| title | description | services | documentationcenter | author | manager | editor | tags | ms.assetid | ms.service | ms.devlang | ms.topic | ms.tgt_pltfrm | ms.workload | ms.date | ms.author |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Create a public Load Balancer Standard with zonal Public IP address frontend using Azure CLI | Microsoft Docs |
Learn how to create a public Load Balancer Standard with zonal Public IP address frontend using Azure CLI |
load-balancer |
na |
KumudD |
jeconnoc |
azure-resource-manager |
load-balancer |
na |
article |
na |
infrastructure-services |
03/26/2018 |
kumud |
This article steps through creating a public Load Balancer Standard with a zonal frontend using a Public IP Standard address. In this scenario, you specify a particular zone for your front-end and back-end instances, to align your data path and resources with a specific zone.
For more information about using Availability zones with Standard Load Balancer, see Standard Load Balancer and Availability Zones.
If you don't have an Azure subscription, create a free account before you begin.
[!INCLUDE cloud-shell-try-it.md]
If you choose to install and use the CLI locally, make sure that you have installed the latest Azure CLI 2.0 and are logged in to an Azure account with az login.
Note
Support for Availability Zones is available for select Azure resources and regions, and VM size families. For more information on how to get started, and which Azure resources, regions, and VM size families you can try availability zones with, see Overview of Availability Zones. For support, you can reach out on StackOverflow or open an Azure support ticket.
Create a resource group with az group create. An Azure resource group is a logical container into which Azure resources are deployed and managed.
The following example creates a resource group named myResourceGroupLB in the westeurope location:
az group create \
--name myResourceGroupLB \
--location westeurope
To access your app on the Internet, you need a public IP address for the load balancer. A Public IP address that is created in a specific zone always exists only in that zone. It is not possible to change the zone of a Public IP address.
Create a public IP address with New-AzureRmPublicIpAddress. The following example creates a zonal public IP address named myPublicIP in the myResourceGroupLoadBalancer resource group in zone 1.
az network public-ip create \
--resource-group myResourceGroupLB \
--name myPublicIP \
--sku Standard \
--zone 1
This section details how you can create and configure the following components of the load balancer:
- a frontend IP pool that receives the incoming network traffic on the load balancer.
- a backend IP pool where the frontend pool sends the load balanced network traffic.
- a health probe that determines health of the backend VM instances.
- a load balancer rule that defines how traffic is distributed to the VMs.
Create a Standard load balancer with az network lb create. The following example creates a load balancer named myLoadBalancer and assigns the myPublicIP address to the front-end IP configuration.
az network lb create \
--resource-group myResourceGroupLB \
--name myLoadBalancer \
--public-ip-address myPublicIP \
--frontend-ip-name myFrontEndPool \
--backend-pool-name myBackEndPool \
--sku Standard
A health probe checks all virtual machine instances to make sure they can send network traffic. The virtual machine instance with failed probe checks is removed from the load balancer until it goes back online and a probe check determines that it's healthy. Create a health probe with az network lb probe create to monitor the health of the virtual machines. To create a TCP health probe, you use az network lb probe create. The following example creates a health probe named myHealthProbe:
az network lb probe create \
--resource-group myResourceGroupLB \
--lb-name myLoadBalancer \
--name myHealthProbe \
--protocol tcp \
--port 80
A load balancer rule defines the front-end IP configuration for the incoming traffic and the back-end IP pool to receive the traffic, along with the required source and destination port. Create a load balancer rule myLoadBalancerRuleWeb with az network lb rule create for listening to port 80 in the frontend pool myFrontEndPool and sending load-balanced network traffic to the backend address pool myBackEndPool also using port 80.
az network lb rule create \
--resource-group myResourceGroupLB \
--lb-name myLoadBalancer \
--name myLoadBalancerRuleWeb \
--protocol tcp \
--frontend-port 80 \
--backend-port 80 \
--frontend-ip-name myFrontEndPool \
--backend-pool-name myBackEndPool \
--probe-name myHealthProbe
Before you deploy some VMs and can test your load balancer, create the supporting virtual network resources.
Create a virtual network named myVnet with a subnet named mySubnet in the myResourceGroup using az network vnet create.
az network vnet create \
--resource-group myResourceGroupLB \
--location westeurope \
--name myVnet \
--subnet-name mySubnet
Create network security group named myNetworkSecurityGroup to define inbound connections to your virtual network with az network nsg create.
az network nsg create \
--resource-group myResourceGroupLB \
--name myNetworkSecurityGroup
Create a network security group rule named myNetworkSecurityGroupRule for port 80 with az network nsg rule create.
az network nsg rule create \
--resource-group myResourceGroupLB \
--nsg-name myNetworkSecurityGroup \
--name myNetworkSecurityGroupRule \
--protocol tcp \
--direction inbound \
--source-address-prefix '*' \
--source-port-range '*' \
--destination-address-prefix '*' \
--destination-port-range 80 \
--access allow \
--priority 200
Create three virtual NICs with az network nic create and associate them with the Public IP address and the network security group. The following example creates three virtual NICs. (One virtual NIC for each VM you create for your app in the following steps). You can create additional virtual NICs and VMs at any time and add them to the load balancer:
for i in `seq 1 3`; do
az network nic create \
--resource-group myResourceGroupLB \
--name myNic$i \
--vnet-name myVnet \
--subnet mySubnet \
--network-security-group myNetworkSecurityGroup \
--lb-name myLoadBalancer \
--lb-address-pools myBackEndPool
done
In this example, you create three virtual machines located in zone 1 to be used as backend servers for the load balancer. You also install NGINX on the virtual machines to verify that the load balancer was successfully created.
You can use a cloud-init configuration file to install NGINX and run a 'Hello World' Node.js app on a Linux virtual machine. In your current shell, create a file named cloud-init.txt and copy and paste the following configuration into the shell. Make sure that you copy the whole cloud-init file correctly, especially the first line:
#cloud-config
package_upgrade: true
packages:
- nginx
- nodejs
- npm
write_files:
- owner: www-data:www-data
- path: /etc/nginx/sites-available/default
content: |
server {
listen 80;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
- owner: azureuser:azureuser
- path: /home/azureuser/myapp/index.js
content: |
var express = require('express')
var app = express()
var os = require('os');
app.get('/', function (req, res) {
res.send('Hello World from host ' + os.hostname() + '!')
})
app.listen(3000, function () {
console.log('Hello world app listening on port 3000!')
})
runcmd:
- service nginx restart
- cd "/home/azureuser/myapp"
- npm init
- npm install express -y
- nodejs index.jsCreate the VMs with az vm create. The following example creates three VMs in zone 1 and generates SSH keys if they do not already exist:
for i in `seq 1 3`; do
az vm create \
--resource-group myResourceGroupLB \
--name myVM$i \
--nics myNic$i \
--image UbuntuLTS \
--generate-ssh-keys \
--zone 1 \
--custom-data cloud-init.txt
done
Get the public IP address of the load balancer using az network public-ip show.
az network public-ip show \
--resource-group myResourceGroupSLB \
--name myPublicIP \
--query [ipAddress] \
--output tsv
You can then enter the public IP address in to a web browser. Remember - it takes a few minutes for the VMs to be ready before the load balancer starts to distribute traffic to them. The app is displayed, including the hostname of the VM that the load balancer distributed traffic to as in the following example:
To see the load balancer distribute traffic to VMs within zone 1 that are running your app, you can force-refresh your web browser.
- Learn more about Standard Load Balancer.