Notes from MS Learn AZ-700 Module 4: Load balance non-HTTP(S) traffic in Azure – Unit 3: Design and Implement Azure Load Balancer Using the Azure Portal
Operates at L4 of OSI model. Single point of contact for clients. Azure Load Balancer distributes inbound flows from the front end to the backend pool. Follow load-balancing rules and health probes. Backend pools can be Azure VMs or instances in a VM scale set.
- Choosing a load balancer type
- Two types of load balancers
- Public
- Can provide outbound connections for VMs inside VNet
- Connections via translating private IP to public IP
- Used to distribute client traffic from internet across VMs
- Internet traffic source examples
- Browsers
- Module Apps
- Etc
- Internal
- Use where private Ips needed at frontend only
- Use to load balance traffic from internal Azure resources to other resources in VNet
- Frontend can also be accessed from on-prem in hybrid scenario
- Public
- Two types of load balancers
- Azure Load Balancer and Availability Zones
- Azure services supporting availability zone categories
- Zonal: Resources assigned to specific zone
- Zone-redundant: Resources replicated or distributed across zone automatically. Replicated across 3 zones
- Nonregional: Service always available from Azure geographies, resilient to zone-wide outage and region-wide outage
- Load Balancer supports availability zones.
- Use Standard Load Balancer to increase availability throughout scenario by aligning resources with and distribution zones
- Load Balancer can be
- Zone Redundant
- In region with availability zones, Standard Load Balancer
- Single Frontend IP survives zone failure
- Frontend IP can be used to reach all backend pool members in any zone
- One or more availability zone can fail and data path survives if one zone remains
- Zonal
- Frontend guaranteed to a single zone
- Data path unaffected by failure in zone it’s guaranteed in
- Can expose frontend IP per availability zone
- Frontend directly load balanced endpoints in each zone supported
- Use to expose per zone load-balanced endpoints to individually monitor each zone
- Public endpoints: integrate them with DNS load-balancing like Traffic Manager and use single DNS name
- For public frontend add zones parameter to public IP
- IP is frontend IP config used by respective rule
- Internal frontend add zones parameter to internal load-balancer frontend IP config.
- Guarantees IP address in subnet to specific zone
- Nonzonal
- Zone Redundant
- Azure services supporting availability zone categories
- Selecting an Azure Load Balancer SKU
- Two SKU’s Available
- Basic
- Standard
- SKU’s differ in
- Scope/Scale
- Features
- Cost
- Any Basic scenario also possible under Standard
- (Table below from MS Learn)
-
- MS recommends Standard
- Standalone VM, Availability sets, VM scale sets connect to only one SKU (not both)
- Load balancer and public IP addr SKU must match when used together
- SKU’s not mutable – cannot change SKU of existing resource
- Two SKU’s Available
- Creating and configuring an Azure load balancer
- Several tasks for successful creation
- Create load balancer
- Example – Public (external) load balancer in Basic SKU
- Search and click Load Balancer in Azure Portal
- Click Create and enter the following as required
- Subscription
- Resource Group
- Name
- Region
- Type – Internal in this example
- Internal (private)
- Public (external)
- SKU – Standard in this examples
- Standard – Use for production
- Basic – Use for testing/eval and training
- Tier (only in Standard)
- Regional – within a region
- Global – across regions
- Public IP Address
- New
- Existing
- Can specify name, dynamic/static
- Can add IPv6 addr
- Click Review + Create
- Click Create once validated
- Select Go to resource
- Example – Public (external) load balancer in Basic SKU
- Add backend pool
- Example Steps
- From Azure portal select All resources
- Choose your new load balancer
- Choose backend pools under settings
- Choose Add
- Enter Name
- Virtual Network – specify name of VNet resources are located
- Associate to – Associate backend pool to 1 or more VM or VM scale set
- IP Version – IPv4 or IPv6
- Can add existing VMs to backend pool or create and add later
- Click Add
- Example Steps
- Add VM to backend pool
- Example Steps
- On Backend pools select the new backend pool
- Virtual network – Specify name of VNet backend resources located
- Associated to – backend pool with one or more VMs or VM scale sets
- IP Version – IPv4 or IPv6
- Click Add
- Click Save
- On Backend pools select the new backend pool
- Example Steps
- Add health probes
- Example Steps
- On backend pools page click Health probes under settings
- Click add on Health Probes Page
- Name – Unique name for probe
- Protocol – TCP or HTTP
- Port – Dest port (default 80)
- Interval – In seconds (default 5)
- Unhealth threshold – # of probe failures before VM considered unhealthy (default 2)
- Click Add
- Example Steps
- Add a load balancer rule
- Rule distributes inbound traffic across group of backend pools. Only health backend pools receive traffic
- Example Steps
- On Health probe page of load balancer select Load balancing rules under settings
- Click Add
- Name – Unique name
- IP Version – IPv4 or IPv6
- Frontend IP – Select existing public-facing IP of load balancer
- Protocol – TCP or UDP
- Port – default is 80
- Backend port – can choose to route to backend VM on different port
- Backend pool – Choose existing backend pool. VM’s are target for LB traffic
- Health prove – Choose existing or create new
- Session persistence – Specifies traffic processed by same VM in session
- None
- Successive request handled by any VM
- Client IP
- Successive requests from client IP handled by same VM
- Client IP and protocol
- Successive request from same client IP and Proto handled by same VM
- None
- Idle timeout (in minutes) – Time to keep TCP/HTTP connection open without client keep-alive -Default 4 mins (minimum setting) 30 minutes (maximum setting)
- Floating IP
- Enabled
- Azure changes IP addr mapping to Frontend IP of load balancer
- Disabled
- Azure exposes traditional load balancing IP addr mapping
- Enabled
- Click Add
- Example Steps
- Rule distributes inbound traffic across group of backend pools. Only health backend pools receive traffic
- Create load balancer
- Several tasks for successful creation
- Test load balancer
- Copy/Paste public IP into browser to receive a response from a VM.
- Refresh multiple times to make sure you get other VM responses