Creating a Load Balancer in the Microsoft Cloud: Azure

WHAT IS AZURE LOAD BALANCER?

Azure Load Balancer secures high availability and network performance to your applications/frontend/backend.

It is a Layer 4 load balancer (TCP/UDP) that distributes traffic among instances of services defined in the load-balanced set.

You can load-balance web applications, Virtual Machines, and so-on by routing traffic based on NAT rules that you configure on the load-balancer.

AZURE LOAD BALANCER CONFIGURATION

  • Internet-facing load balancing: Load balance incoming Internet traffic to virtual machines.
  • Internal load balancing :
    • Load Balance Virtual Machines in cloud services or on-premise computers.
    • Load Balance Virtual Machines in a cross-premises virtual network.
    • Load Balance traffic between virtual machines in a virtual network.
  • Forward external traffic to a specific virtual machine.

All resources in the Azure cloud need a public IP address to be reachable from the Internet.

Cloud infrastructure in Azure uses non-routable IP addresses for its resources.

Azure uses network address translation (NAT) with public IP addresses to communicate to the Internet.

AZURE LOAD BALANCER SETUP AND CONFIGURATION

  • Log in to the Azure Portal, sign in with your Azure account.
  • Click New > Networking > Load Balancer.
  • Create Load Balancer

Azure Load Balancer in the Marketplace

  • Enter a Name for your load balancer.
  • Select Types Public or Internal.
  • We can use internal load balancers to balance traffic from private IP addresses.
  • Public load balancers can balance traffic originating from public IP addresses.
  • Select the Public IP address and create new Public IP address
  • Select the subscription
  • Create the Resource Group or select an existing Resource Group
  • We can choose the location based out of a region.
  • Click on Create.

Creating a Azure Load Balancer

We get a validation and the Load balancer will be up and running within 5 to 10 minutes.

AZURE LOAD BALANCER CONFIGURATION

Once the Azure Load Balancer is created and validated, select the Loadbalancer.

OVERVIEW:

It will show all the Azure Network load balancer like IP address, Health Probes, Load Balancing rule, NAT rules, Tags, IAM, Subscription ID  and so on.

Overview of Azure Load Balancer

ACTIVITIES LOGS:

Similar to event logs, it gives you insight into what’s going on, what has initiated it, and how long did it take etc.

Azure Load Balancer Activity Log

 

ACCESS CONTROL (IAM):

IAM is Role based access authentication for the Loadbalancer, it’s a way to secure who can manage them and gives you a way to restrict and scope down who has access to the Loadbalancer.

Azure Access Control (IAM)

TAGS:

Tags give you a way of categorizing as well as consolidating billing by applying tags to resources, and resource groups.

Azure tags

DIAGNOSE AND SOLVE PROBLEM: 

This is the Microsoft Cloud: Azure Knowledgebase solution. It collects information and provides you with KB’s and solutions for common scenarios.

Examples are:

  • Load Balanced VMs are not receiving traffic
  • VMs behind Load Balancer (LB) not responding to requests
  • ADFS & SharePoint connections fail behind Load Balancer over VPN
  • My issue is not listed

chrome_2017-09-05_15-10-11

AZURE LOAD BALANCER FRONT END POOL:

Front-end pool has public IP (PIP) addresses for incoming network traffic

frontendipconfigurationazureloadbalancer

BACK-END ADDRESS POOL:

  • It contains network interfaces (NICs) for the virtual machines to receive network traffic from the load balancer.
  •  The virtual machine will be selected in the backend pool should be the target for the load-balancing traffic of the rule.

We can add the VMS in the backend pool explained below:

  • Single Virtual Machine: We can a Single Virtual Machine in a Backend pool.
  • Availability Set: Best Practice recommended by Microsoft, that we add an Availability set in Azure for the load balancer which provides better reliability and performance for an Azure Load balancer.

