| title | description | author | ms.service | ms.topic | ms.workload | ms.date | ms.author |
|---|---|---|---|---|---|---|---|
Azure Load Balancer portal settings |
Get started learning about Azure Load Balancer portal settings |
greg-lindsay |
load-balancer |
how-to |
infrastructure-services |
08/16/2021 |
greglin |
As you create Azure Load Balancer, information in this article will help you learn more about the individual settings and what the right configuration is for you.
Azure Load Balancer is a network load balancer that distributes traffic across VM instances in the backend pool. To create a load balancer in the portal, at the top of the page select the search box. Enter Load balancer. Select Load balancers in the search results. Select + Create in the Load balancers page.
In the Basics tab of the create load balancer portal page, you'll see the following information:
| Setting | Details |
|---|---|
| Subscription | Select your subscription. This selection is the subscription you want your load balancer to be deployed in. |
| Resource group | Select Create new and type in the name for your resource group in the text box. If you have an existing resource group created, select it. |
| Name | This setting is the name for your Azure Load Balancer. |
| Region | Select an Azure region you'd like to deploy your load balancer in. |
| Type | Load balancer has two types: Internal (Private) Public (External). An internal load balancer (ILB) routes traffic to backend pool members via a private IP address. A public load balancer directs requests from clients over the internet to the backend pool. Learn more about load balancer types. |
| SKU | Select Standard. Load balancer has two SKUs: Basic and Standard. Basic has limited functionality. Standard is recommended for production workloads. Learn more about SKUs. |
| Tier | Load balancer has two tiers: Regional Global A regional load balancer is constrained to load balancing within a region. Global refers to a cross-region load balancer that load-balances across regions. For more information on the Global tier, see Cross-region load balancer (preview) |
:::image type="content" source="./media/manage/create-public-load-balancer-basics.png" alt-text="Screenshot of create load balancer public." border="true":::
In the Frontend IP configuration tab of the create load balancer portal page, select + Add frontend IP address to open the creation page.
:::image type="content" source="./media/manage/create-frontend.png" alt-text="Screenshot of create frontend IP configuration." border="true":::
If you select Public as your type, you'll see the following information:
| Setting | Details |
|---|---|
| Name | The name of the frontend that will be added to the load balancer. |
| IP version | IPv4 IPv6 Load balancer supports IPv4 and IPv6 frontends. For more information see, load Balancer and IPv6. |
| IP type | IP address IP prefix Load balancer supports an IP address or an IP prefix for the frontend IP address. For more information, see Azure Public IP address prefix. |
:::image type="content" source="./media/manage/add-frontend-public.png" alt-text="Screenshot of add frontend IP configuration." border="true":::
If you select IP address for IP type, you'll see the following information:
| Setting | Details |
|---|---|
| Public IP address | Select Create new to create a public IP address for your public load balancer. If you have an existing public IP, select it in the pull down box. |
| Name | The name of the public IP address resource. |
| SKU | Public IP addresses have two SKUs: Basic and Standard. Basic doesn't support zone-resiliency and zonal attributes. Standard is recommended for production workloads. Load balancer and public IP address SKUs must match. |
| Tier | Regional Global Depending on type of load balancer tier will determine what is selected. Regional for traditional load balancer, global for cross-region. |
| Assignment | Static is auto selected for standard. Basic public IPs have two types: Dynamic and Static. Dynamic public IP addresses aren't assigned until creation. IPs can be lost if the resource is deleted. Static IP addresses are recommended. |
