Create an internal load balancer by using the Azure CLI

Important

Azure Load Balancer supports two different types: Basic and Standard. This article discusses Basic Load Balancer. Although Basic Load Balancer is generally available, Standard Load Balancer is currently in public preview. For more information about Standard Load Balancer, see Standard Load Balancer overview.

Azure Internal Load Balancer (ILB) provides network load balancing between virtual machines that reside inside a cloud service or a virtual network with a regional scope.

For information about the use and configuration of virtual networks with a regional scope, see Regional virtual networks. Existing virtual networks that have been configured for an affinity group cannot use ILB.

Configuration scenario

In this scenario, we're creating an internal load balancer in a virtual network as shown in the following figure:

Internal load balancer scenario

The configuration for our scenario is as follows:

  • Two virtual machines named DB1 and DB2
  • Endpoints for the internal load balancer
  • An internal load balancer

Deploy the solution by using the Azure CLI

The following steps show how to create an Internet-facing load balancer by using Azure Resource Manager with CLI. With Azure Resource Manager, each resource is created and configured individually, and then put together to create a resource.

You need to create and configure the following objects to deploy a load balancer:

  • Front-end IP configuration: contains public IP addresses for incoming network traffic
  • Back-end address pool: contains network interfaces (NICs) that enable the virtual machines to receive network traffic from the load balancer
  • Load-balancing rules: contains rules that map a public port on the load balancer to port in the back-end address pool
  • Inbound NAT rules: contains rules that map a public port on the load balancer to a port for a specific virtual machine in the back-end address pool
  • Probes: contains health probes that are used to check the availability of virtual machines instances in the back-end address pool

For more information, see Azure Resource Manager support for Load Balancer.

Set up CLI to use Resource Manager

  1. If you have never used Azure CLI, see Install and configure the Azure CLI. Follow the instructions up to the point where you select your Azure account and subscription.
  2. Run the azure config mode command to switch to Resource Manager mode, as follows:

    azure config mode arm
    

    Expected output:

     info:    New mode is arm
    

Create an internal load balancer step by step

  1. Sign in to Azure.

    azure login
    

    When prompted, enter your Azure credentials.

  2. Change the command tools to Azure Resource Manager mode.

    azure config mode arm
    

Create a resource group

All resources in Azure Resource Manager are associated with a resource group. If you haven't done so yet, create a resource group.

azure group create <resource group name> <location>

Create an internal load balancer set

  1. Create an internal load balancer

    In the following scenario, a resource group named nrprg is created in East US region.

    azure network lb create --name nrprg --location eastus
    

    Note

    All resources for an internal load balancers, such as virtual networks and virtual network subnets, must be in the same resource group and in the same region.

  2. Create a front-end IP address for the internal load balancer.

    The IP address that you use must be within the subnet range of your virtual network.

    azure network lb frontend-ip create --resource-group nrprg --lb-name ilbset --name feilb --private-ip-address 10.0.0.7 --subnet-name nrpvnetsubnet --subnet-vnet-name nrpvnet
    
  3. Create the back-end address pool.

    azure network lb address-pool create --resource-group nrprg --lb-name ilbset --name beilb
    

    After you define a front-end IP address and a back-end address pool, you can create load balancer rules, inbound NAT rules, and customized health probes.

  4. Create a load balancer rule for the internal load balancer.

    When you follow the previous steps, the command creates a load-balancer rule for listening to port 1433 in the front-end pool and sending load-balanced network traffic to the back-end address pool, also using port 1433.

    azure network lb rule create --resource-group nrprg --lb-name ilbset --name ilbrule --protocol tcp --frontend-port 1433 --backend-port 1433 --frontend-ip-name feilb --backend-address-pool-name beilb
    
  5. Create inbound NAT rules.

    Inbound NAT rules are used to create endpoints in a load balancer that go to a specific virtual machine instance. The previous steps created two NAT rules for remote desktop.

    azure network lb inbound-nat-rule create --resource-group nrprg --lb-name ilbset --name NATrule1 --protocol TCP --frontend-port 5432 --backend-port 3389
    
    azure network lb inbound-nat-rule create --resource-group nrprg --lb-name ilbset --name NATrule2 --protocol TCP --frontend-port 5433 --backend-port 3389
    
  6. Create health probes for the load balancer.

    A health probe checks all virtual machine instances to make sure they can send network traffic. The virtual machine instance with failed probe checks is removed from the load balancer until it goes back online and a probe check determines that it's healthy.

    azure network lb probe create --resource-group nrprg --lb-name ilbset --name ilbprobe --protocol tcp --interval 300 --count 4
    

    Note

    The Microsoft Azure platform uses a static, publicly routable IPv4 address for a variety of administrative scenarios. The IP address is 168.63.129.16. This IP address should not be blocked by any firewalls, because this can cause unexpected behavior. With respect to Azure internal load balancing, this IP address is used by monitoring probes from the load balancer to determine the health state for virtual machines in a load-balanced set. If a network security group is used to restrict traffic to Azure virtual machines in an internally load-balanced set or is applied to a virtual network subnet, ensure that a network security rule is added to allow traffic from 168.63.129.16.

