Deployments and YAML, Exams of Microsoft AZ-304, Microsoft AZ-304 Certifications, Network Security Groups

Load balancing and advanced traffic routing – Network Connectivity and Security

by Katie Campbell

Many PaaS options in Azure, such as Web Apps and Functions, automatically scale as demand increases (and within limits you set). For this to function, Azure places services such as these behind a load balancer to distribute the load between them and redirect traffic from unhealthy nodes to healthy ones.

There are times when either a load balancer is not included, such as with VMs, or when you want to provide additional functionality not provided by the standard load balancers – such as the ability to balance between regions. In these cases, we have the option to build and configure our load balancers. You can choose several options, each providing its capabilities depending on your requirements.

Azure Load Balancer

Azure Load Balancer allows you to distribute traffic across VMs, allowing you to scale apps by distributing load and offering high availability. If a node becomes unhealthy, traffic is not sent to us, as shown in the following diagram:

Figure 8.16 – Azure Load Balancer

Load balancers distribute traffic and manage the session persistence between nodes in one of two ways:

  • The default is a five-tuple hash. The tuple is composed of the source IP, source port, destination IP, destination port, and protocol type. Because the source port is included in the hash and the source port changes for each session, clients might be using different VMs between sessions. This means applications that need to maintain a state for a client between requests will not work.
  • The alternative is source IP affinity. This is also known as session affinity or client IP affinity. This mode uses a two-tuple hash (from the source IP address and destination IP address) or a three-tuple hash (from the source IP address, destination IP address, and protocol type). This ensures that a specific client’s requests are always sent to the same VM behind the load balancer. Thus, applications that need to maintain state will still function.

Load balancers can be configured to be either internally (private) facing or external (public), and there are two SKUs for load balancers – Basic and Standard. The Basic tier is free but only supports 300 instances, VMs in availability sets or scale sets, and HTTP and TCP protocols when configuring health probes. The standard tier supports more advanced management features, such as zone-redundant frontends for inbound and outbound traffic and HTTPS probes, and you can have up to 1,000 instances. Finally, the Standard tier has an SLA of 99.99%, whereas the basic tier offers no SLA.