| Availability zone | Select Zone-redundant to create a resilient load balancer. To create a zonal load balancer, select a specific zone from 1, 2, or 3. Standard load balancer and public IPs support zones. Learn more about load balancer and availability zones. You won't see zone selection for basic. Basic load balancer doesn't support zones. |
| Routing preference | Select Microsoft Network. Microsoft Network means that traffic is routed via the Microsoft global network. Internet means that traffic is routed through the internet service provider network. Learn more about Routing Preferences |
:::image type="content" source="./media/manage/create-public-ip.png" alt-text="Screenshot of create public IP." border="true":::
If you select IP prefix for IP type, you'll see the following information:
| Setting | Details |
|---|---|
| Public IP prefix | Select Create new to create a public IP prefix for your public load balancer. If you have an existing public prefix, select it in the pull down box. |
| Name | The name of the public IP prefix resource. |
| SKU | Public IP prefixes have one SKU, Standard. |
| IP version | IPv4 or IPv6. The version displayed will correspond to the version chosen above. |
| Prefix size | IPv4 or IPv6 prefixes are displayed depending on the selection above. IPv4 /24 (256 addresses) /25 (128 addresses) /26 (64 addresses) /27 (32 addresses) /28 (16 addresses) /29 (8 addresses) /30 (4 addresses) /31 (2 addresses) IPv6 /124 (16 addresses) /125 (8 addresses) 126 (4 addresses) 127 (2 addresses) |
| Availability zone | Select Zone-redundant to create a resilient load balancer. To create a zonal load balancer, select a specific zone from 1, 2, or 3. Standard load balancer and public IP prefixes support zones. Learn more about load balancer and availability zones. |
:::image type="content" source="./media/manage/create-public-ip-prefix.png" alt-text="Screenshot of create public IP prefix." border="true":::
If you select Internal as your type in the Basics tab, you'll see the following information:
| Setting | Details |
|---|---|
| Virtual network | The virtual network you want your internal load balancer to be part of. The private frontend IP address you select for your internal load balancer will be from this virtual network. |
| Subnet | The subnets available for the IP address of the frontend IP are displayed here. |
| Assignment | Your options are Static or Dynamic. Static ensures the IP doesn't change. A dynamic IP could change. |
| Availability zone | Your options are: Zone redundant Zone 1 Zone 2 Zone 3 To create a load balancer that is highly available and resilient to availability zone failures, select a zone-redundant IP. |
:::image type="content" source="./media/manage/add-frontend-internal.png" alt-text="Screenshot of add internal frontend." border="true":::
In the Backend pools tab of the create load balancer portal page, select + Add a backend pool to open the creation page.
:::image type="content" source="./media/manage/create-backend-pool.png" alt-text="Screenshot of create backend pool tab." border="true":::
The following is displayed in the + Add a backend pool creation page:
| Setting | Details |
|---|---|
| Name | The name of your backend pool. |
| Virtual network | The virtual network your backend instances are. |
| Backend pool configuration | Your options are: NIC IP address NIC configures the backend pool to use the network interface card of the virtual machines. IP address configures the backend pool to use the IP address of the virtual machines. For more information on backend pool configuration see, Backend pool management. |
| IP version | Your options are IPv4 or IPv6. |
You can add virtual machines or virtual machine scale sets to the backend pool of your Azure Load Balancer. Create the virtual machines or virtual machine scale sets first.
:::image type="content" source="./media/manage/add-backend-pool.png" alt-text="Screenshot of add backend pool." border="true":::
There are two sections in the Inbound rules tab, Load balancing rule and Inbound NAT rule.
In the Inbound rules tab of the create load balancer portal page, select + Add a load balancing rule to open the creation page.
