You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
title: Configure Inbound NAT Rules for Virtual Machine Scale Sets
3
+
description: Learn how to configure, update, and delete inbound NAT Rules for Virtual Machine Scale Set instances. Azure offers two options for Inbound NAT rules.
4
+
author: mbender-ms
5
+
ms.author: mbender
6
+
ms.service: load-balancer
7
+
ms.topic: how-to
8
+
ms.date: 12/06/2022
9
+
ms.custom: template-how-to
10
+
---
11
+
12
+
# Configure inbound NAT Rules for Virtual Machine Scale Sets
13
+
14
+
In this article, you'll learn how to configure, update, and delete inbound NAT Rules for Virtual Machine Scale Set instances. Azure offers two options for inbound NAT rules. The first option is the ability to add a single inbound NAT rule to a single backend resource. The second option is the ability to create a group of inbound NAT rules for a backend pool. It's recommended to use the second option for inbound NAT rules when using Virtual Machine Scale Sets, since this option provides better flexibility and scalability. Learn more about the various options for [inbound NAT rules](inbound-nat-rules.md).
15
+
16
+
## Prerequisites
17
+
18
+
- A Standard SKU [Azure Load Balancer](quickstart-load-balancer-standard-public-portal.md) in the same subscription as the Virtual Machine Scale Set.
19
+
- A [Virtual Machine Scale Set instance](configure-vm-scale-set-portal.md) in the backend pool of the load balancer.
20
+
- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
21
+
22
+
## Add inbound NAT rules
23
+
Individual inbound NAT rules can't be added to a Virtual Machine Scale Set. However, you can add a set of inbound NAT rules with a defined front-end port range and back-end port for all instances in the Virtual Machine Scale Set.
24
+
25
+
To add a set of inbound NAT rules for the Virtual Machine Scale Sets, you create a set of inbound NAT rules in the load balancer that targets a backend pool using [az network lb inbound-nat-rule create](/cli/azure/network/lb/inbound-nat-rule#az-network-lb-inbound-nat-rule-create) as follows:
26
+
27
+
```azurecli
28
+
29
+
az network lb inbound-nat-rule create \
30
+
--resource-group MyResourceGroup \
31
+
--name MyNatRule \
32
+
--lb-name MyLb \
33
+
--protocol TCP \
34
+
--frontend-port-range-start 200 \
35
+
--frontend-port-range-end 250 \
36
+
--backend-port 22 \
37
+
--backend-pool-name mybackend \
38
+
--frontend-ip-name MyFrontendIp
39
+
40
+
```
41
+
42
+
The new inbound NAT rule can't have an overlapping front-end port range with existing inbound NAT rules. To view existing inbound NAT rules that are set up, use [az network lb inbound-nat-rule show](/cli/azure/network/lb/inbound-nat-rule#az-network-lb-inbound-nat-rule-show) as follows:
43
+
44
+
```azurecli
45
+
46
+
az network lb inbound-nat-rule show \
47
+
--lb-name <load-balancer-name> \
48
+
--name <nat-rule-name> \
49
+
--resource-group <resource-group-name>
50
+
51
+
```
52
+
## Add multiple inbound NAT rules behind a Virtual Machine Scale Set
53
+
54
+
Multiple sets of inbound NAT rules can be attached to a single Virtual Machine Scale Set, given that the rules frontend port ranges aren’t overlapping. This is accomplished by having multiple sets of inbound NAT rules that target the same backend pool as follows:
55
+
56
+
```azurecli
57
+
az network lb inbound-nat-rule create \
58
+
--resource-group MyResourceGroup \
59
+
--name MyNatRule \
60
+
--lb-name MyLb \
61
+
--protocol TCP \
62
+
--frontend-port-range-start 200 \
63
+
--frontend-port-range-end 250 \
64
+
--backend-port 22 \
65
+
--backend-pool-name mybackend \
66
+
--frontend-ip-name MyFrontendIp
67
+
68
+
az network lb inbound-nat-rule create \
69
+
--resource-group MyResourceGroup \
70
+
--name MyNatRule2 \
71
+
--lb-name MyLb \
72
+
--protocol TCP \
73
+
--frontend-port-range-start 150 \
74
+
--frontend-port-range-end 180 \
75
+
--backend-port 80 \
76
+
--backend-pool-name mybackend \
77
+
--frontend-ip-name MyFrontendIp
78
+
79
+
```
80
+
## Update inbound NAT rules
81
+
