Skip to content

Commit 7960ad0

Browse files
authored
Merge pull request #220798 from mbender-ms/lb-inbound-NAT-VMSS
Load Balancer - New Article - Configure Inbound NAT Rules for Virtual Machine Scale Sets
2 parents 3d6f31e + 0bc1db4 commit 7960ad0

File tree

3 files changed

+129
-20
lines changed

3 files changed

+129
-20
lines changed

articles/load-balancer/TOC.yml

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -188,14 +188,16 @@
188188
href: egress-only.md
189189
- name: Virtual machine scale sets
190190
items:
191-
- name: Update or delete existing Azure Load Balancer used by Virtual Machine Scale Set
192-
href: update-load-balancer-with-vm-scale-set.md
191+
- name: Configure inbound NAT rules for Virtual Machine Scale Sets
192+
href: configure-inbound-NAT-rules-vm-scale-set.md
193193
- name: Use with an existing Azure Load Balancer - Portal
194194
href: configure-vm-scale-set-portal.md
195195
- name: Use with an existing Azure Load Balancer - PowerShell
196196
href: configure-vm-scale-set-powershell.md
197197
- name: Use with an existing Azure Load Balancer - CLI
198198
href: configure-vm-scale-set-cli.md
199+
- name: Update or delete existing Azure Load Balancer used by Virtual Machine Scale Set
200+
href: update-load-balancer-with-vm-scale-set.md
199201
- name: Upgrade from a basic to standard load balancer
200202
items:
201203
- name: Upgrade options and guidance
Lines changed: 106 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,106 @@
1+
---
2+
title: Configure Inbound NAT Rules for Virtual Machine Scale Sets
3+
description: Learn how to configure, update, and delete inbound NAT Rules for Virtual Machine Scale Set instances. Azure offers two options for Inbound NAT rules.
4+
author: mbender-ms
5+
ms.author: mbender
6+
ms.service: load-balancer
7+
ms.topic: how-to
8+
ms.date: 12/06/2022
9+
ms.custom: template-how-to
10+
---
11+
12+
# Configure inbound NAT Rules for Virtual Machine Scale Sets
13+
14+
In this article, you'll learn how to configure, update, and delete inbound NAT Rules for Virtual Machine Scale Set instances. Azure offers two options for inbound NAT rules. The first option is the ability to add a single inbound NAT rule to a single backend resource. The second option is the ability to create a group of inbound NAT rules for a backend pool. It's recommended to use the second option for inbound NAT rules when using Virtual Machine Scale Sets, since this option provides better flexibility and scalability. Learn more about the various options for [inbound NAT rules](inbound-nat-rules.md).
15+
16+
## Prerequisites
17+
18+
- A Standard SKU [Azure Load Balancer](quickstart-load-balancer-standard-public-portal.md) in the same subscription as the Virtual Machine Scale Set.
19+
- A [Virtual Machine Scale Set instance](configure-vm-scale-set-portal.md) in the backend pool of the load balancer.
20+
- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
21+
22+
## Add inbound NAT rules
23+
Individual inbound NAT rules can't be added to a Virtual Machine Scale Set. However, you can add a set of inbound NAT rules with a defined front-end port range and back-end port for all instances in the Virtual Machine Scale Set.
24+
25+
To add a set of inbound NAT rules for the Virtual Machine Scale Sets, you create a set of inbound NAT rules in the load balancer that targets a backend pool using [az network lb inbound-nat-rule create](/cli/azure/network/lb/inbound-nat-rule#az-network-lb-inbound-nat-rule-create) as follows:
26+
27+
```azurecli
28+
29+
az network lb inbound-nat-rule create \
30+
--resource-group MyResourceGroup \
31+
--name MyNatRule \
32+
--lb-name MyLb \
33+
--protocol TCP \
34+
--frontend-port-range-start 200 \
35+
--frontend-port-range-end 250 \
36+
--backend-port 22 \
37+
--backend-pool-name mybackend \
38+
--frontend-ip-name MyFrontendIp
39+
40+
```
41+
42+
The new inbound NAT rule can't have an overlapping front-end port range with existing inbound NAT rules. To view existing inbound NAT rules that are set up, use [az network lb inbound-nat-rule show](/cli/azure/network/lb/inbound-nat-rule#az-network-lb-inbound-nat-rule-show) as follows:
43+
44+
```azurecli
45+
46+
az network lb inbound-nat-rule show \
47+
--lb-name <load-balancer-name> \
48+
--name <nat-rule-name> \
49+
--resource-group <resource-group-name>
50+
51+
```
52+
## Add multiple inbound NAT rules behind a Virtual Machine Scale Set
53+
54+
Multiple sets of inbound NAT rules can be attached to a single Virtual Machine Scale Set, given that the rules frontend port ranges aren’t overlapping. This is accomplished by having multiple sets of inbound NAT rules that target the same backend pool as follows:
55+
56+
```azurecli
57+
az network lb inbound-nat-rule create \
58+
--resource-group MyResourceGroup \
59+
--name MyNatRule \
60+
--lb-name MyLb \
61+
--protocol TCP \
62+
--frontend-port-range-start 200 \
63+
--frontend-port-range-end 250 \
64+
--backend-port 22 \
65+
--backend-pool-name mybackend \
66+
--frontend-ip-name MyFrontendIp
67+
68+
az network lb inbound-nat-rule create \
69+
--resource-group MyResourceGroup \
70+
--name MyNatRule2 \
71+
--lb-name MyLb \
72+
--protocol TCP \
73+
--frontend-port-range-start 150 \
74+
--frontend-port-range-end 180 \
75+
--backend-port 80 \
76+
--backend-pool-name mybackend \
77+
--frontend-ip-name MyFrontendIp
78+
79+
```
80+
## Update inbound NAT rules
81+
When using inbound NAT rules with Virtual Machine Scale Sets, Individual inbound NAT rules can't be updated. However, you can update a set of inbound NAT rules that target a backend pool using [az network lb inbound-nat-rule update](/cli/azure/network/lb/inbound-nat-rule#az-network-lb-inbound-nat-rule-update) as follows:
82+
83+
```azurecli
84+
85+
az network lb inbound-nat-rule update \
86+
--resource-group MyResourceGroup \
87+
--name MyNatRule \
88+
--lb-name MyLb \
89+
--frontend-port-range-start 150 \
90+
--frontend-port-range-end 250
91+
92+
```
93+
## Delete inbound NAT rules
94+
95+
When using inbound NAT rules with Virtual Machine Scale Sets, individual inbound NAT rules can't be deleted. However, you can delete the entire set of inbound NAT rules by deleting the inbound NAT rule that targets a specific backend pool. Use [az network lb inbound-nat-rule delete](/cli/azure/network/lb/inbound-nat-rule#az-network-lb-inbound-nat-rule-delete) to delete a set of rules:
96+
97+
```azurecli
98+
99+
az network lb inbound-nat-rule delete --resourcegroup MyResourceGroup --name MyNatRule --lb-name MyLb
100+
101+
```
102+
103+
## Next steps
104+
To learn more about Azure Load Balancer and Virtual Machine Scale Sets, read more about the concepts.
105+
106+
Learn to use [Azure Load Balancer with Virtual Machine Scale Sets](load-balancer-standard-virtual-machine-scale-sets.md).

