You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/virtual-machine-scale-sets/virtual-machine-scale-sets-networking.md
+8Lines changed: 8 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -66,6 +66,14 @@ az vmss create \
66
66
>[!NOTE]
67
67
> After the scale set has been created, the backend port cannot be modified for a load balancing rule used by a health probe of the load balancer. To change the port, you can remove the health probe by updating the Azure virtual machine scale set, update the port and then configure the health probe again.
68
68
69
+
For more information on load balancer and virtual machine scale sets, see [Virtual networks and virtual machines in Azure](../../articles/virtual-machines/windows/network-overview.md).
70
+
71
+
The following methods can be used to deploy a virtual machine scale set with an existing Azure load balancer.
72
+
73
+
*[Configure a virtual machine scale set with an existing Azure Load Balancer using the Azure portal](../../articles/load-balancer/configure-vm-scale-set-portal.md).
74
+
*[Configure a virtual machine scale set with an existing Azure Load Balancer using Azure PowerShell](../../articles/load-balancer/configure-vm-scale-set-powershell.md).
75
+
*[Configure a virtual machine scale set with an existing Azure Load Balancer using the Azure CLI](../../articles/load-balancer/configure-vm-scale-set-cli.md).
76
+
69
77
## Create a scale set that references an Application Gateway
70
78
To create a scale set that uses an application gateway, reference the backend address pool of the application gateway in the ipConfigurations section of your scale set as in this ARM template config:
Copy file name to clipboardExpand all lines: includes/virtual-machines-common-network-overview.md
+30-8Lines changed: 30 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -33,7 +33,7 @@ A [network interface (NIC)](../articles/virtual-network/virtual-network-network-
33
33
34
34
You can create a VM with multiple NICs, and add or remove NICs through the lifecycle of a VM. Multiple NICs allow a VM to connect to different subnets and send or receive traffic over the most appropriate interface. VMs with any number of network interfaces can exist in the same availability set, up to the number supported by the VM size.
35
35
36
-
Each NIC attached to a VM must exist in the same location and subscription as the VM. Each NIC must be connected to a VNet that exists in the same Azure location and subscription as the NIC. You can change the subnet a VM is connected to after it's created, but you cannot change the VNet. Each NIC attached to a VM is assigned a MAC address that doesn’t change until the VM is deleted.
36
+
Each NIC attached to a VM must exist in the same location and subscription as the VM. Each NIC must be connected to a VNet that exists in the same Azure location and subscription as the NIC. You can change the subnet a VM is connected to after it's created, but you cannot change the VNet. Each NIC attached to a VM is assigned a MAC address that doesn't change until the VM is deleted.
37
37
38
38
This table lists the methods that you can use to create a network interface.
39
39
@@ -56,7 +56,7 @@ You can assign public IP addresses to VMs or internet-facing load balancers. You
56
56
There are two methods in which an IP address is allocated to a resource - dynamic or static. The default allocation method is dynamic, where an IP address is not allocated when it's created. Instead, the IP address is allocated when you create a VM or start a stopped VM. The IP address is released when you stop or delete the VM.
57
57
58
58
To ensure the IP address for the VM remains the same, you can set the allocation method explicitly to static. In this case, an IP address is assigned immediately. It is released only when you delete the VM or change its allocation method to dynamic.
59
-
59
+
60
60
This table lists the methods that you can use to create an IP address.
61
61
62
62
| Method | Description |
@@ -74,11 +74,11 @@ A subnet is a range of IP addresses in the VNet. You can divide a VNet into mult
74
74
75
75
When you set up a VNet, you specify the topology, including the available address spaces and subnets. If the VNet is to be connected to other VNets or on-premises networks, you must select address ranges that don't overlap. The IP addresses are private and can't be accessed from the Internet, which was true only for the non-routable IP addresses such as 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16. Now, Azure treats any address range as part of the private VNet IP address space that is only reachable within the VNet, within interconnected VNets, and from your on-premises location.
76
76
77
-
If you work within an organization in which someone else is responsible for the internal networks, you should talk to that person before selecting your address space. Make sure there is no overlap and let them know the space you want to use so they don’t try to use the same range of IP addresses.
77
+
If you work within an organization in which someone else is responsible for the internal networks, you should talk to that person before selecting your address space. Make sure there is no overlap and let them know the space you want to use so they don't try to use the same range of IP addresses.
78
78
79
79
By default, there is no security boundary between subnets, so VMs in each of these subnets can talk to one another. However, you can set up Network Security Groups (NSGs), which allow you to control the traffic flow to and from subnets and to and from VMs.
80
80
81
-
This table lists the methods that you can use to create a VNet and subnets.
81
+
This table lists the methods that you can use to create a VNet and subnets.