:::image type="content" source="./media/manage/inbound-rules.png" alt-text="Screenshot of add inbound rule." border="true":::
The following is displayed in the + Add a load balancing rule creation page:
| Setting | Details |
|---|---|
| Name | The name of the load balancer rule. |
| IP Version | Your options are IPv4 or IPv6. |
| Frontend IP address | Select the frontend IP address. The frontend IP address of your load balancer you want the load balancer rule associated to. |
| Protocol | Azure Load Balancer is a layer 4 network load balancer. Your options are: TCP or UDP. |
| Port | This setting is the port associated with the frontend IP that you want traffic to be distributed based on this load-balancing rule. |
| Backend port | This setting is the port on the instances in the backend pool you would like the load balancer to send traffic to. This setting can be the same as the frontend port or different if you need the flexibility for your application. |
| Backend pool | The backend pool you would like this load balancer rule to be applied on. |
| Health probe | Select Create new, to create a new probe. Only healthy instances will receive new traffic. |
| Session persistence | Your options are: None Client IP Client IP and protocol Maintain traffic from a client to the same virtual machine in the backend pool. This traffic will be maintained for the duration of the session. None specifies that successive requests from the same client may be handled by any virtual machine. Client IP specifies that successive requests from the same client IP address will be handled by the same virtual machine. Client IP and protocol ensure that successive requests from the same client IP address and protocol will be handled by the same virtual machine. Learn more about distribution modes. |
| Idle timeout (minutes) | Keep a TCP or HTTP connection open without relying on clients to send keep-alive messages |
| TCP reset | Load balancer can send TCP resets to help create a more predictable application behavior on when the connection is idle. Learn more about TCP reset |
| Floating IP | Floating IP is Azure's terminology for a portion of what is known as Direct Server Return (DSR). DSR consists of two parts: 1. Flow topology 2. An IP address-mapping scheme at a platform level. Azure Load Balancer always operates in a DSR flow topology whether floating IP is enabled or not. This operation means that the outbound part of a flow is always correctly rewritten to flow directly back to the origin. Without floating IP, Azure exposes a traditional load-balancing IP address-mapping scheme, the VM instances' IP. Enabling floating IP changes the IP address mapping to the frontend IP of the load Balancer to allow for additional flexibility. For more information, see Multiple frontends for Azure Load Balancer. |
| Outbound source network address translation (SNAT) | Your options are: (Recommended) Use outbound rules to provide backend pool members access to the internet. Use implicit outbound rule. This is not recommended because it can cause SNAT port exhaustion. Select the Recommended option to prevent SNAT port exhaustion. A NAT gateway or Outbound rules are required to provide SNAT for the backend pool members. For more information on NAT gateway, see What is Virtual Network NAT?. For more information on outbound connections in Azure, see Using Source Network Address Translation (SNAT) for outbound connections. |
:::image type="content" source="./media/manage/add-load-balancing-rule.png" alt-text="Screenshot of add load balancing rule." border="true":::
If you selected Create new in the health probe configuration of the load-balancing rule above, the following options are displayed:
| Setting | Details |
|---|---|
| Name | The name of your health probe. |
| Protocol | The protocol you select determines the type of check used to determine if the backend instance(s) are healthy. Your options are: TCP HTTPS HTTP Ensure you're using the right protocol. This selection will depend on the nature of your application. The configuration of the health probe and probe responses determines which backend pool instances will receive new flows. You can use health probes to detect the failure of an application on a backend endpoint. Learn more about health probes. |
| Port | The destination port for the health probe. This setting is the port on the backend instance the health probe will use to determine the instance's health. |
| Interval | The number of seconds in between probe attempts. The interval will determine how frequently the health probe will attempt to reach the backend instance. If you select 5, the second probe attempt will be made after 5 seconds and so on. |
| Unhealthy threshold | The number of consecutive probe failures that must occur before a VM is considered unhealthy. If you select 2, no new flows will be set to this backend instance after two consecutive failures. |
:::image type="content" source="./media/manage/add-health-probe.png" alt-text="Screenshot of add health probe." border="true":::
In the Inbound rules tab of the create load balancer portal page, select + Add an inbound NAT rule to open the creation page.
