Skip to content

Latest commit

 

History

History
232 lines (161 loc) · 12 KB

load-balancer-ipv6-internet-ps.md

File metadata and controls

232 lines (161 loc) · 12 KB

title: Create an Azure Internet-facing load balancer with IPv6 - PowerShell | Microsoft Docs description: Learn how to create an Internet facing load balancer with IPv6 using PowerShell for Resource Manager services: load-balancer documentationcenter: na author: KumudD keywords: ipv6, azure load balancer, dual stack, public ip, native ipv6, mobile, iot ms.service: load-balancer ms.devlang: na ms.topic: article ms.tgt_pltfrm: na ms.workload: infrastructure-services ms.date: 09/25/2017 ms.author: kumud

Get started creating an Internet facing load balancer with IPv6 using PowerShell for Resource Manager

[!div class="op_single_selector"]

An Azure load balancer is a Layer-4 (TCP, UDP) load balancer. The load balancer provides high availability by distributing incoming traffic among healthy service instances in cloud services or virtual machines in a load balancer set. Azure Load Balancer can also present those services on multiple ports, multiple IP addresses, or both.

Example deployment scenario

The following diagram illustrates the load balancing solution being deployed in this article.

Load balancer scenario

In this scenario you will create the following Azure resources:

  • an Internet-facing Load Balancer with an IPv4 and an IPv6 Public IP address
  • two load balancing rules to map the public VIPs to the private endpoints
  • an Availability Set to that contains the two VMs
  • two virtual machines (VMs)
  • a virtual network interface for each VM with both IPv4 and IPv6 addresses assigned

Deploying the solution using the Azure PowerShell

The following steps show how to create an Internet facing load balancer using Azure Resource Manager with PowerShell. With Azure Resource Manager, each resource is created and configured individually, then put together to create a resource.

To deploy a load balancer, you create and configure the following objects:

  • Front-end IP configuration - contains public IP addresses for incoming network traffic.
  • Back-end address pool - contains network interfaces (NICs) for the virtual machines to receive network traffic from the load balancer.
  • Load balancing rules - contains rules mapping a public port on the load balancer to port in the back-end address pool.
  • Inbound NAT rules - contains rules mapping a public port on the load balancer to a port for a specific virtual machine in the back-end address pool.
  • Probes - contains health probes used to check availability of virtual machines instances in the back-end address pool.

For more information, see Azure Resource Manager support for Load Balancer.

Set up PowerShell to use Resource Manager

Make sure you have the latest production version of the Azure Resource Manager module for PowerShell.

  1. Sign into Azure

    Connect-AzureRmAccount

    Enter your credentials when prompted.

  2. Check the subscriptions for the account

    Get-AzureRmSubscription

  3. Choose which of your Azure subscriptions to use.

    Select-AzureRmSubscription -SubscriptionId 'GUID of subscription'

  4. Create a resource group (skip this step if using an existing resource group)

    New-AzureRmResourceGroup -Name NRP-RG -location "West US"

Create a virtual network and a public IP address for the front-end IP pool

  1. Create a virtual network with a subnet.

    $backendSubnet = New-AzureRmVirtualNetworkSubnetConfig -Name LB-Subnet-BE -AddressPrefix 10.0.2.0/24
$vnet = New-AzureRmvirtualNetwork -Name VNet -ResourceGroupName NRP-RG -Location 'West US' -AddressPrefix 10.0.0.0/16 -Subnet $backendSubnet

  2. Create Azure Public IP address (PIP) resources for the front-end IP address pool.

    $publicIPv4 = New-AzureRmPublicIpAddress -Name 'pub-ipv4' -ResourceGroupName NRP-RG -Location 'West US' -AllocationMethod Static -IpAddressVersion IPv4 -DomainNameLabel lbnrpipv4
$publicIPv6 = New-AzureRmPublicIpAddress -Name 'pub-ipv6' -ResourceGroupName NRP-RG -Location 'West US' -AllocationMethod Dynamic -IpAddressVersion IPv6 -DomainNameLabel lbnrpipv6

    [!IMPORTANT] The load balancer uses the domain label of the public IP as prefix for its FQDN. In this example, the FQDNs are lbnrpipv4.westus.cloudapp.azure.com and lbnrpipv6.westus.cloudapp.azure.com.