When using inbound NAT rules with Virtual Machine Scale Sets, Individual inbound NAT rules can't be updated. However, you can update a set of inbound NAT rules that target a backend pool using [az network lb inbound-nat-rule update](/cli/azure/network/lb/inbound-nat-rule#az-network-lb-inbound-nat-rule-update) as follows:
82
+
83
+
```azurecli
84
+
85
+
az network lb inbound-nat-rule update \
86
+
--resource-group MyResourceGroup \
87
+
--name MyNatRule \
88
+
--lb-name MyLb \
89
+
--frontend-port-range-start 150 \
90
+
--frontend-port-range-end 250
91
+
92
+
```
93
+
## Delete inbound NAT rules
94
+
95
+
When using inbound NAT rules with Virtual Machine Scale Sets, individual inbound NAT rules can't be deleted. However, you can delete the entire set of inbound NAT rules by deleting the inbound NAT rule that targets a specific backend pool. Use [az network lb inbound-nat-rule delete](/cli/azure/network/lb/inbound-nat-rule#az-network-lb-inbound-nat-rule-delete) to delete a set of rules:
Copy file name to clipboardExpand all lines: articles/load-balancer/update-load-balancer-with-vm-scale-set.md
+19-18Lines changed: 19 additions & 18 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,7 +1,7 @@
1
1
---
2
-
title: Update or delete an existing load balancer used by virtual machine scale sets
2
+
title: Update or delete an existing load balancer used by Virtual Machine Scale Sets
3
3
titleSuffix: Azure Load Balancer
4
-
description: With this how-to article, get started with Azure Standard Load Balancer and virtual machine scale sets.
4
+
description: With this how-to article, get started with Azure Standard Load Balancer and Virtual Machine Scale Sets.
5
5
services: load-balancer
6
6
documentationcenter: na
7
7
author: mbender-ms
@@ -10,34 +10,35 @@ ms.service: load-balancer
10
10
ms.topic: article
11
11
ms.tgt_pltfrm: na
12
12
ms.workload: infrastructure-services
13
-
ms.date: 12/29/2020
13
+
ms.date: 12/06/2022
14
14
ms.author: mbender
15
+
ROBOTS: NOINDEX
15
16
---
16
-
# Update or delete a load balancer used by virtual machine scale sets
17
+
# Update or delete a load balancer used by Virtual Machine Scale Sets
17
18
18
-
When you work with virtual machine scale sets and an instance of Azure Load Balancer, you can:
19
+
When you work with Virtual Machine Scale Sets and an instance of Azure Load Balancer, you can:
19
20
20
21
- Add, update, and delete rules.
21
22
- Add configurations.
22
23
- Delete the load balancer.
23
24
24
-
## Set up a load balancer for scaling out virtual machine scale sets
25
+
## Set up a load balancer for scaling out Virtual Machine Scale Sets
25
26
26
-
Make sure that the instance of Azure Load Balancer has an [inbound NAT pool](/cli/azure/network/lb/inbound-nat-pool) set up and that the virtual machine scale set is put in the backend pool of the load balancer. Load Balancer will automatically create new inbound NAT rules in the inbound NAT pool when new virtual machine instances are added to the virtual machine scale set.
27
+
Make sure that the instance of Azure Load Balancer has an [inbound NAT pool](/cli/azure/network/lb/inbound-nat-pool) set up and that the Virtual Machine Scale Set is put in the backend pool of the load balancer. Load Balancer will automatically create new inbound NAT rules in the inbound NAT pool when new virtual machine instances are added to the Virtual Machine Scale Set.
27
28
28
29
To check whether the inbound NAT pool is properly set up:
29
30
30
31
1. Sign in to the [Azure portal](https://portal.azure.com).
31
32
1. On the left menu, select **All resources**. Then select **MyLoadBalancer** from the resource list.
32
-
1. Under **Settings**, select **Inbound NAT rules**. In the right pane, if you see a list of rules created for each individual instance in the virtual machine scale set, you're all set to go for scaling up at any time.
33
+
1. Under **Settings**, select **Inbound NAT rules**. In the right pane, if you see a list of rules created for each individual instance in the Virtual Machine Scale Set, you're all set to go for scaling up at any time.
33
34
34
35
## Add inbound NAT rules
35
36
36
-
Individual inbound NAT rules can't be added. But you can add a set of inbound NAT rules with defined front-end port range and back-end port for all instances in the virtual machine scale set.
