You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
description: With this learning path, get started with an overview of multiple frontends on Azure Load Balancer
3
+
description: This article describes the fundamentals of load balancing across multiple IP addresses using the same port and protocol using multiple frontends on Azure Load Balancer
4
4
services: load-balancer
5
5
documentationcenter: na
6
6
author: mbender-ms
@@ -9,17 +9,17 @@ ms.custom: seodec18
9
9
ms.topic: article
10
10
ms.tgt_pltfrm: na
11
11
ms.workload: infrastructure-services
12
-
ms.date: 01/26/2022
12
+
ms.date: 09/19/2022
13
13
ms.author: mbender
14
14
---
15
15
16
16
# Multiple frontends for Azure Load Balancer
17
17
18
-
Azure Load Balancer allows you to load balance services on multiple ports, multiple IP addresses, or both. You can use public and internal load balancer definitions to load balance flows across a set of VMs.
18
+
Azure Load Balancer allows you to load balance services on multiple ports, multiple IP addresses, or both. You can use a public or internal load balancer to load balance traffic across a set of services like virtual machine scale sets or virtual machines (VMs).
19
19
20
-
This article describes the fundamentals of this ability, important concepts, and constraints. If you only intend to expose services on one IP address, you can find simplified instructions for [public](./quickstart-load-balancer-standard-public-portal.md) or [internal](./quickstart-load-balancer-standard-internal-portal.md) load balancer configurations. Adding multiple frontends is incremental to a single frontend configuration. Using the concepts in this article, you can expand a simplified configuration at any time.
20
+
This article describes the fundamentals of load balancing across multiple IP addresses using the same port and protocol. If you only intend to expose services on one IP address, you can find simplified instructions for [public](./quickstart-load-balancer-standard-public-portal.md) or [internal](./quickstart-load-balancer-standard-internal-portal.md) load balancer configurations. Adding multiple frontends is incremental to a single frontend configuration. Using the concepts in this article, you can expand a simplified configuration at any time.
21
21
22
-
When you define an Azure Load Balancer, a frontend and a backend pool configuration are connected with rules. The health probe referenced by the rule is used to determine how new flows are sent to a node in the backend pool. The frontend (also known as VIP) is defined by a 3-tuple comprised of an IP address (public or internal), a transport protocol (UDP or TCP), and a port number from the load balancing rule. The backend pool is a collection of Virtual Machine IP configurations (part of the NIC resource) which reference the Load Balancer backend pool.
22
+
When you define an Azure Load Balancer, a frontend and a backend pool configuration are connected with a load balancing rule. The health probe referenced by the load balancing rule is used to determine the health of a VM on a certain port and protocol. Based on the health probe results, new flows are sent to VMs in the backend pool. The frontend is defined by a three-tuple comprised of an IP address (public or internal), a transport protocol (UDP or TCP), and a port number from the load balancing rule. The backend pool is a collection of Virtual Machine IP configurations (part of the NIC resource) which reference the Load Balancer backend pool.
23
23
24
24
The following table contains some example frontend configurations:
25
25
@@ -30,20 +30,17 @@ The following table contains some example frontend configurations:
30
30
| 3 |65.52.0.1 |*UDP*|80 |
31
31
| 4 |*65.52.0.2*|TCP |80 |
32
32
33
-
The table shows four different frontends. Frontends #1, #2 and #3are a single frontend with multiple rules. The same IP address is used but the port or protocol is different for each frontend. Frontends #1 and #4 are an example of multiple frontends, where the same frontend protocol and port are reused across multiple frontends.
33
+
The table shows four different frontend configurations. Frontends #1, #2 and #3use the same IP address but the port or protocol is different for each frontend. Frontends #1 and #4 are an example of multiple frontends, where the same frontend protocol and port are reused across multiple frontend IPs.
34
34
35
-
Azure Load Balancer provides flexibility in defining the load balancing rules. A rule declares how an address and port on the frontend is mapped to the destination address and port on the backend. Whether or not backend ports are reused across rules depends on the type of the rule. Each type of rule has specific requirements that can affect host configuration and probe design. There are two types of rules:
35
+
Azure Load Balancer provides flexibility in defining the load balancing rules. A load balancing rule declares how an address and port on the frontend is mapped to the destination address and port on the backend. Whether or not backend ports are reused across rules depends on the type of the rule. Each type of rule has specific requirements that can affect host configuration and probe design. There are two types of rules:
36
36
37
-
1. The default rule with no backend port reuse
38
-
2. The Floating IP rule where backend ports are reused
37
+
1. The default rule with no backend port reuse.
38
+
2. The Floating IP rule where backend ports are reused.
39
39
40
-
Azure Load Balancer allows you to mix both rule types on the same load balancer configuration. The load balancer can use them simultaneously for a given VM, or any combination, as long as you abide by the constraints of the rule. Which rule type you choose depends on the requirements of your application and the complexity of supporting that configuration. You should evaluate which rule types are best for your scenario.