Create NICs

You need to create NICs (or modify existing ones) and associate them to NAT rules, load balancer rules, and probes.

  1. Create an NIC named lb-nic1-be, and then associate it with the rdp1 NAT rule and the beilb back-end address pool.

    azure network nic create --resource-group nrprg --name lb-nic1-be --subnet-name nrpvnetsubnet --subnet-vnet-name nrpvnet --lb-address-pool-ids "/subscriptions/####################################/resourceGroups/nrprg/providers/Microsoft.Network/loadBalancers/nrplb/backendAddressPools/beilb" --lb-inbound-nat-rule-ids "/subscriptions/####################################/resourceGroups/nrprg/providers/Microsoft.Network/loadBalancers/nrplb/inboundNatRules/rdp1" --location eastus
    

    Expected output:

     info:    Executing command network nic create
     + Looking up the network interface "lb-nic1-be"
     + Looking up the subnet "nrpvnetsubnet"
     + Creating network interface "lb-nic1-be"
     + Looking up the network interface "lb-nic1-be"
     data:    Id                              : /subscriptions/####################################/resourceGroups/nrprg/providers/Microsoft.Network/networkInterfaces/lb-nic1-be
     data:    Name                            : lb-nic1-be
     data:    Type                            : Microsoft.Network/networkInterfaces
     data:    Location                        : eastus
     data:    Provisioning state              : Succeeded
     data:    Enable IP forwarding            : false
     data:    IP configurations:
     data:      Name                          : NIC-config
     data:      Provisioning state            : Succeeded
     data:      Private IP address            : 10.0.0.4
     data:      Private IP Allocation Method  : Dynamic
     data:      Subnet                        : /subscriptions/####################################/resourceGroups/NRPRG/providers/Microsoft.Network/virtualNetworks/NRPVnet/subnets/NRPVnetSubnet
     data:      Load balancer backend address pools
     data:        Id                          : /subscriptions/####################################/resourceGroups/nrprg/providers/Microsoft.Network/loadBalancers/nrplb/backendAddressPools/NRPbackendpool
     data:      Load balancer inbound NAT rules:
     data:        Id                          : /subscriptions/####################################/resourceGroups/nrprg/providers/Microsoft.Network/loadBalancers/nrplb/inboundNatRules/rdp1
     data:
     info:    network nic create command OK
    
  2. Create an NIC named lb-nic2-be, and then associate it with the rdp2 NAT rule and the beilb back-end address pool.

    azure network nic create --resource-group nrprg --name lb-nic2-be --subnet-name nrpvnetsubnet --subnet-vnet-name nrpvnet --lb-address-pool-ids "/subscriptions/####################################/resourceGroups/nrprg/providers/Microsoft.Network/loadBalancers/nrplb/backendAddressPools/beilb" --lb-inbound-nat-rule-ids "/subscriptions/####################################/resourceGroups/nrprg/providers/Microsoft.Network/loadBalancers/nrplb/inboundNatRules/rdp2" --location eastus
    
  3. Create a virtual machine named DB1, and then associate it with the NIC named lb-nic1-be. A storage account called web1nrp is created before the following command runs:

    azure vm create --resource--resource-grouproup nrprg --name DB1 --location eastus --vnet-name nrpvnet --vnet-subnet-name nrpvnetsubnet --nic-name lb-nic1-be --availset-name nrp-avset --storage-account-name web1nrp --os-type Windows --image-urn MicrosoftWindowsServer:WindowsServer:2012-R2-Datacenter:4.0.20150825
    

    Important

    VMs in a load balancer need to be in the same availability set. Use azure availset create to create an availability set.

  4. Create a virtual machine (VM) named DB2, and then associate it with the NIC named lb-nic2-be. A storage account called web1nrp was created before running the following command.

    azure vm create --resource--resource-grouproup nrprg --name DB2 --location eastus --vnet-name nrpvnet --vnet-subnet-name nrpvnetsubnet --nic-name lb-nic2-be --availset-name nrp-avset --storage-account-name web2nrp --os-type Windows --image-urn MicrosoftWindowsServer:WindowsServer:2012-R2-Datacenter:4.0.20150825
    

Delete a load balancer

To remove a load balancer, use the following command:

azure network lb delete --resource-group nrprg --name ilbset

Next steps

Configure a load balancer distribution mode by using source IP affinity

Configure idle TCP timeout settings for your load balancer