0

I have 2 different Virtual machine scale sets running in Azure. They're both in the same resource group. I have a single Azure Load balancer for kubernetes, and it has a backend pool that contains all of the VMs from both scale sets.

I have 2 different 'Public IP addresses' set up in Azure. I want one of these IPs to point to the 1st virtual machine scale set, and the 2nd to point to the 2nd virtual machines scale set (preferably without having to specify the VMs to connect to - I'd prefer the IPs to point to the scale set somehow, not the individual VMs, if possible).

For both virtual machine scale sets, the 'Networking' section in Azure is as follows (It's showing an inbound port rule for the 1st IP, but the 2nd IP isn't currently present at all on the inbound port rules:

enter image description here

Under the Load balancer > Inbound NAT rules section, I looked at adding a new rule, but the 'Target virtual machine' dropdown on the 'Add inbound NAT rule' page doesn't show any options (and in any case, I'd prefer to target the IP to the VM scale set, if possible):

enter image description here

I looked at the following questions, but they don't address my scenario. Is it possible to direct my 1st IP to the 1st VM scale set, and the 2nd IP to the 2nd VM scale set? If not, can I direct my 2nd IP to one of the VMs in the 2nd scale set, using the same load balancer? And how would I achieve either of these two approaches?

Load balance between two Azure Virtual Machine Scale Set (VMSS)

Azure VM: More than one Public IP

Chris Halcrow
  • 28,994
  • 18
  • 176
  • 206
  • Any more updates for the question? Does it work for you? – Charles Xu Oct 02 '20 at 06:24
  • @Charles Xu I decided actually to separate the scale sets out into 2 different clusters for better separation, so I haven't tried your solution yet. +1 for the advice thanks, I'm sure it'll come in useful for others too. – Chris Halcrow Oct 07 '20 at 03:12
  • If you do not mind please accept it, it works for the issue you ask even if you do not use this way anymore. – Charles Xu Oct 07 '20 at 05:53

1 Answers1

2

I also have met this issue and I think it's a problem that needs to be fixed. You cannot solve it in the Azure portal. I solve it via the CLI command and here are the steps:

  1. create an inbound nat pool:
az network lb inbound-nat-pool create --backend-port 22 --frontend-port-range-end 50010 --frontend-port-range-start 50000 --lb-name lbName --name natpoolName --protocol Tcp -g resourceGroupName
  1. find the inbound nat pool resource id:
az network lb show -g resourceGroupName -n lbName --query inboundNatPools
  1. add the inbound nat pool to the vmss:
az vmss update -g charles -n azurevmss --add virtualMachineProfile.networkProfile.networkInterfaceConfigurations[0].ipConfigurations[0].loadBalancerInboundNatPools id=inboundNatPoolId
  1. upgrade the vmss instances in the Azure portal

Then you can see all the VMSS instances are already in the Load Balancer inbound NAT pool. You can also create the inbound Nat Pool with a special frontend IP as you want.

Charles Xu
  • 29,862
  • 2
  • 22
  • 39
  • 1. THANK YOU, this works awesome. 2. Why the heck is this so hard? Why can't I do this via the Portal??? Come on, Microsoft! – qJake Feb 23 '21 at 21:42