articles/load-balancer/update-load-balancer-with-vm-scale-set.md

Lines changed: 19 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
---
2-
title: Update or delete an existing load balancer used by virtual machine scale sets
2+
title: Update or delete an existing load balancer used by Virtual Machine Scale Sets
33
titleSuffix: Azure Load Balancer
4-
description: With this how-to article, get started with Azure Standard Load Balancer and virtual machine scale sets.
4+
description: With this how-to article, get started with Azure Standard Load Balancer and Virtual Machine Scale Sets.
55
services: load-balancer
66
documentationcenter: na
77
author: mbender-ms
@@ -10,34 +10,35 @@ ms.service: load-balancer
1010
ms.topic: article
1111
ms.tgt_pltfrm: na
1212
ms.workload: infrastructure-services
13-
ms.date: 12/29/2020
13+
ms.date: 12/06/2022
1414
ms.author: mbender
15+
ROBOTS: NOINDEX
1516
---
16-
# Update or delete a load balancer used by virtual machine scale sets
17+
# Update or delete a load balancer used by Virtual Machine Scale Sets
1718

18-
When you work with virtual machine scale sets and an instance of Azure Load Balancer, you can:
19+
When you work with Virtual Machine Scale Sets and an instance of Azure Load Balancer, you can:
1920

2021
- Add, update, and delete rules.
2122
- Add configurations.
2223
- Delete the load balancer.
2324

24-
## Set up a load balancer for scaling out virtual machine scale sets
25+
## Set up a load balancer for scaling out Virtual Machine Scale Sets
2526

26-
Make sure that the instance of Azure Load Balancer has an [inbound NAT pool](/cli/azure/network/lb/inbound-nat-pool) set up and that the virtual machine scale set is put in the backend pool of the load balancer. Load Balancer will automatically create new inbound NAT rules in the inbound NAT pool when new virtual machine instances are added to the virtual machine scale set.
27+
Make sure that the instance of Azure Load Balancer has an [inbound NAT pool](/cli/azure/network/lb/inbound-nat-pool) set up and that the Virtual Machine Scale Set is put in the backend pool of the load balancer. Load Balancer will automatically create new inbound NAT rules in the inbound NAT pool when new virtual machine instances are added to the Virtual Machine Scale Set.
2728

