Added PS commands

mbender-ms · mbender-ms · commit b6d52a5f0757 · 2025-03-18T17:02:46.000-05:00
diff --git a/articles/load-balancer/tutorial-create-gateway-load-balancer.md b/articles/load-balancer/tutorial-create-gateway-load-balancer.md
@@ -188,9 +188,122 @@ Use [az network nsg rule create](/cli/azure/network/nsg/rule#az-network-nsg-rule
 
 # [Azure PowerShell](#tab/azurepowershell/)
 
+## Create a resource group
+
+An Azure resource group is a logical container into which Azure resources are deployed and managed.
+
+Create a resource group with [New-AzResourceGroup](/powershell/module/az.resources/new-azresourcegroup):
+
+```azurepowershell-interactive
+New-AzResourceGroup -Name 'TutorGwLB-rg' -Location 'eastus'
+
+```
+
+## Create virtual network
+
+A virtual network is needed for the resources that are in the backend pool of the gateway load balancer. Use [New-AzVirtualNetwork](/powershell/module/az.network/new-azvirtualnetwork) to create the virtual network. Use [New-AzBastion](/powershell/module/az.network/new-azbastion) to deploy a bastion host for secure management of resources in virtual network.
+
+> [!IMPORTANT]
+
+> [!INCLUDE [Pricing](~/reusable-content/ce-skilling/azure/includes/bastion-pricing.md)]
+
+>
+
+```azurepowershell-interactive
+## Create backend subnet config ##
+$subnet = @{
+    Name = 'myBackendSubnet'
+    AddressPrefix = '10.1.0.0/24'
+}
+$subnetConfig = New-AzVirtualNetworkSubnetConfig @subnet 
+
+## Create Azure Bastion subnet. ##
+$bastsubnet = @{
+    Name = 'AzureBastionSubnet' 
+    AddressPrefix = '10.1.1.0/24'
+}
+$bastsubnetConfig = New-AzVirtualNetworkSubnetConfig @bastsubnet
+
+## Create the virtual network ##
+$net = @{
+    Name = 'myVNet'
+    ResourceGroupName = 'TutorGwLB-rg'
+    Location = 'eastus'
+    AddressPrefix = '10.1.0.0/16'
+    Subnet = $subnetConfig,$bastsubnetConfig
+}
+$vnet = New-AzVirtualNetwork @net
+
+## Create public IP address for bastion host. ##
+$ip = @{
+    Name = 'myBastionIP'
+    ResourceGroupName = 'TutorGwLB-rg'
+    Location = 'eastus'
+    Sku = 'Standard'
+    AllocationMethod = 'Static'
+}
+$publicip = New-AzPublicIpAddress @ip
+
+## Create bastion host ##
+$bastion = @{
+    ResourceGroupName = 'TutorGwLB-rg'
+    Name = 'myBastion'
+    PublicIpAddress = $publicip
+    VirtualNetwork = $vnet
+}
+New-AzBastion @bastion -AsJob
+
+```
+
+## Create NSG
+
+Use the following example to create a network security group. You'll configure the NSG rules needed for network traffic in the virtual network created previously.
+
+Use [New-AzNetworkSecurityRuleConfig](/powershell/module/az.network/new-aznetworksecurityruleconfig) to create rules for the NSG. Use [New-AzNetworkSecurityGroup](/powershell/module/az.network/new-aznetworksecuritygroup) to create the NSG.
+
+```azurepowershell-interactive
+## Create rule for network security group and place in variable. ##
+$nsgrule1 = @{
+    Name = 'myNSGRule-AllowAll'
+    Description = 'Allow all'
+    Protocol = '*'
+    SourcePortRange = '*'
+    DestinationPortRange = '*'
+    SourceAddressPrefix = '0.0.0.0/0'
+    DestinationAddressPrefix = '0.0.0.0/0'
+    Access = 'Allow'
+    Priority = '100'
+    Direction = 'Inbound'
+}
+$rule1 = New-AzNetworkSecurityRuleConfig @nsgrule1
+
+$nsgrule2 = @{
+    Name = 'myNSGRule-AllowAll-TCP-Out'
+    Description = 'Allow all TCP Out'
+    Protocol = 'TCP'
+    SourcePortRange = '*'
+    DestinationPortRange = '*'
+    SourceAddressPrefix = '0.0.0.0/0'
+    DestinationAddressPrefix = '0.0.0.0/0'
+    Access = 'Allow'
+    Priority = '100'
+    Direction = 'Outbound'
+}
+$rule2 = New-AzNetworkSecurityRuleConfig @nsgrule2
+
+## Create network security group ##
+$nsg = @{
+    Name = 'myNSG'
+    ResourceGroupName = 'TutorGwLB-rg'
+    Location = 'eastus'
+    SecurityRules = $rule1,$rule2
+}
+New-AzNetworkSecurityGroup @nsg
+```
+
 ---
 
