Azurecloud~5 mins

Azure Load Balancer (Layer 4) - Commands & Configuration

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

When you have multiple servers running the same app, you want to share the work evenly so no server gets too busy. Azure Load Balancer helps by spreading incoming network traffic across your servers at the basic network level, making your app faster and more reliable.

When you want to distribute incoming internet traffic to multiple virtual machines to avoid overload on one server.

When you need to keep your app available even if one server goes down by automatically sending traffic to healthy servers.

When you want to balance traffic inside your private network between backend servers without exposing them directly to the internet.

When you want a simple, fast way to route TCP or UDP traffic without complex rules or SSL termination.

When you need to improve app performance by spreading user requests evenly across servers.

Config File - loadbalancer.json

loadbalancer.json

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "resources": [
    {
      "type": "Microsoft.Network/loadBalancers",
      "apiVersion": "2022-05-01",
      "name": "myLoadBalancer",
      "location": "eastus",
      "properties": {
        "frontendIPConfigurations": [
          {
            "name": "LoadBalancerFrontEnd",
            "properties": {
              "publicIPAddress": {
                "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Network/publicIPAddresses/myPublicIP"
              }
            }
          }
        ],
        "backendAddressPools": [
          {
            "name": "myBackendPool"
          }
        ],
        "loadBalancingRules": [
          {
            "name": "myLoadBalancingRule",
            "properties": {
              "frontendIPConfiguration": {
                "id": "[concat(resourceId('Microsoft.Network/loadBalancers', 'myLoadBalancer'), '/frontendIPConfigurations/LoadBalancerFrontEnd')]"
              },
              "backendAddressPool": {
                "id": "[concat(resourceId('Microsoft.Network/loadBalancers', 'myLoadBalancer'), '/backendAddressPools/myBackendPool')]"
              },
              "protocol": "Tcp",
              "frontendPort": 80,
              "backendPort": 80,
              "enableFloatingIP": false,
              "idleTimeoutInMinutes": 4,
              "loadDistribution": "Default",
              "probe": {
                "id": "[concat(resourceId('Microsoft.Network/loadBalancers', 'myLoadBalancer'), '/probes/myHealthProbe')]"
              }
            }
          }
        ],
        "probes": [
          {
            "name": "myHealthProbe",
            "properties": {
              "protocol": "Tcp",
              "port": 80,
              "intervalInSeconds": 5,
              "numberOfProbes": 2
            }
          }
        ]
      }
    }
  ]
}

This JSON file is an Azure Resource Manager template that creates a Load Balancer named myLoadBalancer in the eastus region.

frontendIPConfigurations defines the public IP address where the Load Balancer listens for incoming traffic.

backendAddressPools lists the group of virtual machines that will receive the traffic.

loadBalancingRules specify how traffic is distributed from the frontend to the backend, here for TCP port 80.

probes check the health of backend servers to send traffic only to healthy ones.

Commands

This command creates a basic Azure Load Balancer named 'myLoadBalancer' in the 'myResourceGroup' resource group. It sets up the frontend IP configuration and backend pool with the specified names and associates a public IP address.

Terminal

az network lb create --resource-group myResourceGroup --name myLoadBalancer --sku Basic --frontend-ip-name LoadBalancerFrontEnd --backend-pool-name myBackendPool --public-ip-address myPublicIP --location eastus

Expected OutputExpected

{ "frontendIpConfigurations": [ { "name": "LoadBalancerFrontEnd", "privateIpAddress": null, "publicIpAddress": { "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Network/publicIPAddresses/myPublicIP" } } ], "backendAddressPools": [ { "name": "myBackendPool" } ], "probes": [], "loadBalancingRules": [] }

→

--sku - Specifies the Load Balancer SKU type (Basic or Standard)

→

--frontend-ip-name - Names the frontend IP configuration

→

--backend-pool-name - Names the backend address pool

This command creates a health probe named 'myHealthProbe' for the Load Balancer to check if backend servers are healthy by testing TCP port 80 every 5 seconds, requiring 2 failed probes before marking unhealthy.