The following is displayed in the + Add an inbound NAT rule creation page:
| Setting | Details |
|---|---|
| Name | The name of your inbound NAT rule |
| Frontend IP address | Select the frontend IP address. The frontend IP address of your load balancer you want the inbound NAT rule associated to. |
| IP Version | Your options are IPv4 and IPv6. |
| Service | The type of service you'll be running on Azure Load Balancer. A selection here will update the port information appropriately. |
| Protocol | Azure Load Balancer is a layer 4 network load balancer. Your options are: TCP or UDP. |
| Idle timeout (minutes) | Keep a TCP or HTTP connection open without relying on clients to send keep-alive messages. |
| TCP Reset | Load Balancer can send TCP resets to help create a more predictable application behavior on when the connection is idle. Learn more about TCP reset |
| Port | This setting is the port associated with the frontend IP that you want traffic to be distributed based on this inbound NAT rule. |
| Target virtual machine | The virtual machine part of the backend pool you would like this rule to be associated to. |
| Port mapping | This setting can be default or custom based on your application preference. |
:::image type="content" source="./media/manage/add-inbound-nat-rule.png" alt-text="Screenshot of add inbound nat rule." border="true":::
In the Outbound rules tab of the create load balancer portal page, select + Add an outbound rule to open the creation page.
Note
The outbound rules tab is only valid for a public standard load balancer. Outbound rules are not supported on an internal or basic load balancer. Azure Virtual Network NAT is the recommended way to provide outbound internet access for the backend pool. For more information on Azure Virtual Network NAT and the NAT gateway resource, see What is Azure Virtual Network NAT?.
:::image type="content" source="./media/manage/create-outbound-rule.png" alt-text="Screenshot of create outbound rule." border="true":::
The following is displayed in the + Add an outbound rule creation page:
| Setting | Details |
|---|---|
| Name | The name of your outbound rule. |
| Frontend IP address | Select the frontend IP address. The frontend IP address of your load balancer you want the outbound rule to be associated to. |
| Protocol | Azure Load Balancer is a layer 4 network load balancer. Your options are: All, TCP, or UDP. |
| Idle timeout (minutes) | Keep a TCP or HTTP connection open without relying on clients to send keep-alive messages. |
| TCP Reset | Load balancer can send TCP resets to help create a more predictable application behavior on when the connection is idle. Learn more about TCP reset |
| Backend pool | The backend pool you would like this outbound rule to be applied on. |
| Port allocation | |
| Port allocation | Your choices are: Manually choose number of outbound ports Use the default number of outbound ports It's recommended to select the default of Manually choose number of outbound ports to prevent SNAT port exhaustion. If choose Use the default number of outbound ports, the Outbound ports selection is disabled. |
| Outbound ports | Your choices are: Ports per instance Maximum number of backend instances. It's recommend to select Ports per instance and enter 10,000. |
:::image type="content" source="./media/manage/add-outbound-rule.png" alt-text="Screenshot of add outbound rule." border="true":::
The IP address of your Azure Load Balancer. It's the point of contact for clients.
You can have one or many frontend IP configurations. If you went through the create section above, you would have already created a frontend for your load balancer.
If you want to add a frontend IP configuration to your load balancer, go to your load balancer in the Azure portal, select Frontend IP configuration, and then select +Add.
| Setting | Details |
|---|---|
| Name | The name of your frontend IP configuration. |
| IP version | The IP address version you'd like your frontend to have. Load balancer supports both IPv4 and IPv6 frontend IP configurations. |
| IP type | IP type determines if a single IP address is associated with your frontend or a range of IP addresses using an IP Prefix. A public IP prefix assists when you need to connect to the same endpoint repeatedly. The prefix ensures enough ports are given to assist with SNAT port issues. |
| Public IP address (or Prefix if you selected prefix above) | Select or create a new public IP (or prefix) for your load balancer frontend. |
:::image type="content" source="./media/manage/frontend.png" alt-text="Create frontend ip configuration page." border="true":::
A backend address pool contains the IP addresses of the virtual network interfaces in the backend pool.
