I want to load-balance my VM scale set in a VNet. My requirements are that:
I do not want public IP accessibility and
I do need https health probes.
While both Azure load balancers (in either basic or standard sku) seem to be capable of balancing also internal traffic, only the standard sku offers https health probes.
When trying to add the VM scale set to the backend pool, I cannot select it, it's not found by the wizard. Both scale set and internal standard sku load balancer are within the same region, VNet, and resource group.
It appears I'm having the same issue as someone here, only with a scale set instead of an availability set.
There is a tooltip stating
Only VMs in region with standard SKU public or no public IP can be
attached to this loadbalancer. A backend pool can only contain
resources from one virtual network. Create a new backend pool to add
resources from a different virtual network.
So I am confused, my internal load balancer is using only private addresses, so the criterion of "with standard SKU public or no public IP" should be met. Also I note, that the tooltip does only explicitly state VMs, not VM scale set. However, I refuse to believe that the standard sku of LB should lacking features compared to the basic sku (I do have it working with a scale set and internal basic LB, albeit without https health probes).
Am I missing something here? I do realise that there's still the "Azure Application Gateway", however I think it's overly complex to set-up and overkill for my scenario. I only want internal load balancing of a scale set with https health probes. And I am starting to think that this is not possible.
Kind regards, baouss
It seems a restriction that you could not select the scale set as the backend for a standard SKU load balancer on the Azure portal. The document states that
One key aspect is the scope of the virtual network for the resource.
While Basic Load Balancer exists within the scope of an availability
set, a Standard Load Balancer is fully integrated with the scope of a
virtual network and all virtual network concepts apply.
So we only could select the eligible VMs in the virtual network as the backend pool for a Standard Load Balancer.
Wait for confirmation from Azure team: VM scale set does not work with internal standard SKU Azure load balancer backend pool
As you mentioned, currently, you could use Application Gateway with health probe Https. If not, you may create a VM scale set and choose a load balancing option--- load balancer. This will automatically associate a public standard SKU load balancer for your scale set.
Related
I have referred to this link but that solution does not work.
Basic Load Balancer with scale set "Virtual Machine Scale Set cannot use a basic SKU load balancer when singlePlacementGroup property is false (lar)."
Issue:
Azure forcing to create a Standard LB instead of Basic LB.
I created a VMSS with SinglePlacement Group = Enable
However while creating Basic Load Balancer, Azure does not allow me to add this VMSS to the backendpool and forces me to Create a STANDARD Load balancer and says “Single Placement Group is set to False” on the VMSS. While it is not true, see attached below screenshots.
Thanks
Venkat
https://i.stack.imgur.com/lRSsF.jpg
https://i.stack.imgur.com/HEV24.jpg
https://i.stack.imgur.com/iV0sQ.jpg
I tried to reproduce the same in my environment I am getting the same error as below:
To resolve this issue, try to recreate a virtual machine scale set in advance -> click fixed spreading and uncheck the Enable scaling beyond 100 instances
And networking tab check whether you have provided correct virtual network from your resources as below. I have created load balancer -> vmss -> networking tab select load balancer created backend pool
Created virtual machine scale set:
After unchecking Enable scaling beyond 100 instances -> networking -> add load balancing -> use existing -> save
My load balancing has been successfully added in virtual machine scale set in Basic SKU
Additional details, I have created separate load balancer as basic and added to virtual machine scale set and check whether you have given correct frontend Ip as public, backend pool, health probes
Make sure to create load balancing rules as below:
Reference: Virtual machine scale sets and placement groups - | Microsoft Docs
When creating a Scale Set (VMSS) in Azure, I can choose to include a load balancer with it.
What I don't understand is - how does it work if there's no Load Balancer?
So say my Scale Set has 1 VM, and now, b/c of the scaling rules, another VM is added. If there's no LB or App GW, how should I access this VM? Is there some kind of internal load balancer in the Scale Set itself?
Thanks!
If there's no LB or App GW, how should I access this VM? Is there some
kind of internal load balancer in the Scale Set itself?
For the VM, you only can associate the public IP address to the NIC of it and the NIC is a separate resource. But for the VMSS, there is no separate NIC of it you can associate the public IP address to. If no public IP address, you cannot access both the VM and the VMSS. So you can only access through the load balancer or the Application Gateway.
Maybe you can use a VM with the public IP address as a jump box and access the VMSS from the VM. But it's a little more complex and expensive.
We are moving a workflow of our business to Azure. I currently have two VMs as an HA pair behind an internal load balancer in the North Central US Region as my production environment. I have mirrored this architecture in the South Central US Region for disaster recovery purposes. A vendor recommended I place an Azure Traffic Manager in front of the ILBs for automatic failover, but it appears that I cannot spec ILBs as endpoints for ATM. (For clarity, all connections to these ILBs are through VPNs.)
Our current plan is to put the IPs for both ILBs in a custom-built appliance placed on-prem, and the failover would happen on that appliance. However, it would greatly simplify things if we could present a single IP to that appliance, and let the failover happen in Azure instead.
Is there an Azure product or service, or perhaps more appropriate architecture that would allow for a single IP to be presented to the customer, but allow for automatic failover across regions?
It seems that you could configure an application gateway with an internal load balancer (ILB) endpoint. In this case, you will have a private frontend IP configuration for an Application Gateway. The APPGW will be deployed in a dedicated subnet, it will exist on the same VNet with your internal backend VMs. Please note in this case you can directly add the private VMs as the backends instead of internal load balancer frontend IP address because of private APPGW itself is an internal load balancer.
Moreover, APPGW also could configure a public frontend IP configuration, if so, you can configure the APPGW public frontend IP as the endpoints of the Azure traffic manager.
Hope this could help you.
our app is hosted in Azure VM scale set and it has 80 and 8080 endpoints,
80 must be public and 8080 must be private.
Obvious way to achieve this is to use one public and one private load balancer.
Is it possible in Azure VM scale set?
According to this it is.
https://heranonazure.wordpress.com/2017/08/30/vmss-behind-both-internal-and-external-load-balancer/
However, I have attached my VMSS to 2 load balancers, 1 internal and 1 external. It does work just fine, but you do get a warning saying that 1 backend address pool has been removed....however I can still access resources via both load balancers. Whether this persists after any maintenance or scaling of the VMSS remains to be seen.
I would say on the Basic SKU LoadBalancer it is NOT supported even though you can get it to work to some degree.
The Standard load balancer may well be different, however that is still in preview.
We're building a multitenant SAAS app. Each customer gets its own subdomain, http://customername.mycompany.com. Each customer will have many gigabytes of data, which means that they have to be assigned to a particular server and stay there.
If I have a server farm, and a request comes in for a particular customer, how do I direct the request to the right server?
My thought is that I'll have to create some kind of custom, programmable load balancer that will know where each customer lives and proxy the request through.
Is there an easier way?
If not, where do I find such a load balancer? The ones I've found online act more like appliances than applications which could go query a database to find the right destination server.
I think the answer is in the question; you mention that the user will connect to username.mycompany.com. So use a DNS A record to point them to a particular IP.
In the future, if you wanted to load balance the user across (say 2) servers, you could create a virtual IP on a load balancer appliance (running LVS for example), and then point the A record to the Virtual IP created by the LB, and distribute the user across a group of servers that you have configured.
This is why using subdomains is simpler than having URL based access such as company.com/username, in which case you would have to inspect the content of the packet to see the requested URL. By using subdomains, everything can be done at the IP layer.