When we add the Availability Set, all the VMs will be added automatically as a part of Availability Set to the Backend pool .

backendaddresspool

 

We select the Availability Set as per below configuration based on the requirements.

  • Name: Your organization standard.
  • IP Version: IPv4 or IPv6.
  • Associated with Single Virtual Machine or Availability Set.

HEALTH PROBES: 

Protocol: Load Balancer will work on HTTP or TCP protocol, select the protocol you want to route the traffic for your applications.

Port: You can select the port number where you want to allow the traffic and https port 443 or TCP port 80, or monitor across the role port.

Interval: Amount of time between probe attempts.

Unhealthy Threshold: The number of consecutive probe failures that must occur before a virtual machine is considered unhealthy.

Loadbalancer Healthprobe


LOAD BALANCING RULES

We can configure the Load balancing rule based on the application requirements. We may enable the below configuration for load balancing.

Interval: Amount of time between probe attempts.

Unhealthy Threshold: The number of consecutive probe failures that must occur before a virtual machine is considered unhealthy.

Front End IP address: Client will communicate to load balancer via selected IP address, services will have their traffic routed to the target machine over this NAT rule.

Backend Port: You can choose to route traffic to the virtual machines in the backend pool using a different port than the one clients use to communicate with the load balancer.

Backend Pool: Virtual Machine will be selected in the backend pool and will have traffic routed via this rule.

Health Probe: Probe used with this rule, will be used to determine which Virtual Machines in the backend pool are healthy, and may receive load balanced traffic.

Session Persistence: Ensures that traffic from a client should be handled by the same Virtual Machine in the backend pool for the duration of its session.

None: Specifies that successive requests from the same client may be handled by any Virtual Machine

Client IP: Specifies that successive requests from the same client IP address will be handled by the same Virtual Machine.

 

Floating IP: This feature should be used when you configure SQL always on availability on a Group listener. It can be enabled only when creating a rule and the backend port matches.

load balancing rules azure

INBOUND NAT RULES

Mapping of rules for the public port on the load balancer to a port for a specific Virtual Machine in the back-end address pool.

Name: Name based on your organization standard.

Frontend IP address: Client will communicate with the load balancer on selected IP address and services will have traffic routed to the target machine by this NAT rule.

IP version: The front end IP address must match the IP version of the target network IP configuration. Public load balances support both IPv4 and IPv6. Internal load balances currently only support IPv4.

Network IP Configuration: Based on the IP configuration it will receive traffic from the chosen Virtual Machine. The IP must match the IP version of the front-end IP address.

Port Mapping: Default traffic is routed to the target Virtual Machine on the same port that clients use to communicate with the load balancer. You can specify a custom port mapping to route traffic to a different port on the target Virtual Machine.

Services: Select any service like: HTTP, SSH, Telnet, MongoDB, CosmosDB, and so on.

Associated to: You can choose the VM which you want traffic to route first based on the requirements of that application.

Protocol: Dependent on the service you need to select the TCP/HTTP Protocol.

Port: Dependent on the services you need to select the TCP/HTTP port to route the traffic like port number 80 or 443 etc.

Network IP Configuration: Determined by your configuration and VM configuration it will go by the associated VM internal IP address.

 

inbound nat rules

inbound nat rules2

PROPERTIES:

This will show you where the resources are deployed, and what the current configuration is, and what subscription it’s on.

load balancer properties

LOCK:

We can avoid deleting the services with the configuration of a lock option.

azure locks loadbalancer

Diagnostic Logs:

It shows your application logs and it will help to analyze the issue and troubleshoot further if there is any issue with the applications.

loadbalancer diagnostics

 

If you want a deeper technical dive into the Azure Load Balancer refer to Microsoft doc the here, if you are curious about pricing the Azure Load Balancer use the Calculator. Don’t forget to keep an eye out on the Service Updates.

As always you can reach me on twitter at @UlvBjornsson or via comments.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s