If you want to add a backend pool to your load balancer, go to your load balancer in the Azure portal, select Backend pools, and then select +Add.
| Setting | Details |
|---|---|
| Name | The name of your backend pool. |
| Virtual network | The virtual network your backend instances are. |
| Backend Pool Configuration | Your options are: NIC IP address NIC configures the backend pool to use the network interface card of the virtual machines. IP address configures the backend pool to use the IP address of the virtual machines. For more information on backend pool configuration see, Backend pool management. |
| IP version | Your options are IPv4 or IPv6. |
You can add virtual machines or virtual machine scale sets to the backend pool of your Azure Load Balancer. Create the virtual machines or virtual machine scale sets first. Next, add them to the load balancer in the portal.
:::image type="content" source="./media/manage/backend.png" alt-text="Create backend pool page." border="true":::
A health probe is used to monitor the status of your backend VMs or instances. The health probe status determines when new connections are sent to an instance based on health checks.
If you want to add a health probe to your load balancer, go to your load balancer in the Azure portal, select Health probes, then select +Add.
| Setting | Details |
|---|---|
| Name | The name of your health probe. |
| Protocol | The protocol you select determines the type of check used to determine if the backend instance(s) are healthy. Your options are: TCP HTTPS HTTP Ensure you're using the right protocol. This selection will depend on the nature of your application. The configuration of the health probe and probe responses determines which backend pool instances will receive new flows. You can use health probes to detect the failure of an application on a backend endpoint. Learn more about health probes. |
| Port | The destination port for the health probe. This setting is the port on the backend instance the health probe will use to determine the instance's health. |
| Interval | The number of seconds in between probe attempts. The interval will determine how frequently the health probe will attempt to reach the backend instance. If you select 5, the second probe attempt will be made after 5 seconds and so on. |
| Unhealthy threshold | The number of consecutive probe failures that must occur before a VM is considered unhealthy. If you select 2, no new flows will be set to this backend instance after two consecutive failures. |
:::image type="content" source="./media/manage/health-probe.png" alt-text="Screenshot of create add health probe." border="true":::
Defines how incoming traffic is distributed to all the instances within the backend pool. A load-balancing rule maps a given frontend IP configuration and port to multiple backend IP addresses and ports.
If you want to add a load balancer rule to your load balancer, go to your load balancer in the Azure portal, select Load-balancing rules, and then select +Add.
| Setting | Details |
|---|---|
| Name | The name of the load balancer rule. |
| IP Version | Your options are IPv4 or IPv6. |
| Frontend IP address | Select the frontend IP address. The frontend IP address of your load balancer you want the load balancer rule associated to. |
| Protocol | Azure Load Balancer is a layer 4 network load balancer. Your options are: TCP or UDP. |
| Port | This setting is the port associated with the frontend IP that you want traffic to be distributed based on this load-balancing rule. |
| Backend port | This setting is the port on the instances in the backend pool you would like the load balancer to send traffic to. This setting can be the same as the frontend port or different if you need the flexibility for your application. |
| Backend pool | The backend pool you would like this load balancer rule to be applied on. |
| Health probe | The health probe you created to check the status of the instances in the backend pool. Only healthy instances will receive new traffic. |
| Session persistence | Your options are: None Client IP Client IP and protocol Maintain traffic from a client to the same virtual machine in the backend pool. This traffic will be maintained for the duration of the session. None specifies that successive requests from the same client may be handled by any virtual machine. Client IP specifies that successive requests from the same client IP address will be handled by the same virtual machine. Client IP and protocol ensure that successive requests from the same client IP address and protocol will be handled by the same virtual machine. Learn more about distribution modes. |
| Idle timeout (minutes) | Keep a TCP or HTTP connection open without relying on clients to send keep-alive messages |
