Create a public load balancer with IPv6 using Azure CLI

An Azure load balancer is a Layer-4 (TCP, UDP) load balancer. Load balancers provide high availability by distributing incoming traffic among healthy service instances in cloud services or virtual machines in a load balancer set. Load balancers can also present these services on multiple ports or multiple IP addresses or both.

Example deployment scenario

The following diagram illustrates the load balancing solution that's deployed by using the example template described in this article.

Load balancer scenario

In this scenario, you create the following Azure resources:

  • Two virtual machines (VMs)
  • A virtual network interface for each VM with both IPv4 and IPv6 addresses assigned
  • A public load balancer with an IPv4 and an IPv6 public IP address
  • An availability set that contains the two VMs
  • Two load balancing rules to map the public VIPs to the private endpoints

Deploy the solution by using Azure CLI

The following steps show how to create a public load balancer by using Azure CLI. Using CLI, you create and configure each object individually, and then put them together to create a resource.

To deploy a load balancer, create and configure the following objects:

  • Front-end IP configuration: Contains public IP addresses for incoming network traffic.
  • Back-end address pool: Contains network interfaces (NICs) for the virtual machines to receive network traffic from the load balancer.
  • Load balancing rules: Contains rules that map a public port on the load balancer to a port in the back-end address pool.
  • Inbound NAT rules: Contains network address translation (NAT) rules that map a public port on the load balancer to a port for a specific virtual machine in the back-end address pool.
  • Probes: Contains health probes that are used to check the availability of virtual machine instances in the back-end address pool.

Set up Azure CLI

In this example, you run the Azure CLI tools in a PowerShell command window. To improve readability and reuse, you use PowerShell's scripting capabilities, not the Azure PowerShell cmdlets.

  1. Install and Configure the Azure CLI by following the steps in the linked article and sign in to your Azure account.

  2. Set up PowerShell variables for use with the Azure CLI commands:

    $subscriptionid = "########-####-####-####-############"  # enter subscription id
    $location = "southcentralus"
    $rgName = "pscontosorg1southctrlus09152016"
    $vnetName = "contosoIPv4Vnet"
    $vnetPrefix = "10.0.0.0/16"
    $subnet1Name = "clicontosoIPv4Subnet1"
    $subnet1Prefix = "10.0.0.0/24"
    $subnet2Name = "clicontosoIPv4Subnet2"
    $subnet2Prefix = "10.0.1.0/24"
    $dnsLabel = "contoso09152016"
    $lbName = "myIPv4IPv6Lb"
    

Create a resource group, a load balancer, a virtual network, and subnets

  1. Create a resource group:

    az group create --name $rgName --location $location
    
  2. Create a load balancer:

    $lb = az network lb create --resource-group $rgname --location $location --name $lbName
    
  3. Create a virtual network:

    $vnet = az network vnet create  --resource-group $rgname --name $vnetName --location $location --address-prefixes $vnetPrefix
    
  4. In this virtual network, create two subnets:

    $subnet1 = az network vnet subnet create --resource-group $rgname --name $subnet1Name --address-prefix $subnet1Prefix --vnet-name $vnetName
    $subnet2 = az network vnet subnet create --resource-group $rgname --name $subnet2Name --address-prefix $subnet2Prefix --vnet-name $vnetName
    

Create public IP addresses for the front-end pool

  1. Set up the PowerShell variables:

    $publicIpv4Name = "myIPv4Vip"
    $publicIpv6Name = "myIPv6Vip"
    
  2. Create a public IP address for the front-end IP pool:

    $publicipV4 = az network public-ip create --resource-group $rgname --name $publicIpv4Name --location $location --version IPv4 --allocation-method Dynamic --dns-name $dnsLabel
    $publicipV6 = az network public-ip create --resource-group $rgname --name $publicIpv6Name --location $location --version IPv6 --allocation-method Dynamic --dns-name $dnsLabel
    

    Important

    The load balancer uses the domain label of the public IP as its fully qualified domain name (FQDN). This a change from classic deployment, which uses the cloud service name as the load balancer FQDN.

    In this example, the FQDN is contoso09152016.southcentralus.cloudapp.azure.com.

Create front-end and back-end pools

In this section, you create the following IP pools:

  • The front-end IP pool that receives the incoming network traffic on the load balancer.
  • The back-end IP pool where the front-end pool sends the load-balanced network traffic.
  1. Set up the PowerShell variables:

    $frontendV4Name = "FrontendVipIPv4"
    $frontendV6Name = "FrontendVipIPv6"
    $backendAddressPoolV4Name = "BackendPoolIPv4"
    $backendAddressPoolV6Name = "BackendPoolIPv6"
    
  2. Create a front-end IP pool, and associate it with the public IP that you created in the previous step and the load balancer.