Create a Front-End IP configurations and a Back-End Address Pool

  1. Create front-end address configuration that uses the Public IP addresses you created.

    $FEIPConfigv4 = New-AzureRmLoadBalancerFrontendIpConfig -Name "LB-Frontendv4" -PublicIpAddress $publicIPv4
$FEIPConfigv6 = New-AzureRmLoadBalancerFrontendIpConfig -Name "LB-Frontendv6" -PublicIpAddress $publicIPv6

  2. Create back-end address pools.

    $backendpoolipv4 = New-AzureRmLoadBalancerBackendAddressPoolConfig -Name "BackendPoolIPv4"
$backendpoolipv6 = New-AzureRmLoadBalancerBackendAddressPoolConfig -Name "BackendPoolIPv6"

Create LB rules, NAT rules, a probe, and a load balancer

This example creates the following items:

  • a NAT rule to translate all incoming traffic on port 443 to port 4443
  • a load balancer rule to balance all incoming traffic on port 80 to port 80 on the addresses in the back-end pool.
  • a load balancer rule to allow RDP connection to the VMs on port 3389.
  • a probe rule to check the health status on a page named HealthProbe.aspx or a service on port 8080
  • a load balancer that uses all these objects

  1. Create the NAT rules.

    $inboundNATRule1v4 = New-AzureRmLoadBalancerInboundNatRuleConfig -Name "NicNatRulev4" -FrontendIpConfiguration $FEIPConfigv4 -Protocol TCP -FrontendPort 443 -BackendPort 4443
$inboundNATRule1v6 = New-AzureRmLoadBalancerInboundNatRuleConfig -Name "NicNatRulev6" -FrontendIpConfiguration $FEIPConfigv6 -Protocol TCP -FrontendPort 443 -BackendPort 4443

  2. Create a health probe. There are two ways to configure a probe:

    HTTP probe

    $healthProbe = New-AzureRmLoadBalancerProbeConfig -Name 'HealthProbe-v4v6' -RequestPath 'HealthProbe.aspx' -Protocol http -Port 80 -IntervalInSeconds 15 -ProbeCount 2

    or TCP probe

    $healthProbe = New-AzureRmLoadBalancerProbeConfig -Name 'HealthProbe-v4v6' -Protocol Tcp -Port 8080 -IntervalInSeconds 15 -ProbeCount 2
$RDPprobe = New-AzureRmLoadBalancerProbeConfig -Name 'RDPprobe' -Protocol Tcp -Port 3389 -IntervalInSeconds 15 -ProbeCount 2

    For this example, we are going to use the TCP probes.

  3. Create a load balancer rule.

    $lbrule1v4 = New-AzureRmLoadBalancerRuleConfig -Name "HTTPv4" -FrontendIpConfiguration $FEIPConfigv4 -BackendAddressPool $backendpoolipv4 -Probe $healthProbe -Protocol Tcp -FrontendPort 80 -BackendPort 8080
$lbrule1v6 = New-AzureRmLoadBalancerRuleConfig -Name "HTTPv6" -FrontendIpConfiguration $FEIPConfigv6 -BackendAddressPool $backendpoolipv6 -Probe $healthProbe -Protocol Tcp -FrontendPort 80 -BackendPort 8080
$RDPrule = New-AzureRmLoadBalancerRuleConfig -Name "RDPrule" -FrontendIpConfiguration $FEIPConfigv4 -BackendAddressPool $backendpoolipv4 -Probe $RDPprobe -Protocol Tcp -FrontendPort 3389 -BackendPort 3389

  4. Create the load balancer using the previously created objects.

    $NRPLB = New-AzureRmLoadBalancer -ResourceGroupName NRP-RG -Name 'myNrpIPv6LB' -Location 'West US' -FrontendIpConfiguration $FEIPConfigv4,$FEIPConfigv6 -InboundNatRule $inboundNATRule1v6,$inboundNATRule1v4 -BackendAddressPool $backendpoolipv4,$backendpoolipv6 -Probe $healthProbe,$RDPprobe -LoadBalancingRule $lbrule1v4,$lbrule1v6,$RDPrule

Create NICs for the back-end VMs

  1. Get the Virtual Network and Virtual Network Subnet, where the NICs need to be created.

    $vnet = Get-AzureRmVirtualNetwork -Name VNet -ResourceGroupName NRP-RG
$backendSubnet = Get-AzureRmVirtualNetworkSubnetConfig -Name LB-Subnet-BE -VirtualNetwork $vnet

  2. Create IP configurations and NICs for the VMs.

    $nic1IPv4 = New-AzureRmNetworkInterfaceIpConfig -Name "IPv4IPConfig" -PrivateIpAddressVersion "IPv4" -Subnet $backendSubnet -LoadBalancerBackendAddressPool $backendpoolipv4 -LoadBalancerInboundNatRule $inboundNATRule1v4
$nic1IPv6 = New-AzureRmNetworkInterfaceIpConfig -Name "IPv6IPConfig" -PrivateIpAddressVersion "IPv6" -LoadBalancerBackendAddressPool $backendpoolipv6 -LoadBalancerInboundNatRule $inboundNATRule1v6
$nic1 = New-AzureRmNetworkInterface -Name 'myNrpIPv6Nic0' -IpConfiguration $nic1IPv4,$nic1IPv6 -ResourceGroupName NRP-RG -Location 'West US'

