Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

Intro

My notes on Azure’s Load Balancer service

Documentation

Tips And Tidbits

  • With Azure Load Balancer, you can spread user requests across multiple virtual machines or other services. 

  • Load balancers aren't physical instances.

    • Load balancer objects are used to express how Azure configures its infrastructure to meet your requirements.

  •  Load balancers use a hash-based distribution algorithm.

    • By default, a five-tuple hash is used to map traffic to available servers.

    • The hash is made from the following elements:

      • Source IP: The IP address of the requesting client.

      • Source port: The port of the requesting client.

      • Destination IP: The destination IP of the request.

      • Destination port: The destination port of the request.

      • Protocol type: The specified protocol type, TCP or UDP.

    • Because the source port is included in the hash and the source port changes for each session, clients might be directed to a different virtual machine for each session.

      • To mequests from a specific client to the same virtual machine, select Session persistence when configuring the LB.

  • To achieve high availability with Load Balancer:

Configuration

Service level agreement (SLA)

Information

Availability set

99.95%

Protection from hardware failures within datacenters

Availability zone

99.99%

Protection from entire datacenter failure

  • At least one backend and a health probe must exist before you can create a load balancing rule.

  • Outbound rules allow instances to use SNAT (source network address translation) to communicate with the internet.

    • This is only available in the Standard SKU (not the basic one).

    • Each public IP assigned as a frontend IP of your load balancer is given 64,000 SNAT ports for its backend pool members.

    • Ports can't be shared with backend pool members.

    • A range of SNAT ports can only be used by a single backend instance to ensure return packets are routed correctly.

    • It's recommended you use an explicit outbound rule to configure SNAT port allocation. This rule will maximize the number of SNAT ports each backend instance has available for outbound connections.

    • See Default port allocation

    • Using Source Network Address Translation (SNAT) for outbound connections

      • Outbound rules enable you to explicitly define SNAT (source network address translation) for a Standard Public Load Balancer.

      • This configuration allows you to use the public IP or IPs of your load balancer for outbound connectivity of the backend instances.

      • SNAT prevents outside sources from having a direct address to the backend instances.

      • Outbound rules Azure Load Balancer

Load Balancer Types

Two products are available when you create a load balancer in Azure: basic load balancers and standard load balancers.

Basic load balancers allow:

  • Port forwarding

  • Automatic reconfiguration

  • Health probes

  • Outbound connections through source network address translation (SNAT)

  • Diagnostics through Azure Log Analytics for public-facing load balancers

  • Basic load balancers can be used only with Virtual machines in a single availability set or a virtual machine scale set.

  • Basic load balancer is offered at no charge

Standard load balancers support all of the basic features. They also allow:

  • HTTPS health probes

  • Availability zones

  • Diagnostics through Azure Monitor, for multidimensional metrics

  • High availability (HA) ports

  • Outbound rules

  • A guaranteed SLA (99.99% for two or more virtual machines)

Health Probes

  • A very detailed description on how to setup probes for TCP and HTTP: Load Balancer health probes

  • When using load-balancing rules with Azure Load Balancer, you need to specify health probes to allow Load Balancer to detect the backend endpoint status.

  • The configuration of the health probe and probe responses determine which backend pool instances will receive new flows.

  • You can use health probes to detect the failure of an application on a backend endpoint.

  • You can also generate a custom response to a health probe and use the health probe for flow control to manage load or planned downtime.

  • When a health probe fails, Load Balancer will stop sending new flows to the respective unhealthy instance.

    • Outbound connectivity is not impacted, only inbound connectivity is impacted.

  • Probe types: TCP, HTTP (Basic SKU) and TCP, HTTP, HTTPS (Standard SKU).

  • Load Balancer health probes originate from the IP address 168.63.129.16 

  • HTTP(S) Load Balancer health probes will automatically probe down an instance if the server returns any status code that is not HTTP 200 OK or if the connection is terminated via TCP reset.

  • Health probe configuration consists of the following elements:

    • Duration of the interval between individual probes

    • Protocol of the probe

    • Port of the probe

    • HTTP path to use for HTTP GET when using HTTP(S) probes

Pricing and SLA

See: Pricing and SLA

Internal and external load balancers

  • An external load balancer operates by distributing client traffic across multiple virtual machines.

    • Permits traffic from the internet.

  • An internal load balancer distributes a load from internal Azure resources to other Azure resources.

    • No traffic is allowed from internet sources.

Session Persistence

To programmatically set the LB to use session persistence. This is done through the LoadDistribution property being set to sourceIp

$lb = Get-AzLoadBalancer -Name MyLb -ResourceGroupName MyResourceGroup
$lb.LoadBalancingRules[0].LoadDistribution = 'sourceIp'
Set-AzLoadBalancer -LoadBalancer $lb

Creating a LB from Portal

See Quickstart: Create a public load balancer to load balance VMs using the Azure portal

  • Front-end load balancer. You also need to create a public IP

Create a backend pool

A backend address pool contains the IP addresses of the virtual (NICs) connected to the load balancer.

Create a health probe

The load balancer monitors the status of your app with a health probe.

The health probe adds or removes VMs from the load balancer based on their response to health checks.


Create a load balancer rule

A load balancer rule is used to define how traffic is distributed to the VMs. You define the frontend IP configuration for the incoming traffic and the backend IP pool to receive the traffic. The source and destination port are defined in the rule.

Create the virtual network

  • Create the VNET and its full address space.

  • Add subnet range

  • Add a Bastion

  • No labels