Merge pull request #272032 from anavinahar/patch-277

Update load-balancer-multivip-overview.md

Author: American-Dipper

articles/aks/use-network-policies.md

@@ -198,7 +198,7 @@ Create the AKS cluster and specify `--network-plugin azure`, and `--network-poli
 If you plan on adding Windows node pools to your cluster, include the `windows-admin-username` and `windows-admin-password` parameters that meet the [Windows Server password requirements][windows-server-password].
 
 > [!IMPORTANT]
-> At this time, using Calico network policies with Windows nodes is available on new clusters by using Kubernetes version 1.20 or later with Calico 3.17.2 and requires that you use Azure CNI networking. Windows nodes on AKS clusters with Calico enabled also have [Direct Server Return (DSR)][dsr] enabled by default.
+> At this time, using Calico network policies with Windows nodes is available on new clusters by using Kubernetes version 1.20 or later with Calico 3.17.2 and requires that you use Azure CNI networking. Windows nodes on AKS clusters with Calico enabled also have Floating IP enabled by default.
 >
 > For clusters with only Linux node pools running Kubernetes 1.20 with earlier versions of Calico, the Calico version automatically upgrades to 3.17.2.
 

articles/aks/windows-best-practices.md

@@ -35,7 +35,7 @@ You might want to containerize existing applications and run them using Windows
 
 AKS uses Windows Server 2019 and Windows Server 2022 as the host OS versions and only supports process isolation. AKS doesn't support container images built by other versions of Windows Server. For more information, see [Windows container version compatibility](/virtualization/windowscontainers/deploy-containers/version-compatibility).
 
-Windows Server 2022 is the default OS for Kubernetes version 1.25 and later. Windows Server 2019 will retire after Kubernetes version 1.32 reaches end of life (EOL). Windows Server 2022 will retire after Kubernetes version 1.34 reaches its end of life (EOL). For more information, see [AKS release notes][aks-release-notes]. To stay up to date on the latest Windows Server OS versions and learn more about our roadmap of what's planned for support on AKS, see our [AKS public roadmap](https://github.com/azure/aks/projects/1).
+Windows Server 2022 is the default OS for Kubernetes version 1.25 and later. Windows Server 2019 will retire after Kubernetes version 1.32 reaches end of life. Windows Server 2022 will retire after Kubernetes version 1.34 reaches its end of life. For more information, see [AKS release notes][aks-release-notes]. To stay up to date on the latest Windows Server OS versions and learn more about our roadmap of what's planned for support on AKS, see our [AKS public roadmap](https://github.com/azure/aks/projects/1).
 
 
 ## Networking
@@ -63,7 +63,7 @@ To help you decide which networking mode to use, see [Choosing a network model][
 
 When managing traffic between pods, you should apply the principle of least privilege. The Network Policy feature in Kubernetes allows you to define and enforce ingress and egress traffic rules between the pods in your cluster. For more information, see [Secure traffic between pods using network policies in AKS][network-policies-aks].
 
-Windows pods on AKS clusters that use the Calico Network Policy enable [Floating IP][dsr] by default.
+Windows pods on AKS clusters that use the Calico Network Policy enable Floating IP by default.
 
 ## Upgrades and updates
 

articles/load-balancer/load-balancer-multivip-overview.md

@@ -6,119 +6,80 @@ services: load-balancer
 author: mbender-ms
 ms.service: load-balancer
 ms.topic: conceptual
-ms.date: 12/04/2023
+ms.date: 04/12/2024
 ms.author: mbender
 ms.custom: template-concept
 ---
 
 # Multiple frontends for Azure Load Balancer
 
-Azure Load Balancer allows you to load balance services on multiple ports, multiple IP addresses, or both. You can use a public or internal load balancer to load balance traffic across a set of services like virtual machine scale sets or virtual machines (VMs).
+Azure Load Balancer allows you to load balance services on multiple frontend IPs. You can use a public or internal load balancer to load balance traffic across a set of services like virtual machine scale sets or virtual machines (VMs).
 
-This article describes the fundamentals of  load balancing across multiple IP addresses using the same port and protocol. If you only intend to expose services on one IP address, you can find simplified instructions for [public](./quickstart-load-balancer-standard-public-portal.md) or [internal](./quickstart-load-balancer-standard-internal-portal.md) load balancer configurations. Adding multiple frontends is incremental to a single frontend configuration. Using the concepts in this article, you can expand a simplified configuration at any time.
+This article describes the fundamentals of load balancing across multiple frontend IP addresses. If you only intend to expose services on one IP address, you can find simplified instructions for [public](./quickstart-load-balancer-standard-public-portal.md) or [internal](./quickstart-load-balancer-standard-internal-portal.md) load balancer configurations. Adding multiple frontends is incremental to a single frontend configuration. Using the concepts in this article, you can expand a simplified configuration at any time.
 
