Azure Load Balancer - Advanced Networking Documentation

Introduction to Advanced Load Balancer Features

Azure Load Balancer is a Layer 4 (TCP/UDP) load balancer that enables you to distribute network traffic to applications hosted on virtual machines. While basic load balancing is straightforward, Azure Load Balancer offers a rich set of advanced features to enhance performance, availability, and security.

This documentation delves into complex configurations, best practices, and advanced scenarios for utilizing Azure Load Balancer effectively within your Azure networking infrastructure.

1. Custom Health Probes

Health probes are essential for the load balancer to determine the health of backend instances. Beyond default probes, you can configure custom probes to match your application's specific health check endpoints and protocols.

Configuring Custom TCP/HTTP/HTTPS Probes

You can define probes that:

TCP Probes: Check if a TCP connection can be established to a specified port.
HTTP/HTTPS Probes: Send an HTTP GET request to a specified path and expect a 200 OK response.

Key parameters include:

Protocol: TCP, HTTP, or HTTPS.
Port: The port on which to probe.
Path (for HTTP/HTTPS): The URL path to probe.
Interval in seconds: How frequently to probe.
Number of probes: The number of consecutive probe failures before an instance is considered unhealthy.

Tip: Use HTTP/HTTPS probes with a specific path (e.g., /health) that your application exposes for detailed health status.

2. Session Persistence (Sticky Sessions)

Session persistence ensures that all requests from a client are sent to the same backend instance. This is crucial for applications that maintain client session state on individual servers.

Configuring Client IP Affinity

Azure Load Balancer supports two types of session persistence:

None: No session persistence is enabled. Each request is distributed independently.
ClientIP: Requests from the same client IP address are directed to the same backend instance.
ClientIPandProtocol: Requests from the same client IP address and protocol are directed to the same backend instance.

This configuration is set at the load balancing rule level.

3. Outbound Connectivity with Load Balancer

Azure Load Balancer can also manage outbound traffic from your backend instances to the internet.

Outbound Rules and SNAT

When using a public Load Balancer, outbound traffic from your virtual machines is SNAT'd (Source Network Address Translation) to the IP address of the Load Balancer's frontend configuration. For more granular control over outbound connectivity, you can use:

Outbound Rules: Allow you to define specific outbound IP addresses and ports for SNAT.
Azure NAT Gateway: A fully managed and highly scalable network address translation service that provides simplified outbound-only internet connectivity for virtual networks.

Consider using Azure Firewall or Azure NAT Gateway for more robust outbound security and management.

Note: For outbound-only scenarios, consider using Azure NAT Gateway or Azure Firewall for better control and scalability than relying solely on Load Balancer SNAT.

4. Load Balancing Rules and NAT Rules

Load balancing rules define how incoming traffic is distributed. NAT rules translate inbound traffic to a specific backend instance.

In-Depth Rule Configuration

Feature	Description	Advanced Options
Frontend IP Configuration	The IP address that the load balancer listens on.	Multiple frontend IPs for different services.
Backend Pool	The group of virtual machines or roles receiving traffic.	Dynamic addition/removal of backend instances.
Protocol	TCP or UDP.
Frontend Port	The port clients connect to.	Port ranges.
Backend Port	The port on the backend instances.	Can differ from frontend port (port translation).
Health Probe	Configured probe to check backend health.	Custom probe configurations.
Session Persistence	Client IP Affinity settings.	ClientIP, ClientIPandProtocol.
Idle Timeout	Duration in minutes for which a TCP connection can remain idle.	Adjust based on application needs to prevent premature connection closure.

5. High Availability and Disaster Recovery

Leverage Azure Load Balancer in conjunction with other Azure services to build resilient applications.

Leveraging Availability Zones

Azure Load Balancer supports Availability Zones to provide higher availability. You can deploy your load balancer across multiple Availability Zones to ensure your application remains available even if one zone experiences an outage.

When an Availability Zone-aware Load Balancer is used, the backend pool can span across Availability Zones, providing redundancy and fault tolerance.

Warning: Ensure your backend VMs are also deployed across Availability Zones for true high availability.

6. Performance and Scalability Considerations

Understand how to configure and optimize Azure Load Balancer for peak performance.

Load Balancer Sizing and Throughput

Azure Load Balancer is a managed service that scales automatically. However, for extremely high throughput scenarios, consider the following:

Instance Count: Ensure you have a sufficient number of healthy backend instances.
VM Sizing: The performance of your backend VMs directly impacts overall throughput.
Network Limits: Be aware of Azure's network throughput limits for VMs and Load Balancers.

For scenarios requiring very high outbound SNAT port availability, consider using Azure NAT Gateway or a VNet with multiple Public IP addresses assigned to the Load Balancer.

7. Integration with Other Azure Services

Azure Load Balancer works seamlessly with other Azure services.

Examples:

Azure Virtual Machine Scale Sets (VMSS): Automatically provision and manage a set of identical VMs, integrating directly with Load Balancer for traffic distribution.
Azure Kubernetes Service (AKS): Load Balancer is used to expose Kubernetes services to the internet.
Azure Application Gateway: For Layer 7 load balancing, use Application Gateway in conjunction with Load Balancer for multi-tier architectures.
Azure Traffic Manager: For global traffic distribution and DNS-based load balancing, complement Azure Load Balancer.

8. Troubleshooting Advanced Scenarios

Common issues and how to diagnose them.

Diagnosing Connectivity Problems

Network Watcher: Utilize features like connection troubleshoot, IP flow verify, and packet capture.
Azure Monitor: Monitor Load Balancer metrics for health probes, data path availability, and SNAT port usage.
NSG Rules: Verify that Network Security Group (NSG) rules on both the Load Balancer's frontend and backend subnets are configured correctly to allow traffic.

Conclusion

Mastering the advanced features of Azure Load Balancer is key to building robust, scalable, and highly available applications on Azure. By understanding custom probes, session persistence, outbound configurations, and integration capabilities, you can significantly enhance your cloud deployments.