| TCP reset | Load balancer can send TCP resets to help create a more predictable application behavior on when the connection is idle. Learn more about TCP reset |
| Floating IP | Floating IP is Azure's terminology for a portion of what is known as Direct Server Return (DSR). DSR consists of two parts: 1. Flow topology 2. An IP address-mapping scheme at a platform level. Azure Load Balancer always operates in a DSR flow topology whether floating IP is enabled or not. This operation means that the outbound part of a flow is always correctly rewritten to flow directly back to the origin. Without floating IP, Azure exposes a traditional load-balancing IP address-mapping scheme, the VM instances' IP. Enabling floating IP changes the IP address mapping to the frontend IP of the load Balancer to allow for additional flexibility. For more information, see Multiple frontends for Azure Load Balancer. |
| Outbound source network address translation (SNAT) | Your options are: (Recommended) Use outbound rules to provide backend pool members access to the internet. Use implicit outbound rule. This is not recommended because it can cause SNAT port exhaustion. Select the Recommended option to prevent SNAT port exhaustion. A NAT gateway or Outbound rules are required to provide SNAT for the backend pool members. For more information on NAT gateway, see What is Virtual Network NAT?. For more information on outbound connections in Azure, see Using Source Network Address Translation (SNAT) for outbound connections. |
:::image type="content" source="./media/manage/load-balancing-rule.png" alt-text="Screenshot of add load-balancing rule." border="true":::
An inbound NAT rule forwards incoming traffic sent to frontend IP address and port combination.
The traffic is sent to a specific virtual machine or instance in the backend pool. Port forwarding is done by the same hash-based distribution as load balancing.
If your scenario requires Remote Desktop Protocol (RDP) or Secure Shell (SSH) sessions to separate VM instances in a backend pool. Multiple internal endpoints can be mapped to ports on the same frontend IP address.
The frontend IP addresses can be used to remotely administer your VMs without an additional jump box.
If you want to add an inbound nat rule to your load balancer, go to your load balancer in the Azure portal, select Inbound NAT rules, and then select +Add.
| Setting | Details |
|---|---|
| Name | The name of your inbound NAT rule |
| Frontend IP address | Select the frontend IP address. The frontend IP address of your load balancer you want the inbound NAT rule associated to. |
| IP Version | Your options are IPv4 and IPv6. |
| Service | The type of service you'll be running on Azure Load Balancer. A selection here will update the port information appropriately. |
| Protocol | Azure Load Balancer is a layer 4 network load balancer. Your options are: TCP or UDP. |
| Idle timeout (minutes) | Keep a TCP or HTTP connection open without relying on clients to send keep-alive messages. |
| TCP Reset | Load Balancer can send TCP resets to help create a more predictable application behavior on when the connection is idle. Learn more about TCP reset |
| Port | This setting is the port associated with the frontend IP that you want traffic to be distributed based on this inbound NAT rule. |
| Target virtual machine | The virtual machine part of the backend pool you would like this rule to be associated to. |
| Port mapping | This setting can be default or custom based on your application preference. |
:::image type="content" source="./media/manage/inbound-nat-rule.png" alt-text="Screenshot of add inbound NAT rule." border="true":::
Load balancer outbound rules configure outbound SNAT for VMs in the backend pool.
If you want to add an outbound rule to your load balancer, go to your load balancer in the Azure portal, select Outbound rules, and then select +Add.
| Setting | Details |
|---|---|
| Name | The name of your outbound rule. |
| Frontend IP address | Select the frontend IP address. The frontend IP address of your load balancer you want the outbound rule to be associated to. |
| Protocol | Azure Load Balancer is a layer 4 network load balancer. Your options are: All, TCP, or UDP. |
| Idle timeout (minutes) | Keep a TCP or HTTP connection open without relying on clients to send keep-alive messages. |
| TCP Reset | Load balancer can send TCP resets to help create a more predictable application behavior on when the connection is idle. Learn more about TCP reset |
| Backend pool | The backend pool you would like this outbound rule to be applied on. |
:::image type="content" source="./media/manage/outbound-rule.png" alt-text="Screehshot of add inbound outbound rule." border="true":::
In this article, you learned about the different terms and settings in the Azure portal for Azure Load Balancer.