-When you define an Azure Load Balancer, a frontend and a backend pool configuration are connected with a load balancing rule. The health probe referenced by the load balancing rule is used to determine the health of a VM on a certain port and protocol. Based on the health probe results, new flows are sent to VMs in the backend pool. The frontend is defined using a three-tuple comprised of an IP address (public or internal), a transport protocol (UDP or TCP), and a port number from the load balancing rule. The backend pool is a collection of Virtual Machine IP configurations (part of the NIC resource) which reference the Load Balancer backend pool. 
+When you define an Azure Load Balancer, a frontend and a backend pool configuration are connected with a load balancing rule. The health probe referenced by the load balancing rule is used to determine the health of a VM on a certain port and protocol. Based on the health probe results, new flows are sent to VMs in the backend pool. The frontend is defined using a three-tuple comprised of a frontend IP address (public or internal), a protocol, and a port number from the load balancing rule. The backend pool is a collection of Virtual Machine IP configurations. Load balancing rules can deliver traffic to the same backend pool instance on different ports. This is done by varying the destination port on the load balancing rule.
 
-The following table contains some example frontend configurations:
+You can use multiple frontends (and the associated load balancing rules) to load balance to the same backend port or a different backend port. If you want to load balance to the same backend port, you must enable [Azure Load Balancer Floating IP configuration](load-balancer-floating-ip.md) as part of the load balancing rules for each frontend.
 
-| Frontend | IP address | protocol | port |
-| --- | --- | --- | --- |
-| 1 |65.52.0.1 |TCP |80 |
-| 2 |65.52.0.1 |TCP |*8080* |
-| 3 |65.52.0.1 |*UDP* |80 |
-| 4 |*65.52.0.2* |TCP |80 |
+## Add Load Balancer frontend 
+In this example, add another frontend to your Load Balancer.
 
-The table shows four different frontend configurations. Frontends #1, #2 and #3 use the  same IP address but the port or protocol is different for each frontend. Frontends #1 and #4 are an example of multiple frontends, where the same frontend protocol and port are reused across multiple frontend IPs. 
+1. Sign in to the [Azure portal](https://portal.azure.com).
 
-Azure Load Balancer provides flexibility in defining the load balancing rules. A load balancing rule declares how an address and port on the frontend is mapped to the destination address and port on the backend. Whether or not backend ports are reused across rules depends on the type of the rule. Each type of rule has specific requirements that can affect host configuration and probe design. There are two types of rules: 
+2. In the search box at the top of the portal, enter **Load balancer**. Select **Load balancers** in the search results.
 
-1. The default rule with no backend port reuse.
-2. The Floating IP rule where backend ports are reused.
+3. Select **myLoadBalancer** or your load balancer.
 
-Azure Load Balancer allows you to mix both rule types on the same load balancer configuration. The load balancer can use them simultaneously for a given VM, or any combination, if you abide by the constraints of the rule. The rule type you choose depends on the requirements of your application and the complexity of supporting that configuration. You should evaluate which rule types are best for your scenario. We explore these scenarios further by starting with the default behavior.
+4. In the load balancer page, select **Frontend IP configuration** in **Settings**.
 
-## Rule type #1: No backend port reuse
-:::image type="content" source="media/load-balancer-multivip-overview/load-balancer-multivip.png" alt-text="Diagram of Load Balancer traffic with no backend port reuse.":::
+5. Select **+ Add** in **Frontend IP configuration** to add a frontend.
 
