Merge pull request #201642 from brianlehr/newbranch

laurabren · web-flow · commit 07b8139f7469 · 2022-06-24T16:54:26.000-07:00
modify floating IP page
diff --git a/articles/load-balancer/load-balancer-floating-ip.md b/articles/load-balancer/load-balancer-floating-ip.md
@@ -26,49 +26,93 @@ Some application scenarios prefer or require the same port to be used by multipl
 
 If you want to reuse the backend port across multiple rules, you must enable Floating IP in the rule definition.
 
-When Floating IP is enabled, Azure changes the IP address mapping to the Frontend IP address of the Load Balancer frontend instead of backend instance's IP. 
-
-Without Floating IP, Azure exposes the VM instances' IP. Enabling Floating IP changes the IP address mapping to the Frontend IP of the load Balancer to allow for more flexibility. Learn more [here](load-balancer-multivip-overview.md).
+When Floating IP is enabled, Azure changes the IP address mapping to the Frontend IP address of the Load Balancer frontend instead of backend instance's IP. Without Floating IP, Azure exposes the VM instances' IP. Enabling Floating IP changes the IP address mapping to the Frontend IP of the load Balancer to allow for more flexibility. Learn more [here](load-balancer-multivip-overview.md).
 
 Floating IP can be configured on a Load Balancer rule via the Azure portal, REST API, CLI, PowerShell, or other client. In addition to the rule configuration, you must also configure your virtual machine's Guest OS in order to use Floating IP.
 
 ## Floating IP Guest OS configuration
-For each VM in the backend pool, run the following commands at a Windows Command Prompt.
+
+In order to function, the Guest OS for the virtual machine needs to be configured to receive all traffic bound for the frontend IP and port of the load balancer. To accomplish this requires:
+* a loopback network interface to be added
+* configuring the loopback with the frontend IP address of the load balancer
+* ensure the system can send/receive packets on interfaces that do not have the IP address assigned to that interface (on Windows, this requires setting interfaces to use the "weak host" model; on Linux this model is normally used by default)
+The host firewall also needs to be open to receiving traffic on the frontend IP port.
+
+> [!NOTE]
+> The examples below all use IPv4; to use IPv6, substitute "ipv6" for "ipv4".  Also note that Floating IP for IPv6 does not work for Internal Load Balancers.
+
+### Windows Server
+
+<details>
+  <summary>Expand</summary>
+
+For each VM in the backend pool, run the following commands at a Windows Command Prompt on the server.  
 
 To get the list of interface names you have on your VM, type this command:
 
 ```console
-netsh interface show interface 
+netsh interface ipv4 show interface 
 ```
 
-For the VM NIC (Azure managed), type this command:
+For the VM NIC (Azure managed), type this command.
 
 ```console
 netsh interface ipv4 set interface “interfacename” weakhostreceive=enabled
 ```
+(replace **interfacename** with the name of this interface)
+
+For each loopback interface you added, repeat the commands below.
+
+```console
+netsh interface ipv4 add addr "loopbackinterface" floatingip floatingipnetmask
+netsh interface ipv4 set interface "loopbackinterface" weakhostreceive=enabled  weakhostsend=enabled 
+```
+(replace **loopbackinterface** with the name of this loopback interface and **floatingip** and **floatingipnetmask** with the appropriate values, e.g. that correspond to the load balancer frontend IP) 
 
-(replace interfacename with the name of this interface)
+Finally, if firewall is being used on the guest host, ensure a rule set up so the traffic can reach the VM on the appropriate ports.
 
-For each loopback interface you added, repeat these commands:
+A full example configuration is below (assuming a load balancer frontend IP configuration of 1.2.3.4 and a load balancing rule for port 80):
 
 ```console
-netsh interface ipv4 set interface “interfacename” weakhostreceive=enabled 
+netsh int ipv4 set int "Ethernet" weakhostreceive=enabled
+netsh int ipv4 add addr "Loopback Pseudo-Interface 1" 1.2.3.4 255.255.255.0
+netsh int ipv4 set int "Loopback Pseudo-Interface 1" weakhostreceive=enabled weakhostsend=enabled
+netsh advfirewall firewall add rule name="http" protocol=TCP localport=80 dir=in action=allow enable=yes
 ```
+</details>
 
-(replace interfacename with the name of this loopback interface)
+### Ubuntu
+
+<details>
+  <summary>Expand</summary>
+
+For each VM in the backend pool, run the following commands via an SSH session.
+
+To get the list of interface names you have on your VM, type this command:
+
+```console
+ip addr
+```
+For each loopback interface, repeat these commands, which assigns the floating IP to the loopback alias:
 
 ```console
-netsh interface ipv4 set interface “interfacename” weakhostsend=enabled 
+sudo ip addr add floatingip/floatingipnetmask dev lo:0
 ```
+(replace **floatingip** and **floatingipnetmask** with the appropriate values, e.g. that correspond to the load balancer frontend IP) 
+
+Finally, if firewall is being used on the guest host, ensure a rule set up so the traffic can reach the VM on the appropriate ports.
 
-(replace **interfacename** with the name of this loopback interface)
+A full example configuration is below (assuming a load balancer frontend IP configuration of 1.2.3.4 and a load balancing rule for port 80).  This example also assumes the use of [UFW (Uncomplicated Firewall)](https://www.wikipedia.org/wiki/Uncomplicated_Firewall) in Ubuntu.
 
-> [!IMPORTANT]
-> The configuration of the loopback interfaces is performed within the guest OS. This configuration is not performed or managed by Azure. Without this configuration, the rules will not function.
+```console
+sudo ip addr add 1.2.3.4/24 dev lo:0
+sudo ufw allow 80/tcp
+```
+</details>
 
 ## <a name = "limitations"></a>Limitations
 
-- Floating IP is not currently supported on secondary IP configurations for Load Balancing scenarios.  This does not apply to Public load balancers with dual-stack configurations or to architectures that utilize a NAT Gateway for outbound connectivity.
+- Floating IP isn't currently supported on secondary IP configurations for Load Balancing scenarios.  This doesn't apply to Public load balancers with dual-stack configurations or to architectures that utilize a NAT Gateway for outbound connectivity.
 
 ## Next steps
 
@@ -77,4 +121,4 @@ netsh interface ipv4 set interface “interfacename” weakhostsend=enabled
 - Learn more about [Azure Load Balancer](load-balancer-overview.md).
 - Learn about [Health Probes](load-balancer-custom-probe-overview.md).
 - Learn about [Standard Load Balancer Diagnostics](load-balancer-standard-diagnostics.md).
-- Learn more about [Network Security Groups](../virtual-network/network-security-groups-overview.md).
+- Learn more about [Network Security Groups](../virtual-network/network-security-groups-overview.md).