Terminal

az network lb probe create --resource-group myResourceGroup --lb-name myLoadBalancer --name myHealthProbe --protocol tcp --port 80 --interval 5 --threshold 2

Expected OutputExpected

{ "name": "myHealthProbe", "protocol": "Tcp", "port": 80, "intervalInSeconds": 5, "numberOfProbes": 2 }

→

--protocol - Specifies the protocol used for the health probe

→

--interval - Sets how often the probe runs in seconds

→

--threshold - Number of failed probes before marking backend unhealthy

This command creates a load balancing rule that forwards TCP traffic on port 80 from the frontend IP to the backend pool, using the health probe to check server health.

Terminal

az network lb rule create --resource-group myResourceGroup --lb-name myLoadBalancer --name myLoadBalancingRule --protocol Tcp --frontend-port 80 --backend-port 80 --frontend-ip-name LoadBalancerFrontEnd --backend-pool-name myBackendPool --probe-name myHealthProbe

Expected OutputExpected

{ "name": "myLoadBalancingRule", "protocol": "Tcp", "frontendPort": 80, "backendPort": 80, "frontendIpConfiguration": { "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Network/loadBalancers/myLoadBalancer/frontendIPConfigurations/LoadBalancerFrontEnd" }, "backendAddressPool": { "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Network/loadBalancers/myLoadBalancer/backendAddressPools/myBackendPool" }, "probe": { "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Network/loadBalancers/myLoadBalancer/probes/myHealthProbe" } }

→

--frontend-port - Port on the frontend IP to listen on

→

--backend-port - Port on backend servers to forward traffic to

→

--probe-name - Associates the health probe with this rule

This command shows the details of the Load Balancer to verify it was created correctly with the frontend IP, backend pool, health probe, and load balancing rule.

Terminal

az network lb show --resource-group myResourceGroup --name myLoadBalancer

Expected OutputExpected

{ "name": "myLoadBalancer", "location": "eastus", "frontendIpConfigurations": [ { "name": "LoadBalancerFrontEnd", "publicIpAddress": { "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myResourceGroup/providers/Microsoft.Network/publicIPAddresses/myPublicIP" } } ], "backendAddressPools": [ { "name": "myBackendPool" } ], "probes": [ { "name": "myHealthProbe", "protocol": "Tcp", "port": 80 } ], "loadBalancingRules": [ { "name": "myLoadBalancingRule", "protocol": "Tcp", "frontendPort": 80, "backendPort": 80 } ] }

Key Concept

If you remember nothing else from this pattern, remember: Azure Load Balancer spreads network traffic evenly across healthy servers at the basic TCP/UDP level to keep your app fast and available.

Common Mistakes

Not creating or associating a health probe with the load balancing rule.

Without a health probe, the Load Balancer cannot detect unhealthy servers and may send traffic to servers that are down, causing failures.

Always create a health probe and link it to your load balancing rule to ensure traffic only goes to healthy servers.

Using the wrong frontend IP name or backend pool name in commands.

If names do not match the existing Load Balancer configuration, commands will fail or create incorrect settings.

Use consistent and exact names for frontend IP configurations and backend pools when creating rules and probes.

Forgetting to assign a public IP address to the frontend configuration when internet access is needed.

Without a public IP, the Load Balancer cannot receive traffic from the internet.

Create and assign a public IP address to the frontend IP configuration if you want to expose your service publicly.

Summary

Create an Azure Load Balancer with frontend IP and backend pool to distribute traffic.

Add a health probe to check backend server health and avoid sending traffic to unhealthy servers.

Create a load balancing rule to forward traffic from frontend to backend using the health probe.

Verify the Load Balancer setup with the show command to confirm all parts are configured correctly.