Azure Load Balancer

Azure Load Balancer

Last updated on July 3, 2023

Azure Load Balancer Cheat Sheet

  • Distributes incoming network traffic across multiple targets.
  • Allows you to route traffic based on source IP address and port to a destination IP address and port.

Features

  • The load balancer supports TCP/UDP-based protocols.
  • Scales automatically as traffic increases.
  • The load-balancing decision is based on the following tuple connection:
    • Source IP address and port
    • Destination IP address and port
    • Protocol
  • NAT allows you to control the inbound and outbound network traffic.
    • Inbound rules –  traffic allowed to a specific virtual machine or instance in the backend pool.
    • Outbound rules – enable all resources to communicate to the Internet.
  • Control the flow of traffic inside your private virtual network using an internal load balancer.
  • Tutorials dojo strip
  • You can use a public load balancer to allow outbound connections for your virtual machines.
  • Azure Load Balancer supports IPv6.
  • Load balancer tiers: Basic and Standard

Concepts

  • A group of VMs or instances in a VM scale set serving the incoming request is called backend pool.
  • Determine the health status of backend pool instances with health probes. 
    • Health probe down behavior – if the probes in a backend pool fail, it will stop receiving traffic until it starts passing health probes again.
  • Standard load balancer availability zones:
    • Zonal = single zone
    • Zone-redundant = multiple zones
  • Use Azure Monitor to check the metrics, alerts, and resource health of Azure Load Balancer.
  • High Availability (HA) ports enable load balancing on all ports of TCP and UDP protocols.
  • With multiple frontends, you can load balance services on multiple ports and multiple IP addresses.
  • SLA guarantees that two or more healthy VMS will always be available.

Details

Basic Load Balancer

Standard Load Balancer

Backend pool size

Supports up to 300 instances.

Supports up to 1000 instances.

Backend pool endpoints

A single availability set for VMs or VM scale set.

A single virtual network for any VMs or VM scale sets.

Health probes

TCP, HTTP

TCP, HTTP, HTTPS

Health probe down behavior

TCP connections stay alive on an instance probe down. All TCP connections terminate when all probes are down.

TCP connections stay alive on an instance probe down and on all probes down.

Availability Zones

Not available

Zone-redundant and zonal frontends for inbound and outbound traffic.

Diagnostics

Azure Monitor logs

Azure Monitor multi-dimensional metrics

HA Ports

Not available

Available for Internal Load Balancer

Secure by default

Open by default. Network security group optional.

Closed to inbound flows unless allowed by a network security group. Please note that internal traffic from the VNet to the internal load balancer is allowed.

Outbound Rules

Not available

Declarative outbound NAT configuration

TCP Reset on Idle

Not available

Available on any rule

Multiple frontends

Inbound only

Inbound and outbound

Management Operations

60-90+ seconds typical

Most operations < 30 seconds

SLA

Not available

99.99%

  • Frontend IP configuration
    • Public load balancer = public IP address
    • Internal load balancer = private IP address
  • Backend pools
    • The resources in the backend pool come from a single virtual network.
    • You can associate the backend pool to a VM or VM scale set.
  • Load Balancing Rules
    • A load balancing rule distributes the incoming traffic to the resources in the backend pool.
    • The IP version you can select is between IPv4 and IPv6.
    • You can only assign a frontend IP address that has one public IP address.
    • Select between TCP and UDP protocols.
    • Health probes can determine which VMs in the backend pool can receive the load-balanced traffic.
    • Session persistence maintains the traffic from a client to the same virtual machine.
      • None – any virtual machine can handle successive requests from the same client.
      • Client IP – the same virtual machine will handle successive requests from the same client IP address.
      • Client IP and protocol – the same virtual machine will handle successive requests from the same client IP address and protocol combination.
    • Idle timeout keeps a TCP or HTTP connection open without depending on the clients to send keep-alive messages.
    • If the connection is idle, you can use a TCP reset.
    • Floating IP changes the IP address mapping to the frontend IP of the load balancer.

Azure Load Balancer Pricing

  • You are charged based on the number of outbound rules.
  • You are billed for the first five rules of load balancing.
  • You are not charged for the NAT rules.

Azure Load Balancer vs App Gateway vs Traffic Manager:
https://tutorialsdojo.com/azure-load-balancer-vs-app-gateway-vs-traffic-manager/

How to Create a Load Balancer

Want to learn more about Azure? Watch the official Microsoft Azure YouTube channel’s video series called Azure Tips and Tricks.

Validate Your Knowledge

Question 1

Question Type: Single choice

A company has multiple virtual machines in a virtual machine scale set named TDScale1 in its Azure environment. You need to recommend a solution that will evenly distribute Internet traffic to your virtual machines.

What Azure service should you use to satisfy this requirement?

  1. Public Load Balancer
  2. Private Load Balancer
  3. Azure Traffic Manager
  4. Azure Front Door

Correct Answer: 1

Public Load Balancer can provide outbound connections for virtual machines (VMs) inside your virtual network. These connections are accomplished by translating their private IP addresses to public IP addresses. Public Load Balancers are used to load balance Internet traffic to your VMs. 

