Azure Load Balancer

What is the Azure Load Balancer?

When users interact with a cloud-based application, fast responses are vital as they yield customer satisfaction. When there is a surge in network traffic, the server should be able to handle it. This is where load balancing comes into the picture. It helps in maintaining the availability of cloud-based applications to users. It prevents a server from getting overloaded and stopping.

The azure load balancer distributes incoming network load across backend resources, so the application server functions properly. It operates on the fourth layer of the Open Systems Interconnection (OSI) model, where it acts as the single point of contact for the users. The inbound flows that arrive at the load balancer's frontend are distributed among backend pool instances, which might be Azure Virtual Machines or instances in a virtual machine set.

             Interested in learning Azure Course ? Enroll in our Microsoft Azure Certification Training program now!

Types of Azure Load Balancer

We can create load balancers in the following ways. 

Public load balancer - It is used to balance internet traffic coming to the VM's. It will provide outbound connections for virtual machines (VMs) that are present inside a virtual network by translating a private IP address to a public IP address.

Internal (or private) load balancer - It is used when private IPs are needed at the frontend only. It will balance the traffic inside a virtual network when the application needs to be accessed on-premises.

Why use Azure Load Balancer?

Here are some reasons why we can use Azure load balancer.

• The Azure load balancer supports both inbound and outbound scenarios.
• It provides low latency and high throughput.
• It can scale up to millions of flows for an application.
• It increases resource availability by distributing them across zones and regions.
• It can balance both internal and external traffic to virtual machines.
• It balances the load on TCP and UDP flows on all ports.
• It is built on top of the zero-trust network security model.

Azure Load Balancer components

Azure load balancer runs on a few components that can be configured in the following ways.

• Azure portal
• Azure CLI
• Azure PowerShell
• Resource Manager Templates

Frontend IP configuration

An IP address will be the point of contact for the users. It can either be a public IP address or a private IP address. The type of load balancer depends on the nature of the IP address. Selecting a public IP address creates a public load balancer. Selecting a private IP address creates a private load balancer. A load balancer can have multiple ports, multiple frontend IP addresses, or both. 

Backend pool

A backend pool is a group of virtual machines or instances in a virtual machine scale set. This backend pool serves the incoming requests. Computing guidelines recommend adding more instances to the backend pool to meet high volumes of incoming traffic. When we scale instances up or down, the load balancer automatically reconfigures itself without additional operations.

Health probes

A health probe determines the health of the instances in the backend pool, which means if an instance can receive traffic or not. We have to configure a health probe while creating a load balancer and define the unhealthy threshold for health probes. If an instance is unhealthy, the load balancer does not route any traffic to that instance. This does not affect the existing connection. The connection continues until the flow ends, or idle time occurs, or the VM shuts down. TCP, HTTP, and HTTPS are the types of health probes available for the load balancer.

Load Balancing rules

The traffic distribution to all the instances depends on the load balancing rules. It defines how to distribute the load to healthy instances available in the backend pool. It maps a frontend IP address and port to multiple backend IP addresses and ports.   

High Availability Ports

The 'protocol - all and port - 0' load balancing rules enforce a single rule on all the TCP and UDP flows that come to all ports of an internal load balancer. It helps in handling critical situations like scaling network virtual appliances (NVAs) and high availability. The load balancing decision will be based on source IP address, source port, destination IP address, destination port, and protocol.

Inbound NAT rules

An inbound NAT rule is defined to forward the incoming traffic that arrives at the frontend IP address and port combination to the specific virtual machine or instance in the backend pool. This kind of port forwarding is done by the same hash-based distribution as load balancing. The frontend IP addresses remotely administer VMs without any additional functions. Inbound NAT rules can be called as inbound NAT pools in the context of virtual machine scale sets.

Outbound rules

An outbound rule defines outbound Network Address Translation (NAT) for the instances or VMs available in the backend pool. It enables the instances or VMs in the backend pool to communicate with the internet. The outbound connectivity is provided through different mechanisms by the load balancer.

Load balancing algorithm

As mentioned earlier, we can create load balancing rules to route traffic from the frontend IP address to the backend pool. These flows are distributed by the load balancer using a hashing algorithm by rewriting the headers of flows. It uses a five-tuple hash by default which includes,

• Source IP address
• Source port
• Destination IP address
• Destination port
• IP protocol number to map flows to available servers

When a flow starts, it uses a two or three-tuple hash to create a link to the source IP address such that packets of the same flow arrive in the same instance. When a client starts a new flow from the same source IP address, the source port changes. The five-tuple hash causes the traffic to go to a different backend endpoint.

Limitations of Load Balancer

The Azure load balancer does have some limitations.

• It does not support floating IP address on secondary IP configurations for internal load balancing.
• A load balancer rule cannot work with two virtual machines. Both the frontend and the backend instances should be located in the same virtual network.
• The Microsoft platform services and web worker roles without a virtual network can only be accessible from instances behind an internal load balancer.
• The load balancing rules only support TCP and UDP, and it does not support other IP protocols.
• The outbound flow from a backend virtual machine to a frontend with an internal load balancer will fail.
• The IP fragmentation of UDP and TCP packets is not supported on load-balancing rules. To forward existing IP fragments, we can use HA ports load-balancing rules.

