[AZURE.INCLUDE load-balancer-get-started-internet-arm-selectors-include.md]
[AZURE.INCLUDE load-balancer-get-started-internet-intro-include.md]
[AZURE.INCLUDE azure-arm-classic-important-include] This article covers the Resource Manager deployment model. If you are looking for Azure classic deployment model, go to Get started creating Internet facing load balancer using classic deployment
[AZURE.INCLUDE load-balancer-get-started-internet-scenario-include.md]
The steps below will show how to create an internet facing load balancer using Azure Resource Manager with PowerShell. With Azure Resource Manager, the items to create an internet facing load balancer are configured individually and then put together to create a resource.
We will cover in this page the sequence of individual tasks it has to be done to create a load balancer and explain in detail what is being done to accomplish the goal to create a load balancer.
You need to create and configure the following objects to deploy a load balancer:
-
Front end IP configuration - contains public IP addresses for incoming network traffic.
-
Back end address pool - contains network interfaces (NICs) to receive traffic from the load balancer.
-
Load balancing rules - contains rules mapping a public port on the load balancer to ports on the NICs in the back end address pool.
-
Inbound NAT rules - contains rules mapping a public port on the load balancer to a port in an individual NIC in the back end address pool.
-
Probes - contains health probes used to check availability of VMs linked to the NICs in the back end address pool.
You can get more information about load balancer components with Azure resource manager at Azure Resource Manager support for Load Balancer.
Make sure you have the latest production version of the Azure module for PowerShell, and have PowerShell setup correctly to access your Azure subscription.
-
If you have never used Azure PowerShell, see How to Install and Configure Azure PowerShell and follow the instructions all the way to the end to sign into Azure and select your subscription.
-
From an Azure PowerShell prompt, run the Switch-AzureMode cmdlet to switch to Resource Manager mode, as shown below.
Switch-AzureMode AzureResourceManagerExpected output:
WARNING: The Switch-AzureMode cmdlet is deprecated and will be removed in a future release.
[AZURE.WARNING] The Switch-AzureMode cmdlet will be deprecated soon. When that happens, all Resource Manager cmdlets will be renamed.
Log in to your Azure account.
PS C:\> Add-AzureAccount
You will be prompted to Authenticate with your credentials.
Choose which of your Azure subscriptions to use.
PS C:\> Select-AzureSubscription -SubscriptionName "MySubscription"
To see a list of available subscriptions, use the ‘Get-AzureSubscription’ cmdlet.
Create a new resource group named NRP-RG in the West US Azure location.
PS C:\> New-AzureResourceGroup -Name NRP-RG -location "West US"
Create a subnet and a virtual network.
$backendSubnet = New-AzureVirtualNetworkSubnetConfig -Name LB-Subnet-BE -AddressPrefix 10.0.2.0/24
New-AzurevirtualNetwork -Name NRPVNet -ResourceGroupName NRP-RG -Location "West US" -AddressPrefix 10.0.0.0/16 -Subnet $backendSubnet
Create a public IP address (PIP) named PublicIP to be used by a frontend IP pool with DNS name loadbalancernrp.westus.cloudapp.azure.com. The command below uses the static allocation type.
$publicIP = New-AzurePublicIpAddress -Name PublicIp -ResourceGroupName NRP-RG -Location "West US" –AllocationMethod Static -DomainNameLabel loadbalancernrp
[AZURE.IMPORTANT] The load balancer will use the domain label of the public IP as its FQDN. This is a change from classic deployment model which uses the cloud service as the load balancer FQDN. In this example, the FQDN will be loadbalancernrp.westus.cloudapp.azure.com.
Create a front end IP pool named LB-Frontend that uses the PublicIp PIP.
$frontendIP = New-AzureLoadBalancerFrontendIpConfig -Name LB-Frontend -PublicIpAddress $publicIP
Create a back end address pool named LB-backend.
$beaddresspool= New-AzureLoadBalancerBackendAddressPoolConfig -Name "LB-backend"
The example below creates the following items:
- a NAT rule to translate all incoming traffic on port 3441 to port 33891
- a NAT rule to translate all incoming traffic on port 3442 to port 3389.
- a load balancer rule to balance all incoming traffic on port 80 to port 80 on the addresses in the back end pool.
- a probe rule which will check the health status on a page named HealthProbe.aspx.
- a load balancer that uses all the objects above.
1 NAT rules are associated to a specific instance virtual machine behind the load balancer. The network traffic coming to ports 3341 will be sent to a specific virtual machine RDP port associated with the NAT rule.
Create the NAT rules.
$inboundNATRule1= New-AzureLoadBalancerInboundNatRuleConfig -Name "RDP1" -FrontendIpConfiguration $frontendIP -Protocol TCP -FrontendPort 3441 -BackendPort 3389
$inboundNATRule2= New-AzureLoadBalancerInboundNatRuleConfig -Name "RDP2" -FrontendIpConfiguration $frontendIP -Protocol TCP -FrontendPort 3442 -BackendPort 3389
Create a load balancer rule.
$lbrule = New-AzureLoadBalancerRuleConfig -Name "HTTP" -FrontendIpConfiguration $frontendIP -BackendAddressPool $beAddressPool -Probe $healthProbe -Protocol Tcp -FrontendPort 80 -BackendPort 80
Create a health probe.