$nic2IPv4 = New-AzureRmNetworkInterfaceIpConfig -Name "IPv4IPConfig" -PrivateIpAddressVersion "IPv4" -Subnet $backendSubnet -LoadBalancerBackendAddressPool $backendpoolipv4
$nic2IPv6 = New-AzureRmNetworkInterfaceIpConfig -Name "IPv6IPConfig" -PrivateIpAddressVersion "IPv6" -LoadBalancerBackendAddressPool $backendpoolipv6
$nic2 = New-AzureRmNetworkInterface -Name 'myNrpIPv6Nic1' -IpConfiguration $nic2IPv4,$nic2IPv6 -ResourceGroupName NRP-RG -Location 'West US'

Create virtual machines and assign the newly created NICs

For more information about creating a VM, see Create and preconfigure a Windows Virtual Machine with Resource Manager and Azure PowerShell

  1. Create an Availability Set and Storage account

    New-AzureRmAvailabilitySet -Name 'myNrpIPv6AvSet' -ResourceGroupName NRP-RG -location 'West US'
$availabilitySet = Get-AzureRmAvailabilitySet -Name 'myNrpIPv6AvSet' -ResourceGroupName NRP-RG
New-AzureRmStorageAccount -ResourceGroupName NRP-RG -Name 'mynrpipv6stacct' -Location 'West US' -SkuName "Standard_LRS"
$CreatedStorageAccount = Get-AzureRmStorageAccount -ResourceGroupName NRP-RG -Name 'mynrpipv6stacct'

  2. Create each VM and assign the previous created NICs

    $mySecureCredentials= Get-Credential -Message "Type the username and password of the local administrator account."

$vm1 = New-AzureRmVMConfig -VMName 'myNrpIPv6VM0' -VMSize 'Standard_G1' -AvailabilitySetId $availabilitySet.Id
$vm1 = Set-AzureRmVMOperatingSystem -VM $vm1 -Windows -ComputerName 'myNrpIPv6VM0' -Credential $mySecureCredentials -ProvisionVMAgent -EnableAutoUpdate
$vm1 = Set-AzureRmVMSourceImage -VM $vm1 -PublisherName MicrosoftWindowsServer -Offer WindowsServer -Skus 2012-R2-Datacenter -Version "latest"
$vm1 = Add-AzureRmVMNetworkInterface -VM $vm1 -Id $nic1.Id -Primary
$osDisk1Uri = $CreatedStorageAccount.PrimaryEndpoints.Blob.ToString() + "vhds/myNrpIPv6VM0osdisk.vhd"
$vm1 = Set-AzureRmVMOSDisk -VM $vm1 -Name 'myNrpIPv6VM0osdisk' -VhdUri $osDisk1Uri -CreateOption FromImage
New-AzureRmVM -ResourceGroupName NRP-RG -Location 'West US' -VM $vm1

$vm2 = New-AzureRmVMConfig -VMName 'myNrpIPv6VM1' -VMSize 'Standard_G1' -AvailabilitySetId $availabilitySet.Id
$vm2 = Set-AzureRmVMOperatingSystem -VM $vm2 -Windows -ComputerName 'myNrpIPv6VM1' -Credential $mySecureCredentials -ProvisionVMAgent -EnableAutoUpdate
$vm2 = Set-AzureRmVMSourceImage -VM $vm2 -PublisherName MicrosoftWindowsServer -Offer WindowsServer -Skus 2012-R2-Datacenter -Version "latest"
$vm2 = Add-AzureRmVMNetworkInterface -VM $vm2 -Id $nic2.Id -Primary
$osDisk2Uri = $CreatedStorageAccount.PrimaryEndpoints.Blob.ToString() + "vhds/myNrpIPv6VM1osdisk.vhd"
$vm2 = Set-AzureRmVMOSDisk -VM $vm2 -Name 'myNrpIPv6VM1osdisk' -VhdUri $osDisk2Uri -CreateOption FromImage
New-AzureRmVM -ResourceGroupName NRP-RG -Location 'West US' -VM $vm2

Next steps

Get started configuring an internal load balancer

Configure a load balancer distribution mode

Configure idle TCP timeout settings for your load balancer