2829
To check whether the inbound NAT pool is properly set up:
2930

3031
1. Sign in to the [Azure portal](https://portal.azure.com).
3132
1. On the left menu, select **All resources**. Then select **MyLoadBalancer** from the resource list.
32-
1. Under **Settings**, select **Inbound NAT rules**. In the right pane, if you see a list of rules created for each individual instance in the virtual machine scale set, you're all set to go for scaling up at any time.
33+
1. Under **Settings**, select **Inbound NAT rules**. In the right pane, if you see a list of rules created for each individual instance in the Virtual Machine Scale Set, you're all set to go for scaling up at any time.
3334

3435
## Add inbound NAT rules
3536

36-
Individual inbound NAT rules can't be added. But you can add a set of inbound NAT rules with defined front-end port range and back-end port for all instances in the virtual machine scale set.
37+
Individual inbound NAT rules can't be added. But you can add a set of inbound NAT rules with defined front-end port range and back-end port for all instances in the Virtual Machine Scale Set.
3738

38-
To add a whole set of inbound NAT rules for the virtual machine scale sets, first create an inbound NAT pool in the load balancer. Then reference the inbound NAT pool from the network profile of the virtual machine scale set. A full example using the CLI is shown.
39+
To add a whole set of inbound NAT rules for the Virtual Machine Scale Sets, first create an inbound NAT pool in the load balancer. Then reference the inbound NAT pool from the network profile of the Virtual Machine Scale Set. A full example using the CLI is shown.
3940

40-
The new inbound NAT pool should not have an overlapping front-end port range with existing inbound NAT pools. To view existing inbound NAT pools that are set up, use this [CLI command](/cli/azure/network/lb/inbound-nat-pool#az-network-lb-inbound-nat-pool-list):
41+
The new inbound NAT pool shouldn't have an overlapping front-end port range with existing inbound NAT pools. To view existing inbound NAT pools that are set up, use this [CLI command](/cli/azure/network/lb/inbound-nat-pool#az-network-lb-inbound-nat-pool-list):
4142

4243
```azurecli-interactive
4344
az network lb inbound-nat-pool create
@@ -61,9 +62,9 @@ The new inbound NAT pool should not have an overlapping front-end port range wit
6162
```
6263
## Update inbound NAT rules
6364

64-
Individual inbound NAT rules can't be updated. But you can update a set of inbound NAT rules with a defined front-end port range and a back-end port for all instances in the virtual machine scale set.
65+
Individual inbound NAT rules can't be updated. But you can update a set of inbound NAT rules with a defined front-end port range and a back-end port for all instances in the Virtual Machine Scale Set.
6566

66-
To update a whole set of inbound NAT rules for virtual machine scale sets, update the inbound NAT pool in the load balancer.
67+
To update a whole set of inbound NAT rules for Virtual Machine Scale Sets, update the inbound NAT pool in the load balancer.
6768

6869
```azurecli-interactive
6970
az network lb inbound-nat-pool update
@@ -151,21 +152,21 @@ Make sure to create separate inbound NAT pools with non-overlapping frontend por
151152
--name MyVMSS2
152153
```
153154

154-
## Delete the front-end IP configuration used by the virtual machine scale set
155+
## Delete the front-end IP configuration used by the Virtual Machine Scale Set
155156

156157
To delete the front-end IP configuration in use by the scale set:
157158

158159
1. First delete the inbound NAT pool (the set of inbound NAT rules) that references the front-end IP configuration. Instructions on how to delete the inbound rules are found in the previous section.
159160
1. Delete the load-balancing rule that references the front-end IP configuration.
160161
1. Delete the front-end IP configuration.
161162

162-
## Delete a load balancer used by a virtual machine scale set
163+
## Delete a load balancer used by a Virtual Machine Scale Set
163164

164165
To delete the front-end IP configuration in use by the scale set:
165166

166167
1. First delete the inbound NAT pool (the set of inbound NAT rules) that references the front-end IP configuration. Instructions on how to delete the inbound rules are found in the previous section.
167-
1. Delete the load-balancing rule that references the back-end pool that contains the virtual machine scale set.
168-
1. Remove the `loadBalancerBackendAddressPool` reference from the network profile of the virtual machine scale set.
168+
1. Delete the load-balancing rule that references the back-end pool that contains the Virtual Machine Scale Set.
169+
1. Remove the `loadBalancerBackendAddressPool` reference from the network profile of the Virtual Machine Scale Set.
169170

170171
A full example using the CLI is shown here:
171172

@@ -183,6 +184,6 @@ Finally, delete the load balancer resource.
183184

184185
## Next steps
185186

186-
To learn more about Azure Load Balancer and virtual machine scale sets, read more about the concepts.
187+
To learn more about Azure Load Balancer and Virtual Machine Scale Sets, read more about the concepts.
187188

188189
> [Azure Load Balancer with virtual machine scale sets](load-balancer-standard-virtual-machine-scale-sets.md)

0 commit comments

Comments
 (0)