2

I'm trying to add a NAT pool for port 8172 to an existing loadbalancer via Azure cli. I found what I believe is the correct command:

az network lb inbound-nat-pool update --lb-name
                                  --name
                                  --resource-group
                                  [--add]
                                  [--backend-port]
                                  [--frontend-ip-name]
                                  [--frontend-port-range-end]
                                  [--frontend-port-range-start]
                                  [--protocol {All, Tcp, Udp}]
                                  [--remove]
                                  [--set]

and I suppose I need to use the --add option. But what's next? How do I specify the frontend and backend settings in the add command?

Zirc75
  • 365
  • 3
  • 13

4 Answers4

1

I'm trying to add a NAT pool for port 8172 to an existing loadbalancer via Azure cli.

Unfortunately, adding or editing references between load balancers and scale set virtual machines is currently disabled for load balancers that contain an existing association with a scale set.

If you want to add NAT rules for VMSS, maybe we should re-create it. enter image description here

If we use CLI 2.0 to add or update inbound rules, we will get this error message:

C:\Users>az network lb inbound-nat-rule create -g jasonvmss --lb-name jasonvmsslb --protocol TCP --frontend-port 8172 --backend-port 8172 -n nat1
Adding or updating NAT Rules when NAT pool is present on loadbalancer /subscriptions/5384xxxx-xxxx-xxxx-xxxx-xxxxe29a7b15/resourceGroups/jasonvmss/providers/Microsoft.Network/loadBalancers/jasonvmsslb is not supported. To modify the load balancer, pass in all NAT rules unchanged or remove the LoadBalancerInboundNatRules property from your PUT request.

Update:

We can use az network lb inbound-nat-pool create to create inbound nat pool, it works fine. command like this:

az network lb inbound-nat-pool create --backend-port
                                      --frontend-port-range-end
                                      --frontend-port-range-start
                                      --lb-name
                                      --name
                                      --protocol {All, Tcp, Udp}
                                      --resource-group
Jason Ye
  • 13,710
  • 2
  • 16
  • 25
1

I realized the solution is to create an additional nat-pool:

az network lb inbound-nat-pool create
Zirc75
  • 365
  • 3
  • 13
  • Yes, we can use `az network lb inbound-nat-pool create` inbound nat pool, this command work fine, I have update my answer, please check it :) – Jason Ye Oct 12 '17 at 06:34
0

First update VMSS with ARM template by keeping only required LB pool configuration in networkProfile section(if the pool configuration which needs to be deleted exist, remove this. If not already exist, ignore).

After VMSS updated, review VMSS does not have any association with the backendpool which needs to be deleted in AzureResourceExplorer.

Once VMSS does not have associated, we can delete the address pool from portal/using ARM template

Kamalapuram Sudheer Kumar
  • 1
-1

You can actually modify Inbound NAT pools, you just have to make sure they are not in use by the VMSS when you do. I wrote a blog post on a related topic: removing NAT rules that were created by someone who attached a debugger to a Service Fabric cluster.

Disadvantage of this approach is possible downtime because you temporarily disconnect the VMSS and the NAT pool(s).

Ronald Wildenberg
  • 31,634
  • 14
  • 90
  • 133