Hello fellow readers!
In these Loadbalancer series,I talk about Azure Loadbalancer fundamentals, covering some points which most courses seem to lack.
I tried to cover concepts in the form of questions and answers.
1. What is a Loadbalancer ?
Load balancing means equally distributing load (incoming traffic) to a group of servers (backend pool).
This may serve 2 primary purposes:
- Distribute load across multiple VMs,thereby reducing the burden on single VM
- Increase availability of the application by distributing resources within and across zones(and across healthy VMs only)
2.What are the main components of a Loadbalancer?
i.LoadBalancer Frontend IP
This is the load balancer IP address that works as a front door to clients. After clients initiate connections to a frontend IP address, the traffic will be distributed to the back-end servers.
The back-end application servers will be grouped together in a pool to serve an incoming request from a load balancer.
The load balancer uses probes to detect the health of the back-end servers.
If a back-end server is down, load balancer needs to know. Then it can stop distributing traffic to the faulty server.
The incoming traffic will be distributed to the backend servers according to the rules defined in the load balancer.
ie users connect to which front end LB IP , on which port ,traffic sent to which port for backend pool, backend pool name , health probe name.
3.What are the two types of Classic LB / What is Internal and Public LB?
i.Internal LB : Internal load balancers are used to load balance traffic inside a virtual network.
An internal (or private) load balancer is used where only private IPs are needed at the frontend.
Also,Traffic towards Loadbalancer originates from Private IPs.
ii.Public LB : Public Load Balancers are used to load balance internet traffic to your VMs.
The Loadbalancer frontend is a Public IP Address.
4.(Public Loadbalancer)Do the Backend Pool VMs need a Public IP Address?
No, the loadbalancer has a frontend IP address which is public.
Clients use this to connect to the service.They never use the direct IP of any of the backend pool VMs.
5.(followup from above) How does one configure the webserver (deploy the website) if the VMs do not have a Public IP address implying one cannot connect to it directly from Internet?
Azure Bastion Service can be used for accessing private IP VM over Internet.
6.Is the Loadbalancer and Backend Pool tied to a region/vnet/same vnet and region?
-Frontend IP and Loadbalancer itself belong to a region (must be same region)
-Loadbalancer and Backend Pool are tied to a single region and a single vnet
Loadbalancer and Backend Pool must have the same region and the same vnet.
NOTE:Microsoft does not ask for a vnet name while defining the loadbalancer but only for the FIRST Backendpool ;which gets taken as the common vnet for all subsequent Backendpools and the Loadbalancer itself.
Have written to them to clarify this in portal(https://github.com/MicrosoftDocs/azure-docs/issues/94896)
-All VMs in single pool belong to same region and same virtual network
Note that it is possible to have multiple Backend Pools defined for a single loadbalancer(different applications requiring HA will create a backend pool for each of the applications ;each LB rule tied to a backend pool may utilise different ports for receiving traffic from clients).
7. For permitting main inbound traffic, Where are NSGs configured for Classic Loadbalancers (Standard SKU), Is it done at LB level or backend pool VM level ie at each VM or subnet?
Backend pool VMs — at subnet/NIC of each VM.
NSGs cannot be configured at LB level.
8. What are few different types of Loadbalancers offered by Azure which operate at different layers of the OSI model/ have region vs global scope?
Azure provides various load balancing services that you can use to distribute your workloads across multiple computing resources —
Application Gateway, Front Door, Load Balancer and Traffic Manager
Azure load balancing services can be categorized along two dimensions: global versus regional, and HTTP(S) versus non-HTTP(S).
I. Global versus regional
Systems that load balance between application stamps, endpoints, or scale-units hosted across different regions/geographies.
Systems that load balance between VMs, containers, or clusters within a region in a virtual network.
II. HTTP(S) versus non-HTTP(S)
i. HTTP(S) load-balancing services are Layer 7 load balancers that only accept HTTP(S) traffic.
They are intended for web applications or other HTTP(S) endpoints.
They include features such as SSL offload, web application firewall, path-based load balancing, and session affinity.
ii. Non-HTTP/S load-balancing services can handle non-HTTP(S) traffic and are recommended for non-web workloads.
The following table summarizes the Azure load balancing services by these categories:
More differences can be referenced here: https://tutorialsdojo.com/azure-load-balancer-vs-app-gateway-vs-traffic-manager/
This covers part 1,part 2 is here!