41
-
42
-
We explore these scenarios further by starting with the default behavior.
40
+
Azure Load Balancer allows you to mix both rule types on the same load balancer configuration. The load balancer can use them simultaneously for a given VM, or any combination, if you abide by the constraints of the rule. The rule type you choose depends on the requirements of your application and the complexity of supporting that configuration. You should evaluate which rule types are best for your scenario. We'll explore these scenarios further by starting with the default behavior.
43
41
44
42
## Rule type #1: No backend port reuse
45
-
46
-
43
+
:::image type="content" source="media/load-balancer-multivip-overview/load-balancer-multivip.png" alt-text="Diagram of Load Balancer traffice with no backend port reuse.":::
47
44
48
45
In this scenario, the frontends are configured as follows:
49
46
@@ -52,45 +49,43 @@ In this scenario, the frontends are configured as follows:
The DIP is the destination of the inbound flow. In the backend pool, each VM exposes the desired service on a unique port on a DIP. This service is associated with the frontend through a rule definition.
52
+
The backend instance IP (BIP) is the IP address of the backend service in the backend pool, each VM exposes the desired service on a unique port on the backend instance IP. This service is associated with the frontend IP (FIP) through a rule definition.
Each rule must produce a flow with a unique combination of destination IP address and destination port. By varying the destination port of the flow, multiple rules can deliver flows to the same DIP on different ports.
68
+
Each rule must produce a flow with a unique combination of destination IP address and destination port. Multiple load balancing rules can deliver flows to the same backend instance IP on different ports by varying the destination port of the flow.
72
69
73
-
Health probes are always directed to the DIP of a VM. You must ensure that your probe reflects the health of the VM.
70
+
Health probes are always directed to the backend instance IP of a VM. You must ensure that your probe reflects the health of the VM.
74
71
75
72
## Rule type #2: backend port reuse by using Floating IP
76
73
77
-
Azure Load Balancer provides the flexibility to reuse the frontend port across multiple frontends regardless of the rule type used. Additionally, some application scenarios prefer or require the same port to be used by multiple application instances on a single VM in the backend pool. Common examples of port reuse include clustering for high availability, network virtual appliances, and exposing multiple TLS endpoints without re-encryption.
74
+
Azure Load Balancer provides the flexibility to reuse the frontend port across multiple frontends configurations. Additionally, some application scenarios prefer or require the same port to be used by multiple application instances on a single VM in the backend pool. Common examples of port reuse include clustering for high availability, network virtual appliances, and exposing multiple TLS endpoints without re-encryption.
78
75
79
-
If you want to reuse the backend port across multiple rules, you must enable Floating IP in the rule definition.
76
+
If you want to reuse the backend port across multiple rules, you must enable Floating IP in the load balancing rule definition.
80
77
81
-
"Floating IP" is Azure's terminology for a portion of what is known as Direct Server Return (DSR). DSR consists of two parts: a flow topology and an IP address mapping scheme. At a platform level, Azure Load Balancer always operates in a DSR flow topology regardless of whether Floating IP is enabled or not. This means that the outbound part of a flow is always correctly rewritten to flow directly back to the origin.
78
+
*Floating IP* is Azure's terminology for a portion of what is known as Direct Server Return (DSR). DSR consists of two parts: a flow topology and an IP address mapping scheme. At a platform level, Azure Load Balancer always operates in a DSR flow topology regardless of whether Floating IP is enabled or not. This means that the outbound part of a flow is always correctly rewritten to flow directly back to the origin.
82
79
83
-
With the default rule type, Azure exposes a traditional load balancing IP address mapping scheme for ease of use. Enabling Floating IP changes the IP address mapping scheme to allow for additional flexibility as explained below.
80
+
With the default rule type, Azure exposes a traditional load balancing IP address mapping scheme for ease of use. Enabling Floating IP changes the IP address mapping scheme to allow for more flexibility as explained below.
84
81
85
-
The following diagram illustrates this configuration:
86
-
87
-
82
+
:::image type="content" source="media/load-balancer-multivip-overview/load-balancer-multivip-dsr.png" alt-text="Diagram of load balancer traffic for multiple frontend IPs with floating IP.":::
88
83
89
84
For this scenario, every VM in the backend pool has three network interfaces:
90
85
91
-
*DIP: a Virtual NIC associated with the VM (IP configuration of Azure's NIC resource)
92
-
* Frontend 1: a loopback interface within guest OS that is configured with IP address of Frontend 1
93
-
* Frontend 2: a loopback interface within guest OS that is configured with IP address of Frontend 2
86
+
*Backend IP: a Virtual NIC associated with the VM (IP configuration of Azure's NIC resource).