82
82
83
83
| Method | Description |
84
84
| ------ | ----------- |
@@ -116,11 +116,12 @@ The load balancer maps incoming and outgoing traffic between the public IP addre
116
116
117
117
When you create a load balancer, you must also consider these configuration elements:
118
118
119
-
-**Front-end IP configuration** – A load balancer can include one or more front-end IP addresses, otherwise known as virtual IPs (VIPs). These IP addresses serve as ingress for the traffic.
119
+
-**Front-end IP configuration** – A load balancer can include one or more front-end IP addresses. These IP addresses serve as ingress for the traffic.
120
120
-**Back-end address pool** – IP addresses that are associated with the NIC to which load is distributed.
121
-
-**NAT rules** - Defines how inbound traffic flows through the front-end IP and distributed to the back-end IP.
121
+
-**[Port Forwarding](../articles/load-balancer/tutorial-load-balancer-port-forwarding-portal.md)** - Defines how inbound traffic flows through the front-end IP and distributed to the back-end IP utilizing inbound NAT rules.
122
122
-**Load balancer rules** - Maps a given front-end IP and port combination to a set of back-end IP addresses and port combination. A single load balancer can have multiple load balancing rules. Each rule is a combination of a front-end IP and port and back-end IP and port associated with VMs.
123
123
-**[Probes](../articles/load-balancer/load-balancer-custom-probe-overview.md)** - Monitors the health of VMs. When a probe fails to respond, the load balancer stops sending new connections to the unhealthy VM. The existing connections are not affected, and new connections are sent to healthy VMs.
124
+
-**[Outbound rules](../articles/load-balancer/load-balancer-outbound-rules-overview.md)** - An outbound rule configures outbound Network Address Translation (NAT) for all virtual machines or instances identified by the backend pool of your Standard Load Balancer to be translated to the frontend.
124
125
125
126
This table lists the methods that you can use to create an internet-facing load balancer.
126
127
@@ -130,16 +131,37 @@ This table lists the methods that you can use to create an internet-facing load
130
131
| [Azure PowerShell](/azure/load-balancer/load-balancer-get-started-ilb-arm-ps) | To provide the identifier of the public IP address that you previously created, use [New-AzLoadBalancerFrontendIpConfig](https://docs.microsoft.com/powershell/module/az.network/new-azloadbalancerfrontendipconfig) with the **-PublicIpAddress** parameter. Use [New-AzLoadBalancerBackendAddressPoolConfig](https://docs.microsoft.com/powershell/module/az.network/new-azloadbalancerbackendaddresspoolconfig) to create the configuration of the back-end address pool. Use [New-AzLoadBalancerInboundNatRuleConfig](https://docs.microsoft.com/powershell/module/az.network/new-azloadbalancerinboundnatruleconfig) to create inbound NAT rules associated with the front-end IP configuration that you created. Use [New-AzLoadBalancerProbeConfig](https://docs.microsoft.com/powershell/module/az.network/new-azloadbalancerprobeconfig) to create the probes that you need. Use [New-AzLoadBalancerRuleConfig](https://docs.microsoft.com/powershell/module/az.network/new-azloadbalancerruleconfig) to create the load balancer configuration. Use [New-AzLoadBalancer](https://docs.microsoft.com/powershell/module/az.network/new-azloadbalancer) to create the load balancer.|
131
132
|[Azure CLI](../articles/load-balancer/load-balancer-get-started-internet-arm-cli.md)| Use [az network lb create](https://docs.microsoft.com/cli/azure/network/lb) to create the initial load balancer configuration. Use [az network lb frontend-ip create](https://docs.microsoft.com/cli/azure/network/lb/frontend-ip) to add the public IP address that you previously created. Use [az network lb address-pool create](https://docs.microsoft.com/cli/azure/network/lb/address-pool) to add the configuration of the back-end address pool. Use [az network lb inbound-nat-rule create](https://docs.microsoft.com/cli/azure/network/lb/inbound-nat-rule) to add NAT rules. Use [az network lb rule create](https://docs.microsoft.com/cli/azure/network/lb/rule) to add the load balancer rules. Use [az network lb probe create](https://docs.microsoft.com/cli/azure/network/lb/probe) to add the probes. |
132
133
|[Template](../articles/load-balancer/quickstart-load-balancer-standard-public-template.md)| Use [2 VMs in a Load Balancer and configure NAT rules on the LB](https://github.com/Azure/azure-quickstart-templates/tree/master/101-load-balancer-standard-create) as a guide for deploying a load balancer using a template. |
133
-
134
+
134
135
This table lists the methods that you can use to create an internal load balancer.