$healthProbe = New-AzureLoadBalancerProbeConfig -Name "HealthProbe" -RequestPath "HealthProbe.aspx" -Protocol http -Port 80 -IntervalInSeconds 15 -ProbeCount 2
Create the load balancer using the objects created above.
$NRPLB = New-AzureLoadBalancer -ResourceGroupName "NRP-RG" -Name "NRP-LB" -Location "West US" -FrontendIpConfiguration $frontendIP -InboundNatRule $inboundNATRule1,$inboundNatRule2 -LoadBalancingRule $lbrule -BackendAddressPool $beAddressPool -Probe $healthProbe
You need to create NICs (or modify existing ones) and associate them to NAT rules, load balancer rules, and probes.
Get the VNet and subnet where the NICs ned to be created.
$vnet = Get-AzureVirtualNetwork -Name NRPVNet -ResourceGroupName NRP-RG
$backendSubnet = Get-AzureVirtualNetworkSubnetConfig -Name LB-Subnet-BE -VirtualNetwork $vnet
Create a NIC named lb-nic1-be, and associate it with the first NAT rule, and the first (and only) back end address pool.
$backendnic1= New-AzureNetworkInterface -ResourceGroupName "NRP-RG" -Name lb-nic1-be -Location "West US" -PrivateIpAddress 10.0.2.6 -Subnet $backendSubnet -LoadBalancerBackendAddressPool $nrplb.BackendAddressPools[0] -LoadBalancerInboundNatRule $nrplb.InboundNatRules[0]
Create a NIC named lb-nic2-be, and associate it with the second NAT rule, and the first (and only) back end address pool.
$backendnic2= New-AzureNetworkInterface -ResourceGroupName "NRP-RG" -Name lb-nic2-be -Location "West US" -PrivateIpAddress 10.0.2.7 -Subnet $backendSubnet -LoadBalancerBackendAddressPool $nrplb.BackendAddressPools[0] -LoadBalancerInboundNatRule $nrplb.InboundNatRules[1]
Check the NICs.
PS C:\> $backendnic1
Expected output:
Name : lb-nic1-be
ResourceGroupName : NRP-RG
Location : westus
Id : /subscriptions/f50504a2-1865-4541-823a-b32842e3e0ee/resourceGroups/NRP-RG/providers/Microsoft.Network/networkInterfaces/lb-nic1-be
Etag : W/"d448256a-e1df-413a-9103-a137e07276d1"
ProvisioningState : Succeeded
Tags :
VirtualMachine : null
IpConfigurations : [
{
"PrivateIpAddress": "10.0.2.6",
"PrivateIpAllocationMethod": "Static",
"Subnet": {
"Id": "/subscriptions/f50504a2-1865-4541-823a-b32842e3e0ee/resourceGroups/NRP-RG/providers/Microsoft.Network/virtualNetworks/NRPVNet/subnets/LB-Subnet-BE"
},
"PublicIpAddress": {
"Id": null
},
"LoadBalancerBackendAddressPools": [
{
"Id": "/subscriptions/f50504a2-1865-4541-823a-b32842e3e0ee/resourceGroups/NRP-RG/providers/Microsoft.Network/loadBalancers/NRPlb/backendAddressPools/LB-backend"
}
],
"LoadBalancerInboundNatRules": [
{
"Id": "/subscriptions/f50504a2-1865-4541-823a-b32842e3e0ee/resourceGroups/NRP-RG/providers/Microsoft.Network/loadBalancers/NRPlb/inboundNatRules/RDP1"
}
],
"ProvisioningState": "Succeeded",
"Name": "ipconfig1",
"Etag": "W/\"d448256a-e1df-413a-9103-a137e07276d1\"",
"Id": "/subscriptions/f50504a2-1865-4541-823a-b32842e3e0ee/resourceGroups/NRP-RG/providers/Microsoft.Network/networkInterfaces/lb-nic1-be/ipConfigurations/ipconfig1"
}
]
DnsSettings : {
"DnsServers": [],
"AppliedDnsServers": []
}
AppliedDnsSettings :
NetworkSecurityGroup : null
Primary : False
Use the Add-AzureVMNetworkInterface cmdlet to assign the NICs to different VMs.
You can find guidance on how to create a virtual machine, and assign a NIC in Create and preconfigure a Windows Virtual Machine with Resource Manager and Azure PowerShell, using option 5 in the example.
Using the load balancer from the example above, assign load balancer object to variable $slb using Get-AzureLoadBalancer
$slb=get-azureLoadBalancer -Name NRPLB -ResourceGroupName NRP-RG
In the following example, you will add a new Inbound NAT rule using port 81 in the front end and port 8181 for the back end pool to an existing load balancer
$slb | Add-AzureLoadBalancerInboundNatRuleConfig -Name NewRule -FrontendIpConfiguration $slb.FrontendIpConfigurations[0] -FrontendPort 81 -BackendPort 8181 -Protocol Tcp
Save the new configuration using Set-AzureLoadBalancer
$slb | Set-AzureLoadBalancer
Use the command Remove-AzureLoadBalancer to delete a previously created load balancer named "NRP-LB" in a resource group called "NRP-RG"
Remove-AzureLoadBalancer -Name NRPLB -ResourceGroupName NRP-RG
[AZURE.NOTE] You can use the optional switch -Force to avoid the prompt for deletion.
Get started configuring an internal load balancer