37
+
Individual inbound NAT rules can't be added. But you can add a set of inbound NAT rules with defined front-end port range and back-end port for all instances in the Virtual Machine Scale Set.
37
38
38
-
To add a whole set of inbound NAT rules for the virtual machine scale sets, first create an inbound NAT pool in the load balancer. Then reference the inbound NAT pool from the network profile of the virtual machine scale set. A full example using the CLI is shown.
39
+
To add a whole set of inbound NAT rules for the Virtual Machine Scale Sets, first create an inbound NAT pool in the load balancer. Then reference the inbound NAT pool from the network profile of the Virtual Machine Scale Set. A full example using the CLI is shown.
39
40
40
-
The new inbound NAT pool should not have an overlapping front-end port range with existing inbound NAT pools. To view existing inbound NAT pools that are set up, use this [CLI command](/cli/azure/network/lb/inbound-nat-pool#az-network-lb-inbound-nat-pool-list):
41
+
The new inbound NAT pool shouldn't have an overlapping front-end port range with existing inbound NAT pools. To view existing inbound NAT pools that are set up, use this [CLI command](/cli/azure/network/lb/inbound-nat-pool#az-network-lb-inbound-nat-pool-list):
41
42
42
43
```azurecli-interactive
43
44
az network lb inbound-nat-pool create
@@ -61,9 +62,9 @@ The new inbound NAT pool should not have an overlapping front-end port range wit
61
62
```
62
63
## Update inbound NAT rules
63
64
64
-
Individual inbound NAT rules can't be updated. But you can update a set of inbound NAT rules with a defined front-end port range and a back-end port for all instances in the virtual machine scale set.
65
+
Individual inbound NAT rules can't be updated. But you can update a set of inbound NAT rules with a defined front-end port range and a back-end port for all instances in the Virtual Machine Scale Set.
65
66
66
-
To update a whole set of inbound NAT rules for virtual machine scale sets, update the inbound NAT pool in the load balancer.
67
+
To update a whole set of inbound NAT rules for Virtual Machine Scale Sets, update the inbound NAT pool in the load balancer.
67
68
68
69
```azurecli-interactive
69
70
az network lb inbound-nat-pool update
@@ -151,21 +152,21 @@ Make sure to create separate inbound NAT pools with non-overlapping frontend por
151
152
--name MyVMSS2
152
153
```
153
154
154
-
## Delete the front-end IP configuration used by the virtual machine scale set
155
+
## Delete the front-end IP configuration used by the Virtual Machine Scale Set
155
156
156
157
To delete the front-end IP configuration in use by the scale set:
157
158
158
159
1. First delete the inbound NAT pool (the set of inbound NAT rules) that references the front-end IP configuration. Instructions on how to delete the inbound rules are found in the previous section.
159
160
1. Delete the load-balancing rule that references the front-end IP configuration.
160
161
1. Delete the front-end IP configuration.
161
162
162
-
## Delete a load balancer used by a virtual machine scale set
163
+
## Delete a load balancer used by a Virtual Machine Scale Set
163
164
164
165
To delete the front-end IP configuration in use by the scale set:
165
166
166
167
1. First delete the inbound NAT pool (the set of inbound NAT rules) that references the front-end IP configuration. Instructions on how to delete the inbound rules are found in the previous section.
167
-
1. Delete the load-balancing rule that references the back-end pool that contains the virtual machine scale set.
168
-
1. Remove the `loadBalancerBackendAddressPool` reference from the network profile of the virtual machine scale set.
168
+
1. Delete the load-balancing rule that references the back-end pool that contains the Virtual Machine Scale Set.
169
+
1. Remove the `loadBalancerBackendAddressPool` reference from the network profile of the Virtual Machine Scale Set.
169
170
170
171
A full example using the CLI is shown here:
171
172
@@ -183,6 +184,6 @@ Finally, delete the load balancer resource.
183
184
184
185
## Next steps
185
186
186
-
To learn more about Azure Load Balancer and virtual machine scale sets, read more about the concepts.
187
+
To learn more about Azure Load Balancer and Virtual Machine Scale Sets, read more about the concepts.
187
188
188
189
> [Azure Load Balancer with virtual machine scale sets](load-balancer-standard-virtual-machine-scale-sets.md)
0 commit comments