0

When using the Microsoft internal load balancer (ILB), I would like to create a pool for VMs that reside in a VNET that is a different than the VNET where the ILB is located. The UI would seem to support this as I can select any VNET in my environment when creating the pool. Yet, when I create this pool, I receive the following error that would imply this is not allowed.

NetworkInterfaceAndInternalLoadBalancerMustUseSameVnet

{"code":"BadRequest","message":"{\r\n \"error\": {\r\n \"code\": \"NetworkInterfaceAndInternalLoadBalancerMustUseSameVnet\",\r\n \"message\": \"Network interface /subscriptions/2f46d973-XXXX-XXXX-80a7-7222a103acb4/resourceGroups/ihde_operations/providers/Microsoft.Network/networkInterfaces/op-vm-ftp1463 uses internal load balancer /subscriptions/2f46d973-cea1-XXXX-XXXX-7222a103acb4/resourceGroups/ihde_dev/providers/Microsoft.Network/loadBalancers/dev-lb-CSL-Internal but does not use the same VNET (/subscriptions/2f46d973-cea1-4856-80a7-7222a103acb4/resourceGroups/IHDE_DEV/providers/Microsoft.Network/virtualNetworks/VNET_BACKEND) as the load balancer.\",\r\n \"details\": []\r\n }\r\n}"}]}

As a side note, the public version of the load balancer does support this this scenario without any issues.

Geekn
  • 2,650
  • 5
  • 40
  • 80

1 Answers1

0

Per this doc.

An internal Load Balancer differs from a public Load Balancer. Azure infrastructure restricts access to the load-balanced frontend IP addresses of a virtual network.

For an internal Load Balancer, It enables load balancing of VMs in a virtual network to a set of VMs that reside within the same virtual network. So you could not create a pool for VMs that reside in a VNET that is a different than the VNET where the ILB is located.

Nancy
  • 26,865
  • 3
  • 18
  • 34
  • So I get what you are saying but I understood that as meaning a pool can only contain VMs that reside in the same VNET that the pool targets. The internal load balancer UI allows you to create a pool and select a different VNET than the one where the load balancer resides in (until you try to save it). Why would it allow this from a UI perspective? If you can only create pools that target the VNET of the ILB, then it should restrict it. – Geekn Nov 03 '18 at 15:30
  • That is the difference SKU of LB UI. Standard LB is integrated with a virtual network, so you can see the meeting conditional resources in a vNET but this does not mean you can create a meaning pool until you save it. Instead, for Basic LB, when you associate a VM to backend pool, there is a note: Only VMs that are in the same vNET as the internal LB will be listed. You only can select the listed VMs. – Nancy Nov 05 '18 at 07:03
  • I know you are concerned about restricting the target resources from the vNET of the ILB. Currently, Azure just has the common standard LB UI for PLB and ILB to identify that Standard Load Balancer [backend pools](https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-overview#backend) expands to any virtual machine resource in a virtual network. It's welcome to post your feedback [here](https://feedback.azure.com/forums/217313-networking?query=standard%20load%20balancer%20) to improve the Azure networking. – Nancy Nov 05 '18 at 07:31