0

I'm using the new Resource Manager setup of azure with a couple of VMs and I'm trying to find the best way to associate multiple IPs to a single VM.

I've read a few different articles, ILPIP (Instance level public IP), Load Balanced pools and multiple NICs.

I'm not sure of the best options. My VMs are already setup and configured so I don't want to go through that process again of loading a new VM to enable certain features (some mention multiple NICs are only available on new VMs).

I looked into the Load Balanced solution but it appears to be missing from the new management portal. You can view your load balancers but you can't add new ones (if they are still available).

I need multiple IPs per VM as we have sites that have SSLs which can't be served over SNI due to older browser restrictions.

I'm at a loss as most article refer to older setups and not the resource manager method.

If anyone has a solid way of performing this, I would appreciate any help.

juvchan
  • 6,113
  • 2
  • 22
  • 35
Chris Lomax
  • 137
  • 2
  • 12

2 Answers2

2

In ARM (Azure Resource Manager) model, the best way to achieve multiple SSL sites with distinct public IPs is through a load-balancer.

  • Create a load-balancer, with one backendpool, multiple front-end IP configurations (one each for public-IP), multiple LB rules (one each for public-IP:443 -> backendpool:).
  • Configure all your VMs with their NIC to be part of the backendpool. One NIC is sufficient, don't need multi-NIC for this.

Note that you can create a load-balancer through Powershell, Azure CLI or ARM templates. Currently, portal support is not available.

Also see this sample template with multiple public IPs on a load-balancer.

Relevant commands (from the Azure official documentation link above) to achieve this in powershell :

# Two public IP addresses
$publicIP1 = New-AzureRmPublicIpAddress -Name PublicIp1 -ResourceGroupName NRP-RG -Location "West US" –AllocationMethod Static -DomainNameLabel loadbalancernrp 
$publicIP2 = New-AzureRmPublicIpAddress -Name PublicIp2 -ResourceGroupName NRP-RG -Location "West US" –AllocationMethod Static -DomainNameLabel loadbalancernrp 

# Two frontend IP configurations
$frontendIP1 = New-AzureRmLoadBalancerFrontendIpConfig -Name LB-Frontend1 -PublicIpAddress $publicIP1 
$frontendIP2 = New-AzureRmLoadBalancerFrontendIpConfig -Name LB-Frontend2 -PublicIpAddress $publicIP2

# One backend pool. 
# Note that Name parameter value
$beaddresspool= New-AzureRmLoadBalancerBackendAddressPoolConfig -Name "LB-backend"

# Two LB rules
# Note that backend port is 444 for the second rule.
$lbrule1 = New-AzureRmLoadBalancerRuleConfig -Name "HTTPS1" -FrontendIpConfiguration $frontendIP1 -BackendAddressPool  $beAddressPool -Probe $healthProbe -Protocol Tcp -FrontendPort 443 -BackendPort 443
$lbrule2 = New-AzureRmLoadBalancerRuleConfig -Name "HTTPS2" -FrontendIpConfiguration $frontendIP2 -BackendAddressPool  $beAddressPool -Probe $healthProbe -Protocol Tcp -FrontendPort 443 -BackendPort 444

# Two NICs
# Use the specific backendpool referenced in the LB rules
$backendnic1 = New-AzureRmNetworkInterface -Name lb-nic1-be -ResourceGroupName NRP-RG -Location "West US" -Subnet $backendSubnet -LoadBalancerBackendAddressPool $beaddresspool
$backendnic2 = New-AzureRmNetworkInterface -Name lb-nic2-be -ResourceGroupName NRP-RG -Location "West US" -Subnet $backendSubnet -LoadBalancerBackendAddressPool $beaddresspool
Siva Edupuganti
  • 133
  • 3
0

If you have already set up a load balancer you can add a public IP and front-end IP config onto your existing load balancer with the following powershell:

$IPName = "PublicIp2"
#domain name lable must be lower case
$DomainName = "public2"
$frontendConfigName = "LB-" + $DomainName

$slb = get-AzureRmLoadBalancer -Name my-web-loadbalancer -ResourceGroupName RGN01
$publicIP2 = New-AzureRmPublicIpAddress -Name $IPName -ResourceGroupName RGN01 -Location "West Europe" –AllocationMethod Static -DomainNameLabel $DomainName
$frontendIP2 = New-AzureRmLoadBalancerFrontendIpConfig -Name $frontendConfigName -PublicIpAddress $publicIP2
$slb | Add-AzureRmLoadBalancerFrontendIpConfig -PublicIpAddress $publicIP2 -Name $frontendConfigName
$slb | Set-AzureRmLoadBalancer 

$HTTPSName = $DomainName + "HTTPS"
$HTTPName = $DomainName + "HTTP"
$healthProbe = $slb.Probes[0]

#You need to get a backend port that's not being used. Use #Get-AzureRmLoadBalancerRuleConfig -LoadBalancer $slb to see the config rules that are currently on the load balancer
#don't use 445 - it's used by Active directory
#You need to open the ports you've chosen on your webservers firewalls
$slb | Add-AzureRmLoadBalancerRuleConfig -Name $HTTPSName -FrontendIpConfiguration $frontendIP2 -BackendAddressPool $slb.BackendAddressPools[0] -Probe $healthProbe -Protocol Tcp -FrontendPort 443 -BackendPort 446
$slb | Set-AzureRmLoadBalancer
$slb | Add-AzureRmLoadBalancerRuleConfig -Name $HTTPName -FrontendIpConfiguration $frontendIP2 -BackendAddressPool $slb.BackendAddressPools[0] -Probe $healthProbe -Protocol Tcp -FrontendPort 80 -BackendPort 82
$slb | Set-AzureRmLoadBalancer
Kate
  • 1