Tutorial / Cram Notes
Load balancers distribute incoming network traffic across a group of backend resources or services, which are typically virtual machines (VMs). Azure offers two types of load balancers: internal (private) and public. An internal load balancer will distribute traffic within a private network, whereas a public load balancer will distribute incoming Internet traffic to your VMs.
Internal vs. Public Load Balancer:
| Feature | Internal Load Balancer | Public Load Balancer |
|---|---|---|
| IP Address | Private IP from the VNet address space | Public IP Address |
| Scope | Within VNet or interconnected VNets | Internet to VMs |
| Access Control | Network Security Groups (NSGs) | NSGs and optionally, by using DDoS Protection |
| Use Case | Intra-application or cross-tier traffic | Internet-facing applications |
Configuring an Azure Load Balancer:
Step 1: Determine the type of load balancer required
Before creating a load balancer, decide whether you need a public or an internal load balancer based on the nature of your application or service.
Step 2: Create a Resource Group
A resource group is a container that holds related resources for an Azure solution. You can create a new resource group or use an existing one.
Step 3: Create a Load Balancer
Navigate to the Azure portal, select “Create a resource,” search for “Load balancer,” and choose “Create.”
- For a Public Load Balancer:
- Specify a unique name.
- Choose “Public” for the type.
- Select the appropriate subscription and resource group.
- Choose the region where your resources are located.
- Create a new public IP address or use an existing one.
- For an Internal Load Balancer:
- Follow the same steps as above, but choose “Internal” for the type.
- Specify the Virtual Network and subnet within which the load balancer will operate.
Step 4: Configure Backend Pool
After creating the load balancer, you need to define the backend pool:
- Go to the load balancer resource in the Azure portal.
- Under “Settings,” find “Backend pools” and add a new pool.
- Add your VMs or VM scale sets to the pool.
Step 5: Set Up Health Probes
Health probes check the status of your VM instances. If an instance is deemed unhealthy, the load balancer will stop sending traffic to it until it’s healthy again.
- Under “Settings” in your load balancer, find “Health probes” and add a new probe.
- Define the protocol, port, and interval for health checks.
Step 6: Create Load Balancing Rules
Load balancing rules define how traffic is distributed to the VMs:
- In “Settings” for the load balancer, choose “Load balancing rules.”
- Create a new rule and specify front-end IP configuration (public or private), protocol, port, backend pool, health probe, and session persistence if necessary.
Step 7: Configure Network Security Group (NSG) Rules
Set up NSG rules to allow or deny traffic to VMs:
- Navigate to the NSG associated with your VM network interface or subnet.
- Configure inbound and outbound security rules that align with your load balancing rules.
Step 8: Test the Load Balancer
After configuration, test the load balancer to ensure it is correctly distributing traffic:
- Use tools like curl or wget to test the endpoints.
- Verify traffic is balanced across the backend pool instances.
Step 9: Monitoring and Management
Lastly, monitor your load balancer to ensure it is performing optimally. Azure Monitor and Log Analytics can provide insights into health and metrics.
Configure an Azure load balancer with careful planning and testing to ensure it supports your application’s needs and resilience requirements. Whether you are using a public load balancer for internet-facing applications or an internal load balancer for traffic within a VNet, the above steps will guide you through the process of setting up a foundational element for your Azure infrastructure.
Practice Test with Explanation
True or False: Azure Load Balancer can only be configured for TCP and UDP protocols.
- Answer: False
Explanation: Azure Load Balancer supports both TCP and UDP protocols, as well as other protocols such as HTTP and HTTPS when used with an Application Gateway.
An Azure Internal Load Balancer (ILB) is accessible from:
- A. The internet
- B. Virtual Network
- C. On-premises network through VPN or ExpressRoute
- D. Both B and C
Answer: D
Explanation: An Azure Internal Load Balancer (ILB) is designed to balance traffic within a virtual network (VNet) and can also be accessed from an on-premises network via VPN or ExpressRoute.
True or False: When you set up a Load Balancer, you must always create a new public IP address.
- Answer: False
Explanation: Azure allows you to use an existing public IP address when configuring a Load Balancer. You are not required to create a new one every time.
What is the maximum number of instances that an Azure Load Balancer backend pool can contain when deploying a Standard Load Balancer?
- A. 100
- B. 400
- C. 500
- D. 1000
Answer: C
Explanation: A Standard Azure Load Balancer can support up to 1000 instances in its backend pool, offering higher scale than the Basic Load Balancer.
True or False: You can use Azure Load Balancer to distribute traffic to virtual machines across different regions.
- Answer: False
Explanation: Azure Load Balancer operates at the regional level and cannot distribute traffic across different regions. For global traffic distribution, Azure Traffic Manager or Azure Front Door Service could be used instead.
Which feature of Azure Load Balancer can be used to distribute traffic based on source IP address and port, to a specific destination IP address and port?
- A. Backend pools
- B. Health probes
- C. NAT rules
- D. Load balancing rules
Answer: C
Explanation: NAT rules (Network Address Translation) can be used to forward traffic from a specific source IP address and port to a specific destination IP address and port.
