What is Azure Load Balancer?
Load balancing refers to evenly distributing load (incoming network traffic) across a group of backend resources or servers.
Azure Load Balancer operates at layer four of the Open Systems Interconnection (OSI) model. It's the single point of contact for clients. Load Balancer distributes inbound flows that arrive at the load balancer's front end to backend pool instances. These flows are according to configured load balancing rules and health probes. The backend pool instances can be Azure Virtual Machines or instances in a virtual machine scale set.
A public load balancer can provide outbound connections for virtual machines (VMs) inside your virtual network. These connections are accomplished by translating their private IP addresses to public IP addresses. Public Load Balancers are used to load balance internet traffic to your VMs.
An internal (or private) load balancer is used where private IPs are needed at the frontend only. Internal load balancers are used to load balance traffic inside a virtual network. A load balancer frontend can be accessed from an on-premises network in a hybrid scenario.
Figure: Balancing multi-tier applications by using both public and internal Load Balancer
For more information on the individual load balancer components, see Azure Load Balancer components.
Why use Azure Load Balancer?
With Standard Load Balancer, you can scale your applications and create highly available services. Load balancer supports both inbound and outbound scenarios. Load balancer provides low latency and high throughput, and scales up to millions of flows for all TCP and UDP applications.
Key scenarios that you can accomplish using Standard Load Balancer include:
Configure outbound connectivity for Azure virtual machines.
Use health probes to monitor load-balanced resources.
Employ port forwarding to access virtual machines in a virtual network by public IP address and port.
Standard Load Balancer provides multi-dimensional metrics through Azure Monitor. These metrics can be filtered, grouped, and broken out for a given dimension. They provide current and historic insights into performance and health of your service. Resource Health is also supported. Review Standard Load Balancer Diagnostics for more details.
Load balance services on multiple ports, multiple IP addresses, or both.
Load balance TCP and UDP flow on all ports simultaneously using HA ports.
Secure by default
Standard Load Balancer is built on the zero trust network security model at its core. Standard Load Balancer secure by default and is part of your virtual network. The virtual network is a private and isolated network. This means Standard Load Balancers and Standard Public IP addresses are closed to inbound flows unless opened by Network Security Groups. NSGs are used to explicitly permit allowed traffic. If you do not have an NSG on a subnet or NIC of your virtual machine resource, traffic is not allowed to reach this resource. To learn more about NSGs and how to apply them for your scenario, see Network Security Groups. Basic Load Balancer is open to the internet by default. In addition, Load Balancer does not store customer data.
Pricing and SLA
See Upgrade a Basic Load Balancer to upgrade Basic Load Balancer to Standard Load Balancer.
See Create a public Standard Load Balancer to get started with using a Load Balancer.
For an Azure load balancing options comparison, see Overview of load-balancing options in Azure.