-In this scenario, the frontends are configured as follows:
+6. Enter or select the following information in **Add frontend IP configuration**.
+If **myLoadBalancer** is a _Public_ Load Balancer:
 
-| Frontend | IP address | protocol | port |
-| --- | --- | --- | --- |
-| ![green frontend](./media/load-balancer-multivip-overview/load-balancer-rule-green.png) 1 |65.52.0.1 |TCP |80 |
-| ![purple frontend](./media/load-balancer-multivip-overview/load-balancer-rule-purple.png) 2 |*65.52.0.2* |TCP |80 |
+    | Setting           | Value                                                     |
+    |-------------------|-----------------------------------------------------------|
+    | Name              | **myFrontend2**                                           |
+    | IP Version        | Select **IPv4** or **IPv6**.                              |
+    | IP type           | Select **IP address** or **IP prefix**.                   |
+    | Public IP address | Select an existing Public IP address or create a new one. |
+   
+    If **myLoadBalancer** is an _Internal_ Load Balancer:
 
-The backend instance IP (BIP) is the IP address of the backend service in the backend pool, each VM exposes the desired service on a unique port on the backend instance IP. This service is associated with the frontend IP (FIP) through a rule definition. 
+    | Setting           | Value                                                                                    |
+    |-------------------|------------------------------------------------------------------------------------------|
+    | Name              | **myFrontend2**                                                                          |
+    | IP Version        | Select **IPv4** or **IPv6**.                                                             |
+    | Subnet            | Select an existing subnet.                                                               |
+    | Availability zone | Select *zone-redundant* for resilient applications. You can also select a specific zone. |
 
-We define two rules:
+    
+7. Select **Save**.
 
-| Rule | Map frontend | To backend pool |
-| --- | --- | --- |
-| 1 |![green frontend](./media/load-balancer-multivip-overview/load-balancer-rule-green.png) FIP1:80 |![green backend](./media/load-balancer-multivip-overview/load-balancer-rule-green.png) BIP1:80, ![green backend](./media/load-balancer-multivip-overview/load-balancer-rule-green.png) BIP2:80 |
-| 2 |![VIP](./media/load-balancer-multivip-overview/load-balancer-rule-purple.png) FIP2:80 |![purple backend](./media/load-balancer-multivip-overview/load-balancer-rule-purple.png) BIP1:81, ![purple backend](./media/load-balancer-multivip-overview/load-balancer-rule-purple.png) BIP2:81 |
+Next you must associate the frontend IP configuration you have created with an appropriate load balancing rule. Refer to [Manage rules for Azure Load Balancer](manage-rules-how-to.md#load-balancing-rules) for more information on how to do this.
 
-The complete mapping in Azure Load Balancer is now as follows:
+## Remove a frontend
 
-| Rule | Frontend IP address | protocol | port | Destination | port |
-| --- | --- | --- | --- | --- | --- |
-| ![green rule](./media/load-balancer-multivip-overview/load-balancer-rule-green.png) 1 |65.52.0.1 |TCP |80 |BIP IP Address |80 |
-| ![purple rule](./media/load-balancer-multivip-overview/load-balancer-rule-purple.png) 2 |65.52.0.2 |TCP |80 |BIP IP Address |81 |
+In this example, you remove a frontend from your Load Balancer.
 
-Each rule must produce a flow with a unique combination of destination IP address and destination port. Multiple load balancing rules can deliver flows to the same backend instance IP on different ports by varying the destination port of the flow.
+1. Sign in to the [Azure portal](https://portal.azure.com).
 
-Health probes are always directed to the backend instance IP of a VM. You must ensure that your probe reflects the health of the VM. 
+2. In the search box at the top of the portal, enter **Load balancer**. Select **Load balancers** in the search results.
 
-## Rule type #2: backend port reuse by using Floating IP
+3. Select **myLoadBalancer** or your load balancer.
 
-Azure Load Balancer provides the flexibility to reuse the frontend port across multiple frontends configurations. Additionally, some application scenarios prefer or require the same port to be used by multiple application instances on a single VM in the backend pool. Common examples of port reuse include clustering for high availability, network virtual appliances, and exposing multiple TLS endpoints without re-encryption. 
+4. In the load balancer page, select **Frontend IP configuration** in **Settings**.
 
-If you want to reuse the backend port across multiple rules, you must enable Floating IP in the load balancing rule definition. 
+5. Select the delete icon next to the frontend you would like to remove.
 
-*Floating IP* is Azure's terminology for a portion of what is known as Direct Server Return (DSR). DSR consists of two parts: a flow topology and an IP address mapping scheme. At a platform level, Azure Load Balancer always operates in a DSR flow topology regardless of whether Floating IP is enabled or not. This means that the outbound part of a flow is always correctly rewritten to flow directly back to the origin. 
+6. Note the associated resources that will also be deleted. Check the box that says 'I have read and understood that this frontend IP configuration as well as the associated resources listed above will be deleted'
 
-With the default rule type, Azure exposes a traditional load balancing IP address mapping scheme for ease of use. Enabling Floating IP changes the IP address mapping scheme to allow for more flexibility. 
+7. Select **Delete**.
 