-# Create and configure a gateway load balancer
+## Create and configure a gateway load balancer
 In this section, you create a gateway load balancer and configure it with a backend pool and frontend IP configuration. The backend pool is associated with the existing load balancer created in the prerequisites.
 
 # [Azure portal](#tab/azureportal)
@@ -268,6 +381,96 @@ Traffic destined for the backend instances is routed with a load-balancing rule.
 
 # [Azure PowerShell](#tab/azurepowershell/)
 
+## Create Gateway Load Balancer
+
+In this section, you'll create the configuration and deploy the gateway load balancer. Use [New-AzLoadBalancerFrontendIpConfig](/powershell/module/az.network/new-azloadbalancerfrontendipconfig) to create the frontend IP configuration of the load balancer. 
+
+You'll use [New-AzLoadBalancerTunnelInterface](/powershell/module/az.network/new-azloadbalancerfrontendipconfig) to create two tunnel interfaces for the load balancer. 
+
+Create a backend pool with [New-AzLoadBalancerBackendAddressPoolConfig](/powershell/module/az.network/new-azloadbalancerbackendaddresspoolconfig) for the NVAs. 
+
+A health probe is required to monitor the health of the backend instances in the load balancer. Use [New-AzLoadBalancerProbeConfig](/powershell/module/az.network/new-azloadbalancerprobeconfig) to create the health probe.
+
+Traffic destined for the backend instances is routed with a load-balancing rule. Use [New-AzLoadBalancerRuleConfig](/powershell/module/az.network/new-azloadbalancerruleconfig)  to create the load-balancing rule.
+
+To create the deploy the load balancer, use [New-AzLoadBalancer](/powershell/module/az.network/new-azloadbalancer).
+
+```azurepowershell-interactive
+## Place virtual network configuration in a variable for later use. ##
+$net = @{
+    Name = 'myVNet'
+    ResourceGroupName = 'TutorGwLB-rg'
+}
+$vnet = Get-AzVirtualNetwork @net
+
+## Create load balancer frontend configuration and place in variable. ## 
+$fe = @{
+    Name = 'myFrontend'
+    SubnetId = $vnet.subnets[0].id
+}
+$feip = New-AzLoadBalancerFrontendIpConfig @fe
+
+## Create backend address pool configuration and place in variable. ## 
+$int1 = @{
+    Type = 'Internal'
+    Protocol = 'Vxlan'
+    Identifier = '800'
+    Port = '10800'
+}
+$tunnelInterface1 = New-AzLoadBalancerBackendAddressPoolTunnelInterfaceConfig @int1
+
+$int2 = @{
+    Type = 'External'
+    Protocol = 'Vxlan'
+    Identifier = '801'
+    Port = '10801'
+}
+$tunnelInterface2 = New-AzLoadBalancerBackendAddressPoolTunnelInterfaceConfig @int2
+
+$pool = @{
+    Name = 'myBackendPool'
+    TunnelInterface = $tunnelInterface1,$tunnelInterface2
+}
+$bepool = New-AzLoadBalancerBackendAddressPoolConfig @pool
+
+## Create the health probe and place in variable. ## 
+$probe = @{
+    Name = 'myHealthProbe'
+    Protocol = 'http'
+    Port = '80'
+    IntervalInSeconds = '360'
+    ProbeCount = '5'
+    RequestPath = '/'
+}
+$healthprobe = New-AzLoadBalancerProbeConfig @probe
+
+## Create the load balancer rule and place in variable. ## 
+$para = @{
+    Name = 'myLBRule'
+    Protocol = 'All'
+    FrontendPort = '0'
+    BackendPort = '0'
+    FrontendIpConfiguration = $feip
+    BackendAddressPool = $bepool
+    Probe = $healthprobe
+}
+$rule = New-AzLoadBalancerRuleConfig @para
+
+## Create the load balancer resource. ## 
+$lb = @{
+    ResourceGroupName = 'TutorGwLB-rg'
+    Name = 'myLoadBalancer-gw'
+    Location = 'eastus'
+    Sku = 'Gateway'
+    LoadBalancingRule = $rule
+    FrontendIpConfiguration = $feip
+    BackendAddressPool = $bepool
+    Probe = $healthprobe
+}
+New-AzLoadBalancer @lb
+
+```
+
 ---
 