Public Load Balancers map the public IP and port of incoming traffic to the private IP and port of the VM. Load balancer maps traffic the other way around for the response traffic from the VM. You can distribute specific types of traffic across multiple VMs or services by applying load-balancing rules. For example, you can spread the load of web request traffic across multiple web servers.

Hence, the correct answer is: Azure Public Load Balancer.

Private Load Balancer is incorrect because this service is primarily used where private IPs are needed at the frontend only. Internal load balancers are used to load balance traffic inside a virtual network. Take note that the scenario mentioned that you have to evenly distribute Internet traffic to your virtual machines.

Azure Traffic Manager is incorrect because this is simply a DNS-based traffic load balancer that enables you to distribute traffic optimally to services across global Azure regions while providing high availability and responsiveness. However, you cannot use this to distribute traffic evenly to virtual machines.

Azure Front Door is incorrect because this service just enables you to define, manage, and monitor the global routing for your web traffic by optimizing performance and ensuring quick global failover for high availability that works at Layer 7 or HTTP/HTTPS layer. You cannot use this for network layer load balancing, unlike Azure Public Load Balancer.

References:
https://azure.microsoft.com/en-us/services/load-balancer/
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview

Note: This question was extracted from our AZ-900 Microsoft Azure Fundamentals Practice Exams.

Question 2

Question Type: Single choice

What Azure service should you use if you want your application to have a higher level of availability and to evenly distribute internal traffic across virtual machines within a VNET?

    AWS Exam Readiness Courses
  1. Private Load Balancer
  2. Public Load Balancer
  3. Application Gateway
  4. Network Security Group

Correct Answer: 1

Private (or Internal) Load balancer provides a higher level of availability and scale by spreading incoming requests across virtual machines (VMs). Private load balancer distributes traffic to resources that are inside a virtual network.

Azure restricts access to the frontend IP addresses of a virtual network that are load balanced. Front-end IP addresses and virtual networks are never directly exposed to an Internet endpoint. Internal line-of-business applications run in Azure and are accessed from within Azure or from on-premises resources.

Internal load balancers balance traffic within a VNET while external load balancers balance traffic to and from an internet-connected endpoint.

Hence, the correct answer is: Private Load balancer.

Network security group is incorrect because this is used to filter network traffic to and from Azure resources in an Azure virtual network. It contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. For each rule, you can specify source and destination, port, and protocol.

Application Gateway is incorrect because this service is a web traffic load balancer that enables you to manage traffic to your web applications. Traditional load balancers operate at the transport layer (OSI layer 4 – TCP and UDP) and route traffic based on source IP address and port, to a destination IP address and port.

Public Load Balancer is incorrect because this service is primarily used for providing outbound connections for virtual machines (VMs) inside your virtual network. These connections are accomplished by translating their private IP addresses to public IP addresses. Public Load Balancers are used to load balance Internet traffic to your VMs. Take note that the scenario mentioned that you have to evenly distribute internal traffic across virtual machines within a VNET only.

References:

https://docs.microsoft.com/en-us/azure/load-balancer/tutorial-load-balancer-standard-internal-portal
https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview
https://docs.microsoft.com/en-us/azure/load-balancer/components#frontend-ip-configurations

Note: This question was extracted from our AZ-900 Microsoft Azure Fundamentals Practice Exams.

For more Azure practice exam questions with detailed explanations, check out the Tutorials Dojo Portal:

Microsoft Azure Practice Exams Tutorials Dojo

Azure Load Balancer Cheat Sheet References:

https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview
https://azure.microsoft.com/en-us/services/load-balancer/

Tutorials Dojo portal

Be Inspired and Mentored with Cloud Career Journeys!

Tutorials Dojo portal

Enroll Now – Our Azure Certification Exam Reviewers

azure reviewers tutorials dojo

Enroll Now – Our Google Cloud Certification Exam Reviewers

Tutorials Dojo Exam Study Guide eBooks

tutorials dojo study guide eBook

FREE AWS Exam Readiness Digital Courses

Subscribe to our YouTube Channel

Tutorials Dojo YouTube Channel

FREE Intro to Cloud Computing for Beginners

FREE AWS, Azure, GCP Practice Test Samplers

Recent Posts

Written by: Jon Bonso

Jon Bonso is the co-founder of Tutorials Dojo, an EdTech startup and an AWS Digital Training Partner that provides high-quality educational materials in the cloud computing space. He graduated from Mapúa Institute of Technology in 2007 with a bachelor's degree in Information Technology. Jon holds 10 AWS Certifications and is also an active AWS Community Builder since 2020.

AWS, Azure, and GCP Certifications are consistently among the top-paying IT certifications in the world, considering that most companies have now shifted to the cloud. Earn over $150,000 per year with an AWS, Azure, or GCP certification!

Follow us on LinkedIn, YouTube, Facebook, or join our Slack study group. More importantly, answer as many practice exams as you can to help increase your chances of passing your certification exams on your first try!

View Our AWS, Azure, and GCP Exam Reviewers Check out our FREE courses

Our Community

~98%
passing rate
Around 95-98% of our students pass the AWS Certification exams after training with our courses.
200k+
students
Over 200k enrollees choose Tutorials Dojo in preparing for their AWS Certification exams.
~4.8
ratings
Our courses are highly rated by our enrollees from all over the world.

What our students say about us?