    $frontendV4 = az network lb frontend-ip create --resource-group $rgname --name $frontendV4Name --public-ip-address $publicIpv4Name --lb-name $lbName
    $frontendV6 = az network lb frontend-ip create --resource-group $rgname --name $frontendV6Name --public-ip-address $publicIpv6Name --lb-name $lbName
    $backendAddressPoolV4 = az network lb address-pool create --resource-group $rgname --name $backendAddressPoolV4Name --lb-name $lbName
    $backendAddressPoolV6 = az network lb address-pool create --resource-group $rgname --name $backendAddressPoolV6Name --lb-name $lbName
    

Create the probe, NAT rules, and load balancer rules

This example creates the following items:

  • A probe rule to check for connectivity to TCP port 80.
  • A NAT rule to translate all incoming traffic on port 3389 to port 3389 for RDP.*
  • A NAT rule to translate all incoming traffic on port 3391 to port 3389 for remote desktop protocol (RDP).*
  • A load balancer rule to balance all incoming traffic on port 80 to port 80 on the addresses in the back-end pool.

* NAT rules are associated with a specific virtual-machine instance behind the load balancer. The network traffic that arrives on port 3389 is sent to the specific virtual machine and port that's associated with the NAT rule. You must specify a protocol (UDP or TCP) for a NAT rule. You cannot assign both protocols to the same port.

  1. Set up the PowerShell variables:

    $probeV4V6Name = "ProbeForIPv4AndIPv6"
    $natRule1V4Name = "NatRule-For-Rdp-VM1"
    $natRule2V4Name = "NatRule-For-Rdp-VM2"
    $lbRule1V4Name = "LBRuleForIPv4-Port80"
    $lbRule1V6Name = "LBRuleForIPv6-Port80"
    
  2. Create the probe.

    The following example creates a TCP probe that checks for connectivity to the back-end TCP port 80 every 15 seconds. After two consecutive failures, it marks the back-end resource as unavailable.

    $probeV4V6 = az network lb probe create --resource-group $rgname --name $probeV4V6Name --protocol tcp --port 80 --interval 15 --threshold 2 --lb-name $lbName
    
  3. Create inbound NAT rules that allow RDP connections to the back-end resources:

    $inboundNatRuleRdp1 = az network lb inbound-nat-rule create --resource-group $rgname --name $natRule1V4Name --frontend-ip-name $frontendV4Name --protocol Tcp --frontend-port 3389 --backend-port 3389 --lb-name $lbName
    $inboundNatRuleRdp2 = az network lb inbound-nat-rule create --resource-group $rgname --name $natRule2V4Name --frontend-ip-name $frontendV4Name --protocol Tcp --frontend-port 3391 --backend-port 3389 --lb-name $lbName
    
  4. Create load balancer rules that send traffic to different back-end ports, depending on the front end that received the request.

    $lbruleIPv4 = az network lb rule create --resource-group $rgname --name $lbRule1V4Name --frontend-ip-name $frontendV4Name --backend-pool-name $backendAddressPoolV4Name --probe-name $probeV4V6Name --protocol Tcp --frontend-port 80 --backend-port 80 --lb-name $lbName
    $lbruleIPv6 = az network lb rule create --resource-group $rgname --name $lbRule1V6Name --frontend-ip-name $frontendV6Name --backend-pool-name $backendAddressPoolV6Name --probe-name $probeV4V6Name --protocol Tcp --frontend-port 80 --backend-port 8080 --lb-name $lbName
    
  5. Check your settings:

    az network lb show --resource-group $rgName --name $lbName
    

    Expected output:

     info:    Executing command network lb show
     info:    Looking up the load balancer "myIPv4IPv6Lb"
     data:    Id                              : /subscriptions/########-####-####-####-############/resourceGroups/pscontosorg1southctrlus09152016/providers/Microsoft.Network/loadBalancers/myIPv4IPv6Lb
     data:    Name                            : myIPv4IPv6Lb
     data:    Type                            : Microsoft.Network/loadBalancers
     data:    Location                        : southcentralus
     data:    Provisioning state              : Succeeded
     data:
     data:    Frontend IP configurations:
     data:    Name             Provisioning state  Private IP allocation  Private IP   Subnet  Public IP
     data:    ---------------  ------------------  ---------------------  -----------  ------  ---------
     data:    FrontendVipIPv4  Succeeded           Dynamic                                     myIPv4Vip
     data:    FrontendVipIPv6  Succeeded           Dynamic                                     myIPv6Vip
     data:
     data:    Probes:
     data:    Name                 Provisioning state  Protocol  Port  Path  Interval  Count
     data:    -------------------  ------------------  --------  ----  ----  --------  -----
     data:    ProbeForIPv4AndIPv6  Succeeded           Tcp       80          15        2
     data:
     data:    Backend Address Pools:
     data:    Name             Provisioning state
     data:    ---------------  ------------------
     data:    BackendPoolIPv4  Succeeded
     data:    BackendPoolIPv6  Succeeded
     data:
     data:    Load Balancing Rules:
     data:    Name                  Provisioning state  Load distribution  Protocol  Frontend port  Backend port  Enable floating IP  Idle timeout in minutes
     data:    --------------------  ------------------  -----------------  --------  -------------  ------------  ------------------  -----------------------
     data:    LBRuleForIPv4-Port80  Succeeded           Default            Tcp       80             80            false               4
     data:    LBRuleForIPv6-Port80  Succeeded           Default            Tcp       80             8080          false               4
     data:
     data:    Inbound NAT Rules:
     data:    Name                 Provisioning state  Protocol  Frontend port  Backend port  Enable floating IP  Idle timeout in minutes
     data:    -------------------  ------------------  --------  -------------  ------------  ------------------  -----------------------
     data:    NatRule-For-Rdp-VM1  Succeeded           Tcp       3389           3389          false               4
     data:    NatRule-For-Rdp-VM2  Succeeded           Tcp       3391           3389          false               4
     info:    network lb show
    

Create NICs

Create NICs and associate them with NAT rules, load balancer rules, and probes.