135
136
136
137
| Method | Description |
137
138
| ------ | ----------- |
138
-
| Azure portal | You can [balance internal traffic load with a Basic load balancer in the Azure portal](../articles/load-balancer/tutorial-load-balancer-basic-internal-portal.md). |
139
+
| Azure portal | You can [balance internal traffic load with a load balancer in the Azure portal](../articles/load-balancer/tutorial-load-balancer-standard-internal-portal.md). |
139
140
| [Azure PowerShell](../articles/load-balancer/load-balancer-get-started-ilb-arm-ps.md) | To provide a private IP address in the network subnet, use [New-AzLoadBalancerFrontendIpConfig](https://docs.microsoft.com/powershell/module/az.network/new-azloadbalancerfrontendipconfig) with the **-PrivateIpAddress** parameter. Use [New-AzLoadBalancerBackendAddressPoolConfig](https://docs.microsoft.com/powershell/module/az.network/new-azloadbalancerbackendaddresspoolconfig) to create the configuration of the back-end address pool. Use [New-AzLoadBalancerInboundNatRuleConfig](https://docs.microsoft.com/powershell/module/az.network/new-azloadbalancerinboundnatruleconfig) to create inbound NAT rules associated with the front-end IP configuration that you created. Use [New-AzLoadBalancerProbeConfig](https://docs.microsoft.com/powershell/module/az.network/new-azloadbalancerprobeconfig) to create the probes that you need. Use [New-AzLoadBalancerRuleConfig](https://docs.microsoft.com/powershell/module/az.network/new-azloadbalancerruleconfig) to create the load balancer configuration. Use [New-AzLoadBalancer](https://docs.microsoft.com/powershell/module/az.network/new-azloadbalancer) to create the load balancer.|
140
141
|[Azure CLI](../articles/load-balancer/load-balancer-get-started-ilb-arm-cli.md)| Use the [az network lb create](https://docs.microsoft.com/cli/azure/network/lb) command to create the initial load balancer configuration. To define the private IP address, use [az network lb frontend-ip create](https://docs.microsoft.com/cli/azure/network/lb/frontend-ip) with the **--private-ip-address** parameter. Use [az network lb address-pool create](https://docs.microsoft.com/cli/azure/network/lb/address-pool) to add the configuration of the back-end address pool. Use [az network lb inbound-nat-rule create](https://docs.microsoft.com/cli/azure/network/lb/inbound-nat-rule) to add NAT rules. Use [az network lb rule create](https://docs.microsoft.com/cli/azure/network/lb/rule) to add the load balancer rules. Use [az network lb probe create](https://docs.microsoft.com/cli/azure/network/lb/probe) to add the probes.|
141
142
|[Template](../articles/load-balancer/load-balancer-get-started-ilb-arm-template.md)| Use [2 VMs in a Load Balancer and configure NAT rules on the LB](https://github.com/Azure/azure-quickstart-templates/tree/master/201-2-vms-internal-load-balancer) as a guide for deploying a load balancer using a template. |
142
143
144
+
### Virtual machine scale sets
145
+
146
+
When working with virtual machine scale sets and load balancer, the following should be considered:
147
+
148
+
***Multiple virtual machine scale sets can't use the same load balancer**.
149
+
***Port Forwarding and inbound NAT rules**:
150
+
* Each virtual machine scale set must have an inbound NAT rule.
151
+
* When using the virtual machine scale set in the backend pool of the load balancer the default inbound NAT rules get created automatically, this is by design.
152
+
***Load balancing rules**:
153
+
* When using the virtual machine scale set in the backend pool of the load balancer the default load balancing rule gets created automatically, this is by design.
154
+
***Outbound rules**:
155
+
* To create outbound rule for a backend pool which is already referenced by a load balancing rule, you need to first mark **"Create implicit outbound rules"** as **No** in the portal when the inbound load balancing rule is created.
The following methods can be used to deploy a virtual machine scale set with an existing Azure load balancer.
160
+
161
+
*[Configure a virtual machine scale set with an existing Azure Load Balancer using the Azure portal](../articles/load-balancer/configure-vm-scale-set-portal.md).
162
+
*[Configure a virtual machine scale set with an existing Azure Load Balancer using Azure PowerShell](../articles/load-balancer/configure-vm-scale-set-powershell.md).
163
+
*[Configure a virtual machine scale set with an existing Azure Load Balancer using the Azure CLI](../articles/load-balancer/configure-vm-scale-set-cli.md).
164
+
143
165
## VMs
144
166
145
167
VMs can be created in the same VNet and they can connect to each other using private IP addresses. They can connect even if they are in different subnets without the need to configure a gateway or use public IP addresses. To put VMs into a VNet, you create the VNet and then as you create each VM, you assign it to the VNet and subnet. VMs acquire their network settings during deployment or startup.
0 commit comments