Azure Internal load balancer

Load balancing refers to the practice of evenly distributing traffic load (incoming network traffic) across a group of backend resources or servers.

Azure Load Balancer operates at layer 4 of the Open Systems Interconnection (OSI) model. The Azure load balancer the single point of contact for clients. Load balancers distribute inbound flows that arrive at the load balancer’s front end to backend pool instances.

Deployment of an internal load balancer via powershell is broken down into the following components:

Deployment Steps:

Step 1 - Identity your target vnet

Identify your target vnet and place into a variable

$rgname = "allen-vnet"
$vnetname = "vnet-uaenorth"
$net = @{
    Name = $vnetname
    ResourceGroupName = $rgname
}
$vnet = Get-AzVirtualNetwork @net
Step 2 - Create a front-end IP 

Create a front-end IP. This IP receives the incoming traffic on the load balancer and acts as your “front door”.

I am configuring the private ip adress with a 3 availability zones for redundancy. The ip address falls within the scope of my target internal subnet CIDR.

$lbfrontEnd = "ilb-frontend"
$privip = "10.0.1.69" #internal subnet location
$lbip = @{
    Name = $lbfrontEnd
    PrivateIpAddress = $privip
    SubnetId = $vnet.subnets[0].Id
    Zone = 1, 2, 3    # 3 availability zone
}
$feip = New-AzLoadBalancerFrontendIpConfig @lbip
Step 3 - Create backend address pool

Create backend address pool configuration and place into a variable.

$bepool = New-AzLoadBalancerBackendAddressPoolConfig `
-Name 'FGBackEndPool'
Step 4 - Create a health probe

The health probe is used for continually probing your backend targets / virtual machines / endpoints to make sure that they are healthy and reachable and so that they dont send traffic to dead back-endpoints.

$probe = @{ 
Name = 'HealthProbe-22'
Protocol = 'tcp'
Port = '22'
IntervalInSeconds = '360'
ProbeCount = '5'
}
$healthprobe = New-AzLoadBalancerProbeConfig @probe
Step 5 -  Create the load balancer rule

The load balancer rule is what binds the front-end to the backend pool (and targets) and includes the middle pieces such as the health probes.

$lbrule = @{
Name = 'SSL-Rule'
Protocol = 'tcp'
FrontendPort = '443'
BackendPort = '443'
IdleTimeoutInMinutes = '5'
FrontendIpConfiguration = $feip
BackendAddressPool = $bePool
}
$rule = New-AzLoadBalancerRuleConfig @lbrule 
Step 6 - Deploy a public load balancer instance

$rgNameILB = "allen-fgilb"   #destination resource group
$ILBname = "fg-internal-lb"
$location = "uaenorth"

$loadbalancer = @{
    ResourceGroupName = $rgNameILB
    Name = $ILBname
    Location = $location
    Sku = 'Standard'
    FrontendIpConfiguration = $feip
    BackendAddressPool = $bePool
    LoadBalancingRule = $rule
    Probe = $healthprobe
}
New-AzLoadBalancer @loadbalancer
Step 7 - Manually add the backend targets Fortigate NGFW NVA's

Backend Pool > Add

Add both payg and byol scale sets to the backend pool on the internal load balancer > Save.

Step 8 - Go to Load Balancer Rules

Go to your load balancer rules:

High availability ports > enable,
Health probe > select your existing / pre-created health probe,

–End–

2 comments

  1. I’d should examine with you here. Which isn’t one thing I usually do! I get pleasure from reading a submit that will make individuals think. Also, thanks for allowing me to comment!

Leave a comment

Your email address will not be published. Required fields are marked *