True or False: Azure’s internal load balancer can be assigned both public and private IP addresses.
- Answer: False
Explanation: Azure’s internal load balancer is intended only for internal traffic, and therefore, can only be assigned a private IP address within the Virtual Network.
What is the purpose of health probes in Azure Load Balancer configuration?
- A. To balance the load equally
- B. To monitor the response time of VMs
- C. To manage traffic priorities
- D. To determine the health of backend resources
Answer: D
Explanation: Health probes are used to determine the health of backend resources. If a probe fails, Load Balancer stops sending traffic to the unhealthy instance.
In the context of Azure Load Balancers, what is the primary difference between Basic and Standard SKUs?
- A. Standard SKU offers higher performance than Basic.
- B. Basic SKU supports more instances than Standard.
- C. Standard SKU has a broader range of features and is zone-redundant.
- D. Basic SKU can be used with Application Gateway, while Standard cannot.
Answer: C
Explanation: Standard SKU provides a broader range of features than Basic, including improved performance, diagnostics, and availability. It is also zone-redundant, offering high availability across Availability Zones.
True or False: Azure Load Balancer requires a separate probe for each backend pool.
- Answer: False
Explanation: A single health probe can be used for multiple backend pools in Azure Load Balancer, as long as the health check requirements are the same for all backend instances.
Which type of Azure Load Balancer is recommended for outbound connectivity scenarios?
- A. Internal Load Balancer
- B. Public Load Balancer
- C. Both can be used
- D. Neither should be used for outbound connectivity
Answer: B
Explanation: A Public Load Balancer is recommended for outbound connectivity scenarios because it allows resources in the VNet to communicate out to the internet.
Interview Questions
What is Azure Load Balancer?
Azure Load Balancer is a Layer-4 (TCP/UDP) load balancer service that distributes incoming traffic among healthy instances of services defined in a load-balanced set.
What are the types of Load Balancers in Azure?
There are two types of Load Balancers in Azure Public and Internal.
What is the difference between Public and Internal Load Balancer?
Public Load Balancer is used to balance incoming Internet traffic, whereas Internal Load Balancer is used to balance traffic within a Virtual Network (VNet).
How do you create an internal load balancer?
You can create an internal load balancer by selecting the internal option in the Azure portal when creating a basic load balancer resource.
What is the use of a health probe in load balancing?
A health probe is used to check the health of the backend instances in the load-balanced set. If an instance is not responding to the probe, it is marked as unhealthy and traffic is not routed to it.
What is a load-balanced set in Azure?
A load-balanced set is a collection of backend instances that are associated with a load balancer to distribute incoming traffic.
How do you configure a load-balanced set?
You can configure a load-balanced set by adding backend instances to it, configuring health probes, and configuring load-balancing rules in the Azure portal.
What is the difference between a Basic and a Standard Load Balancer?
Basic Load Balancer is a lower-cost, lower-capacity, and regional service that provides basic load-balancing functionality. Standard Load Balancer is a global service that provides additional features such as cross-region load balancing, SSL offloading, and high availability.
What is the purpose of a load-balancing rule in Azure?
A load-balancing rule is used to specify how incoming traffic should be distributed to the backend instances in a load-balanced set, based on the source and destination IP addresses, ports, and protocols.
What is the purpose of a NAT rule in an Azure Load Balancer?
A NAT rule is used to map a public IP address and port to a private IP address and port, to enable traffic to reach a specific backend instance.
How can you configure a public IP address for a Load Balancer?
You can configure a public IP address for a Load Balancer by creating a public IP resource and associating it with the Load Balancer resource.
How do you create a Standard Load Balancer in Azure?
You can create a Standard Load Balancer in Azure by selecting the Standard option in the Azure portal when creating a load balancer resource.
How do you enable SSL offloading in a Standard Load Balancer?
You can enable SSL offloading in a Standard Load Balancer by configuring an SSL certificate and a backend server authentication certificate.
What is the purpose of a backend pool in an Azure Load Balancer?
A backend pool is a collection of backend instances that are associated with a load-balancing rule, and used to distribute incoming traffic based on the load-balancing rule configuration.
What is the difference between TCP and UDP load balancing?
TCP load balancing is used for protocols that require a reliable connection, such as HTTP and HTTPS, whereas UDP load balancing is used for protocols that do not require a reliable connection, such as DNS and SIP.
I am preparing for my AZ-104 exam and I found the Azure load balancer configurations pretty confusing. Any tips?
For the AZ-104 exam, how important is it to know about the diagnostic settings for load balancers?
Great blog post! Very informative.
Does anyone know if the load balancer SKU selection impacts the cost?
Appreciate the detailed explanation on configuring load balancers!
The subnet and network security group (NSG) configurations seem really complex when setting up an internal load balancer.
Found the section on setting up a public load balancer extremely useful. Cleared a lot of my doubts.
I think more examples on configuring health probes would be beneficial.