了解何时使用哪种方式。
- 虚拟网络不能跨越多个区域,因此如果您的资源位于不同的区域,您不能将它们放在同一个虚拟网络中。
一个合理的方法是为不同的工作负载(如开发/测试/生产)创建单独的虚拟网络,并在其中拥有子网,用于不同的资源。
然后还有"中心和辐射"架构,在这种架构中,包含工作负载(辐射)的不同虚拟网络可以通过专用虚拟网络(中心)访问,中心控制着流进和流出的流量。中心与辐射进行了对等连接。
文档还列出了一些考虑因素和Azure虚拟网络模式。
英文:
Well, it all depends on what you want to deploy, what your goal is. So I can only give some limited advice as I do not know your use case.
- Traffic between subnets within a VNET is allowed by default, whereas VNET to VNET traffic is not. This all can be changed through peering, Network Security Groups (NSG) and such but it might give you an idea when to use what.
- a VNET cannot span multiple regions, so if you have resources that are placed in different regions you cannot put them in the same VNET
A reasonable approach is to create seperate VNETs for different workloads like dev/test/prod and have subnets in them for the different resources.
Then there is the Hub and Spoke architecture in which different VNETs containing workloads (spokes) can be accessed through a dedicated VNET (the hub) that controls the traffic flowing in and out. The hub is peered with the spokes.
The docs also list some considerations and azure virtual networking patterns.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论