 ## Add network virtual appliances to the Gateway Load Balancer backend pool
@@ -282,6 +485,47 @@ Deploy NVAs through the Azure Marketplace. Once deployed, add the virtual machin
 
 # [Azure PowerShell](#tab/azurepowershell/)
 
+In this example, you'll chain the frontend of a standard load balancer to the gateway load balancer. 
+
+You'll add the frontend to the frontend IP of an existing load balancer in your subscription.
+
+Use [Set-AzLoadBalancerFrontendIpConfig](/powershell/module/az.network/set-azloadbalancerfrontendipconfig) to chain the gateway load balancer frontend to your existing load balancer.
+
+```azurepowershell-interactive
+## Place the gateway load balancer configuration into a variable. ##
+$par1 = @{
+    ResourceGroupName = 'TutorGwLB-rg'
+    Name = 'myLoadBalancer-gw'
+}
+$gwlb = Get-AzLoadBalancer @par1
+
+## Place the existing load balancer into a variable. ##
+$par2 = @{
+    ResourceGroupName = 'CreatePubLBQS-rg'
+    Name = 'myLoadBalancer'
+}
+$lb = Get-AzLoadBalancer @par2
+
+## Place the existing public IP for the existing load balancer into a variable.
+$par3 = @{
+    ResourceGroupName = 'CreatePubLBQS-rg'
+    Name = 'myPublicIP'
+}
+$publicIP = Get-AzPublicIPAddress @par3
+
+## Chain the gateway load balancer to your existing load balancer frontend. ##
+$par4 = @{
+    Name = 'myFrontEndIP'
+    PublicIPAddress = $publicIP
+    LoadBalancer = $lb
+    GatewayLoadBalancerId = $gwlb.FrontendIpConfigurations.Id
+}
+$config = Set-AzLoadBalancerFrontendIpConfig @par4
+
+$config | Set-AzLoadBalancer
+
+```
+
 ---
 
 ## Chain load balancer frontend to Gateway Load Balancer
@@ -337,6 +581,47 @@ Use [az network lb frontend-ip update](/cli/azure/network/lb/frontend-ip#az-netw
 
