Open in app

Sign in

Write

Sign in

Implementing load balancer in Azure

Kristi Ndoni
6 min readFeb 26, 2023

--

You have been tasked to create following infrastructure in Microsoft Azure. While practically creating this infrastructure we will learn how to configure different components in azure and will se different types of load balancers and how they work with each other. In layer 3 we have two types of Azure Load balancers Basic and Standard. For this task I have chosen basic public and private load balancer.

Types of Azure Load Balancer layer 4:

  1. Basic Load Balancer: Basic Load Balancer is a regional load balancer that works at the transport layer (Layer 4) of the OSI model. It can balance the load between virtual machines in a single availability set or a virtual machine scale set. It is limited in functionality compared to the Standard Load Balancer and does not offer features such as cross-zone load balancing, custom probes, or traffic distribution based on source IP.
  2. Standard Load Balancer: Standard Load Balancer is a global load balancer that works at the transport layer (Layer 4) of the OSI model. It offers additional features such as cross-zone load balancing, custom probes, and traffic distribution based on source IP. It can also balance the load between virtual machines in different availability sets or virtual machine scale sets across different regions. It provides more advanced health probes, higher availability, and better scalability than Basic Load Balancer.

Let’s get started:

At first I set up the virtual network vnet_1 in address space 10.0.0.0/16 and subnet in 10.0.0.0/24.

az network vnet create \ 
  — resource-group myResourceGroup \ 
  — name vnet_1 \ 
  — address-prefixes 10.0.0.0/16 \ 
  — subnet-name subnet_1 \
  — subnet-prefixes 10.0.0.0/24

Then we create an azure virtual machine called VM1, together with a network security group so we can define rules about access regarding the vm1. After that we start seting up the load balancer

az vm create \ 
  — name VM1 \ 
  — resource-group myResourceGroup \ 
  — location westeurope \ 
  — image win2019datacenter \ 
  — admin-username azureuser \ 
  — admin-password <password> \ 
  — size Standard_B2s \ 
  — nsg VM1NSG \ 
  — public-ip-address “” \ 
  — vnet-name vnet_1 \ 
  — subnet subnet_1

az network public-ip create --name PIP_1 --resource-group myResourceGroup --allocation-method Static --sku Standard
az network lb create --name LB_1 --resource-group myResourceGroup --sku Basic --public-ip-address PIP_1 --frontend-ip-name FE_1 --backend-pool-name BE_1
az network lb probe create --name HTTPProbe --resource-group myResourceGroup --lb-name LB_1 --port 80 --protocol Http --path /healthcheck
az network lb rule create --name HTTPRule --resource-group myResourceGroup --lb-name LB_1 --probe-name HTTPProbe --protocol Tcp --frontend-ip-name FE_1 --frontend-port 80 --backend-pool-name BE_1
az network lb inbound-nat-rule create --name RDPRule --resource-group myResourceGroup --lb-name LB_1 --frontend-ip-name FE_1 --protocol Tcp --frontend-port 3389 --backend-port 3389 --backend-ip-address 10.0.0.4

In the above azure cli commands we start creating an public IP address that the load balancer will be using. The backend pool that will be referencing to VM1 that we created earlier. Load balancing rule specifying that all HTTP calls from frontend will be allowed at port 80 (user calls). One HTTP probe which will check for health of the load balancer. And one inbound nat rule so we can access the VM1 through rdp at port 3389.