  1. Set up the PowerShell variables:

    $nic1Name = "myIPv4IPv6Nic1"
    $nic2Name = "myIPv4IPv6Nic2"
    $subnet1Id = "/subscriptions/$subscriptionid/resourceGroups/$rgName/providers/Microsoft.Network/VirtualNetworks/$vnetName/subnets/$subnet1Name"
    $subnet2Id = "/subscriptions/$subscriptionid/resourceGroups/$rgName/providers/Microsoft.Network/VirtualNetworks/$vnetName/subnets/$subnet2Name"
    $backendAddressPoolV4Id = "/subscriptions/$subscriptionid/resourceGroups/$rgname/providers/Microsoft.Network/loadbalancers/$lbName/backendAddressPools/$backendAddressPoolV4Name"
    $backendAddressPoolV6Id = "/subscriptions/$subscriptionid/resourceGroups/$rgname/providers/Microsoft.Network/loadbalancers/$lbName/backendAddressPools/$backendAddressPoolV6Name"
    $natRule1V4Id = "/subscriptions/$subscriptionid/resourceGroups/$rgname/providers/Microsoft.Network/loadbalancers/$lbName/inboundNatRules/$natRule1V4Name"
    $natRule2V4Id = "/subscriptions/$subscriptionid/resourceGroups/$rgname/providers/Microsoft.Network/loadbalancers/$lbName/inboundNatRules/$natRule2V4Name"
    
  2. Create a NIC for each back end, and add an IPv6 configuration:

    $nic1 = az network nic create --name $nic1Name --resource-group $rgname --location $location --private-ip-address-version "IPv4" --subnet $subnet1Id --lb-address-pools $backendAddressPoolV4Id --lb-inbound-nat-rules $natRule1V4Id
    $nic1IPv6 = az network nic ip-config create --resource-group $rgname --name "IPv6IPConfig" --private-ip-address-version "IPv6" --lb-address-pools $backendAddressPoolV6Id --nic-name $nic1Name
    
    $nic2 = az network nic create --name $nic2Name --resource-group $rgname --location $location --private-ip-address-version "IPv4" --subnet $subnet2Id --lb-address-pools $backendAddressPoolV4Id --lb-inbound-nat-rules $natRule2V4Id
    $nic2IPv6 = az network nic ip-config create --resource-group $rgname --name "IPv6IPConfig" --private-ip-address-version "IPv6" --lb-address-pools $backendAddressPoolV6Id --nic-name $nic2Name
    

Create the back-end VM resources, and attach each NIC

To create VMs, you must have a storage account. For load balancing, the VMs need to be members of an availability set. For more information about creating VMs, see Create an Azure VM by using PowerShell.

  1. Set up the PowerShell variables:

    $availabilitySetName = "myIPv4IPv6AvailabilitySet"
    $vm1Name = "myIPv4IPv6VM1"
    $vm2Name = "myIPv4IPv6VM2"
    $nic1Id = "/subscriptions/$subscriptionid/resourceGroups/$rgname/providers/Microsoft.Network/networkInterfaces/$nic1Name"
    $nic2Id = "/subscriptions/$subscriptionid/resourceGroups/$rgname/providers/Microsoft.Network/networkInterfaces/$nic2Name"
    $imageurn = "MicrosoftWindowsServer:WindowsServer:2012-R2-Datacenter:latest"
    $vmUserName = "vmUser"
    $mySecurePassword = "PlainTextPassword*1"
    

    Warning

    This example uses the username and password for the VMs in cleartext. Take appropriate care when you use these credentials in cleartext. For a more secure method of handling credentials in PowerShell, see the Get-Credential cmdlet.

  2. Create the availability set:

    $availabilitySet = az vm availability-set create --name $availabilitySetName --resource-group $rgName --location $location
    
  3. Create the virtual machines with the associated NICs:

     az vm create --resource-group $rgname --name $vm1Name --image $imageurn --admin-username $vmUserName --admin-password $mySecurePassword --nics $nic1Id --location $location --availability-set $availabilitySetName --size "Standard_A1" 
    
     az vm create --resource-group $rgname --name $vm2Name --image $imageurn --admin-username $vmUserName --admin-password $mySecurePassword --nics $nic2Id --location $location --availability-set $availabilitySetName --size "Standard_A1" 
    

Next steps

Get started configuring an internal load balancer
Configure a load balancer distribution mode
Configure idle TCP timeout settings for your load balancer