 # [Azure PowerShell](#tab/azurepowershell/)
 
+In this example, you'll chain the frontend of a standard load balancer to the gateway load balancer. 
+
+You'll add the frontend to the frontend IP of an existing load balancer in your subscription.
+
+Use [Set-AzLoadBalancerFrontendIpConfig](/powershell/module/az.network/set-azloadbalancerfrontendipconfig) to chain the gateway load balancer frontend to your existing load balancer.
+
+```azurepowershell-interactive
+## Place the gateway load balancer configuration into a variable. ##
+$par1 = @{
+    ResourceGroupName = 'TutorGwLB-rg'
+    Name = 'myLoadBalancer-gw'
+}
+$gwlb = Get-AzLoadBalancer @par1
+
+## Place the existing load balancer into a variable. ##
+$par2 = @{
+    ResourceGroupName = 'CreatePubLBQS-rg'
+    Name = 'myLoadBalancer'
+}
+$lb = Get-AzLoadBalancer @par2
+
+## Place the existing public IP for the existing load balancer into a variable.
+$par3 = @{
+    ResourceGroupName = 'CreatePubLBQS-rg'
+    Name = 'myPublicIP'
+}
+$publicIP = Get-AzPublicIPAddress @par3
+
+## Chain the gateway load balancer to your existing load balancer frontend. ##
+$par4 = @{
+    Name = 'myFrontEndIP'
+    PublicIPAddress = $publicIP
+    LoadBalancer = $lb
+    GatewayLoadBalancerId = $gwlb.FrontendIpConfigurations.Id
+}
+$config = Set-AzLoadBalancerFrontendIpConfig @par4
+
+$config | Set-AzLoadBalancer
+
+```
+
 ---
 
 ## Chain virtual machine to Gateway Load Balancer
@@ -396,6 +681,39 @@ Use [az network lb frontend-ip update](/cli/azure/network/nic/ip-config#az-netwo
 
 # [Azure PowerShell](#tab/azurepowershell/)
 
+Alternatively, you can chain a VM's NIC IP configuration to the gateway load balancer. 
+
+You'll add the gateway load balancer's frontend to an existing VM's NIC IP configuration.
+
+Use [Set-AzNetworkInterfaceIpConfig](/powershell/module/az.network/set-aznetworkinterfaceipconfig) to chain the gateway load balancer frontend to your existing VM's NIC IP configuration.
+
+```azurepowershell-interactive
+ ## Place the gateway load balancer configuration into a variable. ##
+$par1 = @{
+    ResourceGroupName = 'TutorGwLB-rg'
+    Name = 'myLoadBalancer-gw'
+}
+$gwlb = Get-AzLoadBalancer @par1
+
+## Place the existing NIC into a variable. ##
+$par2 = @{
+    ResourceGroupName = 'MyResourceGroup'
+    Name = 'myNic'
+}
+$nic = Get-AzNetworkInterface @par2
+
+## Chain the gateway load balancer to your existing VM NIC. ##
+$par3 = @{
+    Name = 'myIPconfig'
+    NetworkInterface = $nic
+    GatewayLoadBalancerId = $gwlb.FrontendIpConfigurations.Id
+}
+$config = Set-AzNetworkInterfaceIpConfig @par3
+
+$config | Set-AzNetworkInterface
+
+```
+
 ---
 
 ## Clean up resources
@@ -417,6 +735,12 @@ When no longer needed, you can use the [az group delete](/cli/azure/group#az-gro
 
 # [Azure PowerShell](#tab/azurepowershell/)
 
+When no longer needed, you can use the [Remove-AzResourceGroup](/powershell/module/az.resources/remove-azresourcegroup) command to remove the resource group, load balancer, and the remaining resources.
+
+```azurepowershell-interactive
+Remove-AzResourceGroup -Name 'TutorGwLB-rg'
+```
+
 ---
 
 ## Next steps
@@ -435,4 +759,4 @@ When creating the NVAs, choose the resources created in this tutorial:
 
 Advance to the next article to learn how to create a cross-region Azure Load Balancer.
 > [!div class="nextstepaction"]
-> [Cross-region load balancer](tutorial-cross-region-portal.md)
+> [Global load balancer](tutorial-cross-region-portal.md)
