Detailed guide on implementing an Internal Load Balancer in Azure

Implementing an Internal Load Balancer (ILB) in Azure enables you to distribute traffic across backend resources within a private network (Virtual Network, or VNet).

Unlike a Public Load Balancer, an ILB does not expose a public IP address and is accessible only within the private network.

Here’s a step-by-step guide.

Plan Your Internal Load Balancer Deployment

Before creating the Internal Load Balancer, consider the following:

Frontend IP

A private IP address from your VNet, not publicly accessible.

Backend Pool

A set of Virtual Machines (VMs) or other resources in the VNet that will receive traffic.

Health Probes

Used to monitor the health of backend resources.

Load Balancing Rules

Define how traffic is distributed across the backend resources.

Prerequisites

1. Azure Subscription

Ensure you have an active Azure subscription.

2. Virtual Machines

Create two or more VMs within the same VNet (if not already done).

3. Virtual Network

The VMs should be part of the same VNet and in the same region as the load balancer.

Steps to Create an Internal Load Balancer

Step 1: Create the Internal Load Balancer

1. Navigate to the Azure Portal.

2. In the search bar, type Load Balancers and select it.

3. Click + Create to start creating a new Load Balancer.

4. Configure the Basics tab:

   • Subscription: Select your Azure subscription.

   • Resource Group: Choose an existing resource group or create a new one.

   • Region: Ensure this matches the region of your VNet.

   • Name: Provide a descriptive name for your load balancer (e.g., InternalLB).

   • SKU: Choose Standard (recommended for production).

   • Type: Select Internal.

5. Configure the Frontend IP Configuration:

   • Click + Add a frontend IP configuration.

   • Name the configuration (e.g., InternalFrontend).

   • Select the Virtual Network and Subnet.

   • Assign a Private IP Address (Static or Dynamic).

   • Click Add.

6. Click Review + Create, then click Create to deploy the Internal Load Balancer.

Step 2: Configure the Backend Pool

1. Once the Load Balancer is created, navigate to its Overview page.

2. Click on Backend Pools under Settings.

3. Click + Add to create a new backend pool.

4. Provide a name for the backend pool (e.g., InternalBackendPool).

5. For Backend Pool Configuration, select:

   • Associated to: Virtual Machine.

   • Add Virtual Machines: Choose the VMs to include in the backend pool.

6. Click Add to save the backend pool configuration.

Step 3: Create Health Probes

1. In the Load Balancer settings, click on Health Probes.

2. Click + Add to create a new health probe.

3. Configure the health probe:

   • Name: Provide a descriptive name (e.g., InternalHealthProbe).

   • Protocol: Select TCP, HTTP, or HTTPS.

   • Port: Specify the port to monitor (e.g., 80 for HTTP or 443 for HTTPS).

   • Interval: Set the frequency of health checks (default is 5 seconds).

   • Unhealthy Threshold: Define the number of consecutive failures to mark a resource as unhealthy.

4. Click OK to save the health probe.

Step 4: Configure Load Balancing Rules

1. In the Load Balancer settings, click on Load Balancing Rules.

2. Click + Add to create a new rule.

3. Configure the rule:

   • Name: Provide a name for the rule (e.g., InternalLoadBalancingRule).

   • Frontend IP Configuration: Select the private IP address created earlier.

   • Protocol: Choose TCP.

   • Frontend Port: Specify the port on which the load balancer listens (e.g., 80).

   • Backend Port: Specify the port on which backend resources are listening (e.g., 80).

   • Backend Pool: Select the backend pool created earlier.

   • Health Probe: Select the health probe created earlier.

   • Session Persistence: Choose a session persistence mode (e.g., None or Client IP).

   • Idle Timeout (minutes): Set the timeout duration (default is 4 minutes).

   • Floating IP: Leave disabled unless required for specific scenarios.

4. Click Add to save the rule.

Test the Internal Load Balancer

1. Log in to a VM within the same VNet as the Internal Load Balancer.

2. Use tools like curl or a web browser to send a request to the private IP address of the load balancer on the configured frontend port.

   • Example: curl http://<private-ip>:80

3. The request should be routed to one of the backend VMs.

4. Stop one VM and test again to ensure the load balancer redirects traffic to the healthy VMs.

Optional Configuration

Network Security Groups (NSGs)

• Ensure the NSG associated with the backend VMs or subnet allows inbound traffic on the required ports (e.g., port 80 for HTTP).

• For security, restrict access to backend VMs and allow traffic only through the load balancer.

Outbound Connections

• If backend VMs need to initiate outbound traffic, configure outbound rules in the load balancer.

Diagnostics and Monitoring

• Enable Azure Monitor to track the health and performance of the Internal Load Balancer.

• Use Log Analytics for detailed insights and troubleshooting.

Key Considerations

Choose Standard SKU

For production workloads, the Standard SKU provides enhanced features, such as zone redundancy and advanced diagnostics.

Private Access Only

The Internal Load Balancer is not accessible from the public internet. Ensure proper routing within your private network.

Scaling

Integrate the Internal Load Balancer with Virtual Machine Scale Sets for automatic scaling of backend resources.

Health Probes

Use well-configured health probes to ensure traffic is directed only to healthy resources.

Summary

By following these steps, you can successfully implement an Internal Load Balancer in Azure, enabling efficient traffic distribution within your private network.