Microsoft Azure Certification Training

• Master Your Craft
• Lifetime LMS & Faculty Access
• 24/7 online expert support
• Real-world & Project Based Learning

Explore Curriculum

Creating a Public Load Balancer

Let us create a public load balancer that balances the load on the VMs. Navigate to https://portal.azure.com and log into your Azure account.

Create a resource group

Click on 'Create a resource' in the top-left corner. Click on 'Networking' and select the 'Load Balancer' option. You will get a load balancer page for configuration. In the 'Basics' tab, select your subscription. Click on 'Create new' for the resource group and give a name for it. Give a name for your load balancer, select 'West Europe' as region, 'Public' as type, and 'Standard' as SKU. If you have an existing public IP address, give that for the 'Public IP address' field or create a new one. Also, give a name for the 'Public IP address name' field. Select 'Zone-redundant' for the Availability zone field, give no for 'Add a public IPv6 address' field. Click on 'Review + create' at the end of the page. You will be navigated to the next tab, click on 'Create'.

Create a backend pool

Select the 'All services' option on the left-side menu. Click on 'All resources' and select the load balancer that you created earlier from the resources list. Go to settings, select the 'Backend pools' option, and click on 'Add'. You will get a 'Add a backend pool' page where you can specify the name of the backend pool. Once done, click on 'Add'.

Create a health probe

Select the 'All services' option on the left-side menu. Click on 'All resources' and select your load balancer from the resources list. Go to settings, select the 'Health probes' option, and click on 'Add'. Give a name for the health probe, select 'HTTP' for the 'Protocol' field, enter 80 for the 'Port' field, enter 15 for the 'Interval' field, select 2 for the 'Unhealthy threshold' field, and click on 'OK'. 

Create a load balancer rule

Select the 'All services' option on the left-side menu. Click on 'All resources' and select your load balancer from the resources list. Go to settings, select the 'Load balancing rules' option, and click on 'Add'. Give a name for the rule, select IPv4 for the 'IP Version', and select your load balancer frontend for the 'Frontend IP address'. Give TCP for the 'Protocol' field, enter 80 for the 'Port' field, and enter 80 for the 'Backend port' field. Select the backend pool and health probe that you created earlier. Select No for the 'Create implicit outbound rules' option and click on 'OK'.

Linking a virtual network

Go to the 'Networking' tab and select your virtual network for the 'Virtual network' field. Select your backend subnet for the 'Subnet' field. Choose none for the 'Public IP' field, select 'Advanced' for the 'NIC network security group' field. Create a new network security group. Under the 'Load balancing' section, select Yes for the 'Place this virtual machine behind an existing load balancing solution?' field. Select 'Azure load balancing' for the 'Load balancing options' field. Choose the load balancer that you created earlier for the 'Select a load balancer' option. Choose your backend pool for the 'Select a backend pool' field.

Select off for the 'Boot diagnostics' field in the Management tab. Click on 'Review + create'. On reviewing the settings, click on 'Create'. This process should be followed for all the VM's in the virtual network.

Create an outbound rule configuration

Select the 'All services' option on the left-side menu. Click on 'All resources' and select your load balancer from the resources list. Go to settings, select the 'Outbound rules' option, and click on 'Add'. Create a new frontend IP address and set the timer to '15 minutes' for the 'Idle timeout' field. Select 'Enabled' for the 'TCP Reset' field, create a backend pool, select 'Manually choose the number of outbound ports' for the 'Port allocation' field. Select 'Ports per instance' for the 'Outbound ports' field, enter 10000 for the 'Ports per instance' field, and click on 'Add'.

Add virtual machines to outbound pool

Select the 'All services' option on the left-side menu. Click on 'All resources' and select your load balancer from the resources list. Go to settings, select the 'Backend pools' option, and choose your backend pool from the list. Choose your virtual network for the 'Virtual network' option. Select '+ Add' for the 'Virtual machines' option. Choose all the virtual machines in your virtual network. Select 'Add' and click on 'Save'.

Subscribe to our YouTube channel to get new updates..!

Subscribe

Install IIS

Go to 'All Services', click on 'All resources', choose a VM from the resource group. Go to the overview page, select 'Connect', and click on 'Bastion'. Give the username and password of your VM, and click on 'Connect'. Navigate to 'Windows Administrative Tools' and click on 'Windows PowerShell'. Execute the following commands,

Install-WindowsFeature -name Web-Server -IncludeManagementTools
remove-item C:\inetpub\wwwroot\iisstart.htm
Add-Content -Path "C:\inetpub\wwwroot\iisstart.htm" -Value $("You are on " + $env:computername)

Close the Bastion session of your VM. Repeat the same process for all the VMs in your virtual network.

Test the load balancer

You can get the public IP address of the load balancer from the overview page. Go to 'All Services', click on 'All resources', and select your public IP. Copy the public IP address and run it in a browser. The default page configured in IIS will be displayed on the browser. To test the load balancing, try refreshing the page from different browsers at the same time. You can see which VM you are interacting with.

Conclusion

A load balancer supports multiple rules with multiple frontends. Availability zone configurations are available for both types of public and private load balancers. Azure load balancer always works on a DSR flow topology. Defining floating IP adds additional flexibility for the load balancer. In this post, you have learned all about the Azure load balancer and how to create it. After your work is done with the load balancer, delete the load balancer, resource group, and all the related resources.