-:::image type="content" source="media/load-balancer-multivip-overview/load-balancer-multivip-dsr.png" alt-text="Diagram of load balancer traffic for multiple frontend IPs with floating IP.":::
-
-For this scenario, every VM in the backend pool has three network interfaces:
-
-* Backend IP: a Virtual NIC associated with the VM (IP configuration of Azure's NIC resource).
-* Frontend 1 (FIP1): a loopback interface within guest OS that is configured with IP address of FIP1.
-* Frontend 2 (FIP2): a loopback interface within guest OS that is configured with IP address of FIP2.
-
-Let's assume the same frontend configuration as in the previous scenario:
-
-| Frontend | IP address | protocol | port |
-| --- | --- | --- | --- |
-| ![green frontend](./media/load-balancer-multivip-overview/load-balancer-rule-green.png) 1 |65.52.0.1 |TCP |80 |
-| ![purple frontend](./media/load-balancer-multivip-overview/load-balancer-rule-purple.png) 2 |*65.52.0.2* |TCP |80 |
-
-We define two floating IP rules:
-
-| Rule | Frontend | Map to backend pool |
-| --- | --- | --- |
-| 1 |![green rule](./media/load-balancer-multivip-overview/load-balancer-rule-green.png) FIP1:80 |![green backend](./media/load-balancer-multivip-overview/load-balancer-rule-green.png) FIP1:80 (in VM1 and VM2) |
-| 2 |![purple rule](./media/load-balancer-multivip-overview/load-balancer-rule-purple.png) FIP2:80 |![purple backend](./media/load-balancer-multivip-overview/load-balancer-rule-purple.png) FIP2:80 (in VM1 and VM2) |
-
-The following table shows the complete mapping in the load balancer:
-
-| Rule | Frontend IP address | protocol | port | Destination | port |
-| --- | --- | --- | --- | --- | --- |
-| ![green rule](./media/load-balancer-multivip-overview/load-balancer-rule-green.png) 1 |65.52.0.1 |TCP |80 |same as frontend (65.52.0.1) |same as frontend (80) |
-| ![purple rule](./media/load-balancer-multivip-overview/load-balancer-rule-purple.png) 2 |65.52.0.2 |TCP |80 |same as frontend (65.52.0.2) |same as frontend (80) |
-
-The destination of the inbound flow is now the frontend IP address on the loopback interface in the VM. Each rule must produce a flow with a unique combination of destination IP address and destination port. Port reuse is possible on the same VM by varying the destination IP address to the frontend IP address of the flow. Your service is exposed to the load balancer by binding it to the frontend’s IP address and port of the respective loopback interface. 
-
-You notice the destination port doesn't change in the example. In floating IP scenarios, Azure Load Balancer also supports defining a load balancing rule to change the backend destination port and to make it different from the frontend destination port.
-
-The Floating IP rule type is the foundation of several load balancer configuration patterns. One example that is currently available is the [Configure one or more Always On availability group listeners](/azure/azure-sql/virtual-machines/windows/availability-group-listener-powershell-configure) configuration. Over time, we'll document more of these scenarios.
-
-> [!NOTE]
-> For more detailed information on the specific Guest OS configurations required to enable Floating IP, please refer to [Azure Load Balancer Floating IP configuration](load-balancer-floating-ip.md).
 
 ## Limitations
 
-* Multiple frontend configurations are only supported with IaaS VMs and virtual machine scale sets.
-* With the Floating IP rule, your application must use the primary IP configuration for outbound SNAT flows. If your application binds to the frontend IP address configured on the loopback interface in the guest OS, Azure's outbound SNAT won't rewrite the outbound flow, and the flow fails.  Review [outbound scenarios](load-balancer-outbound-connections.md).
+* With the Floating IP rule, your application must use the primary IP configuration of the network interface of your virtual machine for outbound flows. If your application binds to the frontend IP address configured on the loopback interface in the guest OS, Azure's outbound won't rewrite the outbound flow, and the flow fails. Review [outbound scenarios](load-balancer-outbound-connections.md).
 * Floating IP isn't currently supported on secondary IP configurations.
 * Public IP addresses have an effect on billing. For more information, see [IP Address pricing](https://azure.microsoft.com/pricing/details/ip-addresses/)
 * Subscription limits apply. For more information, see [Service limits](../azure-resource-manager/management/azure-subscription-service-limits.md#networking-limits) for details.