87
+
* Frontend 1 (FIP1): a loopback interface within guest OS that is configured with IP address of FIP1.
88
+
* Frontend 2 (FIP2): a loopback interface within guest OS that is configured with IP address of FIP2.
94
89
95
90
Let's assume the same frontend configuration as in the previous scenario:
96
91
@@ -99,12 +94,12 @@ Let's assume the same frontend configuration as in the previous scenario:
| 1 |Frontend1:80 |Frontend1:80 (in VM1 and VM2) |
107
-
| 2 |Frontend2:80 |Frontend2:80 (in VM1 and VM2) |
101
+
| 1 |FIP1:80 |FIP1:80 (in VM1 and VM2) |
102
+
| 2 |FIP2:80 |FIP2:80 (in VM1 and VM2) |
108
103
109
104
The following table shows the complete mapping in the load balancer:
110
105
@@ -113,23 +108,23 @@ The following table shows the complete mapping in the load balancer:
113
108
| 1 |65.52.0.1 |TCP |80 |same as frontend (65.52.0.1) |same as frontend (80) |
114
109
| 2 |65.52.0.2 |TCP |80 |same as frontend (65.52.0.2) |same as frontend (80) |
115
110
116
-
The destination of the inbound flow is the frontend IP address on the loopback interface in the VM. Each rule must produce a flow with a unique combination of destination IP address and destination port. By varying the destination IP address of the flow, port reuse is possible on the same VM. Your service is exposed to the load balancer by binding it to the frontend’s IP address and port of the respective loopback interface.
111
+
The destination of the inbound flow is now the frontend IP address on the loopback interface in the VM. Each rule must produce a flow with a unique combination of destination IP address and destination port. Port reuse is possible on the same VM by varying the destination IP address to the frontend IP address of the flow. Your service is exposed to the load balancer by binding it to the frontend’s IP address and port of the respective loopback interface.
117
112
118
-
Notice that this example does not change the destination port. Even though this is a Floating IP scenario, Azure Load Balancer also supports defining a rule to rewrite the backend destination port and to make it different from the frontend destination port.
113
+
You'll notice the destination port doesn't change in the example. In floating IP scenarios, Azure Load Balancer also supports defining a load balancing rule to change the backend destination port and to make it different from the frontend destination port.
119
114
120
-
The Floating IP rule type is the foundation of several load balancer configuration patterns. One example that is currently available is the [Configure one or more Always On availability group listeners](/azure/azure-sql/virtual-machines/windows/availability-group-listener-powershell-configure) configuration. Over time, we will document more of these scenarios.
115
+
The Floating IP rule type is the foundation of several load balancer configuration patterns. One example that is currently available is the [Configure one or more Always On availability group listeners](/azure/azure-sql/virtual-machines/windows/availability-group-listener-powershell-configure) configuration. Over time, we'll document more of these scenarios.
121
116
122
117
> [!NOTE]
123
118
> For more detailed information on the specific Guest OS configurations required to enable Floating IP, please refer to [Azure Load Balancer Floating IP configuration](load-balancer-floating-ip.md).
124
119
125
120
## Limitations
126
121
127
122
* Multiple frontend configurations are only supported with IaaS VMs and virtual machine scale sets.
128
-
* With the Floating IP rule, your application must use the primary IP configuration for outbound SNAT flows. If your application binds to the frontend IP address configured on the loopback interface in the guest OS, Azure's outbound SNAT is not available to rewrite the outbound flow and the flow fails. Review [outbound scenarios](load-balancer-outbound-connections.md).
129
-
* Floating IP is not currently supported on secondary IP configurations.
123
+
* With the Floating IP rule, your application must use the primary IP configuration for outbound SNAT flows. If your application binds to the frontend IP address configured on the loopback interface in the guest OS, Azure's outbound SNAT won't rewrite the outbound flow, and the flow fails. Review [outbound scenarios](load-balancer-outbound-connections.md).
124
+
* Floating IP isn't currently supported on secondary IP configurations.
130
125
* Public IP addresses have an effect on billing. For more information, see [IP Address pricing](https://azure.microsoft.com/pricing/details/ip-addresses/)
131
126
* Subscription limits apply. For more information, see [Service limits](../azure-resource-manager/management/azure-subscription-service-limits.md#networking-limits) for details.
132
127
133
128
## Next steps
134
129
135
-
- Review [Outbound connections](load-balancer-outbound-connections.md) to understand the impact of multiple frontends on outbound connection behavior.
130
+
- Review [Outbound connections](load-balancer-outbound-connections.md) to understand the effect of multiple frontends on outbound connection behavior.
0 commit comments