A While back Microsoft announced a new Load balancing tier in Microsoft Azure called Azure load balancer standard, which is a new SKU of the existing load balancing service in Azure, which is still in preview when I’m writing this blogpost.
Azure provides different load balancing solutions, where we have Application Gateway (provides layer 7 and SSL based load balancing) Traffic Manager which provides geo redudancy using DNS based load balancing) and Load Balancer service which has been aimed at layer 4 load balancing.
Now there are many differences between the standard one and the old one (basic)
|Standard SKU||Basic SKU|
|Backend pool endpoints||any virtual machine in a single virtual network, including blend of virtual machines, availability sets, virtual machine scale sets.||virtual machines in a single availability set or virtual machine scale set|
|Availability Zones||zone-redundant and zonal frontends for inbound and outbound, outbound flows mappings survive zone failure, cross-zone load balancing||/|
|Diagnostics||Azure Monitor, multi-dimensional metrics including byte and packet counters, health probe status, connection attempts (TCP SYN), outbound connection health (SNAT successful and failed flows), active data plane measurements||Azure Log Analytics for public Load Balancer only, SNAT exhaustion alert, backend pool health count|
|HA Ports||internal Load Balancer||/|
|Secure by default||default closed for public IP and Load Balancer endpoints and a network security group must be used to explicitly whitelist for traffic to flow||default open, network security group optional|
|Outbound connections||Multiple frontends with per rule opt-out. An outbound scenario must be explicitly created for the virtual machine to be able to use outbound connectivity. VNet Service Endpoints can be reached without outbound connectivity and do not count towards data processed. Any public IP addresses, including Azure PaaS services not available as VNet Service Endpoints, must be reached via outbound connectivity and count towards data processed. When only an internal Load Balancer is serving a virtual machine, outbound connections via default SNAT are not available. Outbound SNAT programming is transport protocol specific based on protocol of the inbound load balancing rule.||Single frontend, selected at random when multiple frontends are present. When only internal Load Balancer is serving a virtual machine, default SNAT is used.|
|Multiple frontends||Inbound and outbound||Inbound only|
|Management Operations||Most operations < 30 seconds||60-90+ seconds typical|
|SLA||99.99% for data path with two healthy virtual machines||Implicit in VM SLA|
|Pricing||Charged based on number of rules, data processed inbound or outbound associated with resource||No charge|
Now like AWS, Microsoft now charges based upon Load balancing rules and data processed (only for the standard SKU, the basic one is still free)
Load Balancing rules:
First 5 rules: $0.025/hour
Additional rules: $0.01/rule/hour
Data processed trough the load balancer.
$0.005 per GB
The biggest change in this new tier is that 1: It supports availability zones (Which today was GA), It has a much better diagnotics options and lastly it provides something called HA ports which ill come back to a little bit later in this post. To get started to configure a azure load balancer standard you might need to use the CLI or PowerShell, this example belove shows using Azure CLI.
Create Resource Group
az group create –name changename–location changelocation
Create Public IP with Standard SKU
az network public-ip create –resource-group myResourceGroupSLB –name myPublicIP –sku Standard
Create Standard load balancer
az network lb create –resource-group changename –name changename –public-ip-address myPublicIP –frontend-ip-name myFrontEnd –backend-pool-name myBackEndPool –sku Standard
Now looking back at some of the new functionality such as HA ports, this feature helps you with high availability and scale for network virtual appliances (NVA) inside virtual networks. It can also help when a large number of ports must be load balanced since we can load balance entire ports ranges, setting the port value to 0, and the protocol to All. The internal Load Balancer resource then balances all TCP and UDP flows, regardless of port number. NOTE: that if you want to use HA ports to provide HA for NVA in Azure please make sure that the vendor has verified the appliances to work with HA ports.
One of the most welcome features is that we can now monitor VIP and DIP availability directly from the console, which was a really cumbersome process in basic load balancer tier.
You can now also see availability on DIP based upon a single IP address.
So using Azure Load Balancer standard will allow us to easier load balance NVA inside where we for instance have a hub and spoke layout on the virtual network, and also the ability to now monitor the availabilty of DIP to make it easier to troubleshoot the health probes is something that I’ve been missing for some time!