After we have all the first part set up, we start creating VNET_2 with the following configuration. I created here two subnets one for VMSS and one that will be used by the load balancer. We can change subnet of load balancer in GUI as well.

az network vnet create \ 
  - resource-group myResourceGroup \ 
  - name vnet_2 \ 
  - address-prefixes 10.1.0.0/16 \ 
  - subnet-name subnet_2 \
  - subnet-prefixes 10.1.0.0/24
  - subnet-name subnetLB_2 \
  - subnet-prefixes 10.1.2.0/24

We start creating VMSS with two instances that will serve as the backend pool of the internal load balancer. I choose the manual upgrade policy so we can add scaling options to VMSS instances.

az vmss create --name myScaleSet \
  --resource-group myResourceGroup \
  --image Win2019Datacenter \
  --vm-sku Standard_B2s \
  --upgrade-policy-mode Manual \
  --admin-username azureuser \
  --admin-password Azure123456! \
  --vnet-name VNET_2 \
  --subnet Subnet2 \
  --backend-pool-name myInternalBackendPool \
  --lb myInternalLoadBalancer \
  --lb-sku Basic \
  --storage-sku Standard_LRS \
  --instance-count 2 \
  --zones 1

Then we can create the internal load balancer

az network lb create \
  --resource-group myResourceGroup \
  --name myInternalLoadBalancer \
  --sku Basic \
  --vnet-name VNET_2 \
  --subnet SubnetLB_2 \
  --private-ip-address 10.1.0.5 \
  --frontend-ip-name myFrontEndPool \
  --backend-pool-name myInternalBackendPool

At this stage we want to have an install script for IIS so the windows machines have their own html pages so we can see how the load balancer is working. To achieve this we have to create a storage account with one container that will have the install.ps1 script as data and then this script will be added through custom script extension to VMSS.

VMSS instances used as backend pool for internal load balancer seems to not be having internet. To solve this issue I created a bastion in vnet_2 togther with a NAT gateway so the instances become exposed to internet.

Create a bastion public IP address
az network public-ip create \
    --resource-group CreateIntLBQS-rg  \
    --name myBastionIP \
    --sku Standard \
    --zone 1 2 3

Create a bastion subnet
az network vnet subnet create \
    --resource-group CreateIntLBQS-rg  \
    --name AzureBastionSubnet \
    --vnet-name myVNet \
    --address-prefixes 10.1.1.0/27

Create the bastion host
az network bastion create \
    --resource-group CreateIntLBQS-rg  \
    --name myBastionHost \
    --public-ip-address myBastionIP \
    --vnet-name myVNet \
    --location westus3

Create NAT gateway
To provide outbound internet access for resources in the backend pool, create a NAT gateway.

Create public IP
  az network public-ip create \
    --resource-group CreateIntLBQS-rg \
    --name myNATgatewayIP \
    --sku Standard \
    --zone 1 2 3

Create NAT gateway resource
  az network nat gateway create \
    --resource-group CreateIntLBQS-rg \
    --name myNATgateway \
    --public-ip-addresses myNATgatewayIP \
    --idle-timeout 10

Associate NAT gateway with subnet
  az network vnet subnet update \
    --resource-group CreateIntLBQS-rg \
    --vnet-name myVNet \
    --name myBackendSubnet \
    --nat-gateway myNATgateway

Here is the peering of vnet_1 to vnet_2:

az network vnet peering create \
--name VNET_1-to-VNET_2 \
--resource-group myResourceGroup \
--vnet-name VNET_2

The last thing to be done is creating a private endpoint with vnet_2 and storage account. The most important thing here is adding the right resource types and under virtual network selecting the right subnet to which it should be added.

Conclusion

We set up a complete, infrastructure with two load balancers public and private. In my scenario I was able to access VM1 through frontend ip of public load balancer at port 3389. Inside of VM1 after I loged in with rdp with the created credentials I could access the frontend IP of the private load balancer, which landed me to different vmss instances. Storage account can be accessible in both vnets because of vnet peering we added.

Thank you for taking the time out of your day to read this article. I hope you were able to get some value from the content. If this content interests you, follow my page for more articles on DevOps tools and methodologies.

Microsoft Azure
DevOps
Load Balancing
Infrastucture
Azure Administrator

--

--

Kristi Ndoni
Kristi Ndoni

Written by Kristi Ndoni

12 Followers
5 Following

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams