0

Please forgive my ignorance.

Question:

How can I control network traffic to a publicIP resource and send it to multiple different resources based on destination port?

Background:

I have setup some VMs that are configured with only private IPs in different subnets. All belong to the same Virtual Network. All these VMs have different services and I do not want HA as I do not need it and it costs money.

I just want all the services on these VMs to communicate out using the same single publicIP and I want to split incoming traffic to that same publicIP between my resources based on destination port.

Seems like a straight forward requirement right?

At first I though "this must be a task for the Load Balancer service" as it's operating at L4 and tried to set it up but I was not able to split inbound traffic on different ports to more than a single VM or a single availability set. I do not understand why you can only use Load Balancers NAT rules with a single VM or Availability Set.

I can probably delete/re-create all VMs (thank you Microsoft..) into a single availability set that only has 1 fault and 1 error domain but does this make any sense?

It just seems to me like a dirty workaround using availability sets in a way they are not meant to in order to solve a very basic thing.

Thanks!

Andy Thompson
  • 284
  • 1
  • 3
  • 21

1 Answers1

0

Basically, you could create a public-facing Azure Load balancer then target the VMs or Availability Sets to the backend pools of this load balancer. What you need to do is to configure the load balancing rules and some health probes or inbound NAT rules for the backend services with ports forwarding.

Refer to the SO answer.

You would use NAT rule when you have 1 backend server or you know which backend server to get to and load balancing rules when you want to load-balance to multiple backend servers.

NAT rule must be explicitly attached to a VM (or network interface) to complete the path to the target; whereas Load Balancing rule need not be. In the latter case, a VM is selected (from the back-end address pool or VMs) to complete the path to the target.

Additionally, Azure Load balancer supports two SKUs: basic and standard. Different SKUs support different backend pool endpoints. Read more details about Load Balancer SKU comparison.

Community
  • 1
  • 1
Nancy
  • 26,865
  • 3
  • 18
  • 34
  • I know but to achieve this I need to create an Availability Set with 1 fault/error domains (which makes no sense to me..) and my question is how to avoid it? – Andy Thompson Mar 18 '19 at 09:38
  • An availability set is a logical grouping of VMs. Could you describe what's your purpose or expectations with the load balancer? It would be better if you could give some examples. – Nancy Mar 18 '19 at 10:01
  • If you do not want to use an Availability Set as the backends, You could target several VMs in a VNet as the backends of "Standard" Azure load balancer. – Nancy Mar 18 '19 at 10:05
  • What I want is to have 1 public IP and split inbound traffic for different protocols/ports to different Virtual Machines. I see no way to achieve this without placing the VMs into an availability set, which makes no sense with 1 fault/error domain. Are there other services in Azure to achieve this? The Load Balancer must be tied to either a single VM or a single Availability Set or a single Availability Zone. – Andy Thompson Mar 18 '19 at 13:04
  • no. Azure load balancer could achieve what you want split inbound traffic for different protocols/ports to different Virtual Machines. You do not need to put VMs in an availability set, just individual VMs will also work for standard load balancer. – Nancy Mar 18 '19 at 15:02
  • 1
    "The Load Balancer must be tied to either a single VM or a single Availability Set or a single Availability Zone", It seems that you refer to basic load balancer, Could you look at standard load balancer? – Nancy Mar 18 '19 at 15:04
  • Hi, May I know if the standard load balancer meets your requirements on your side? Also, you could have a look at Scenario2 for the [outbound-connections](https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-outbound-connections#scenarios) in Azure. – Nancy Mar 20 '19 at 07:48