How to configure Azure Load balancer with Azure CLI?

Recently I have came across a situation where we were supposed to create Azure load balancer for our customer in a quickest possible way to test some azure features. I developed a Azure CLI script for the same so it can be utilized in future. Here we will go thru the script. I have also created a video to showcase the Azure Load balancer functionality.

What is Azure Loadbalancer?

The Azure Load Balancer delivers high availability and network performance to your applications. The load balancer distributes inbound traffic to backend resources using load balancing rules and health probes.

Azure load balancer has four components:

1. Frontend IP address: This is the entry point to the load balancer. Client application access the Load balancer thru the Frontend IP address. 2.Health probe rules: These rules are used to verify the health status of the VMs and if VM found to be unhealthy state Load balancer switch to another healthy VM, 3.Backend Pool: These are the Pool of Virtual machines used to balance the load.In case any machine becomes unhealthy or unavailable the load will be transferred to another machine. 4. Load Balancer: Configuration of load balancer specifying the external and internal ports, Backend Pool and health probe rules.

There are two types of load balancers.

1. Public Loadbalancer: A public load balancer maps the public IP address and port number of incoming traffic to the private IP address and port number of the VM, and vice versa for the response traffic from the VM. By applying load-balancing rules, you can distribute specific types of traffic across multiple VMs or services. For example, you can spread the load of incoming web request traffic across multiple web servers.

2. Internal Loadbalancer:An internal load balancer directs traffic only to resources that are inside a virtual network or that use a VPN to access Azure infrastructure. Frontend IP addresses and virtual networks are never directly exposed to an internet endpoint. Internal line-of-business applications run in Azure and are accessed from within Azure or from on-premises resources. For example, an internal load balancer could receive database requests that need to be distributed to backend SQL servers.

Here we will implement Public loadbalancer. Public loadbalancer is depicted in the below figure.Here are the step by step instructions for deploying the public load balancer.

Step1: Login to Azure Environment. Azure CLI needs to login to Azure Environment to work with.

#Login to Azure Environment 
az login

Step2: Create a Resource Group.This resource group will hosty all the loadbalancer related components.

#Create a resource group
az group create `
--name myResourceGroupSLB `
--location westeurope

Step3: Create frontend public IP address. This will be the entry point for the application trying to access the NLB. All the requests coming from outside will hit at this IP address.

#Create a zone redundant public IP Standard
az network public-ip create `
--resource-group myResourceGroupSLB `
--name myPublicIP `
--sku Standard

Step4: Create a Load Balancer while specifying the Public IP address created in step3.This also requires to add backend pool.

#Create Azure Standard Load Balancer
az network lb create `
--resource-group myResourceGroupSLB `
--name myLoadBalancer `
--public-ip-address myPublicIP `
--frontend-ip-name myFrontEnd `
--backend-pool-name myBackEndPool `
--sku Standard

Step5: Create a health probe rules to find the health status of the VMs.in our environment we are pinging port 80 on VM and incoming port from internet is also port 80 but you can change it based on your configuration.

#Create health probe on port 80
az network lb probe create `
--resource-group myResourceGroupSLB `
--lb-name myLoadBalancer `
--name myHealthProbe `
--protocol tcp `
--port 80

Step 6: Create a Loadbalancer rule specifying backend and frondend Port and glueing the backend pool and healprobles.

#Create load balancer rule for port 80
az network lb rule create `
--resource-group myResourceGroupSLB `
--lb-name myLoadBalancer `
--name myLoadBalancerRuleWeb `
--protocol tcp `
--frontend-port 80 `
--backend-port 80 `
--frontend-ip-name myFrontEnd `
--backend-pool-name myBackEndPool `
--probe-name myHealthProbe

Step:7 Create a Virtual Network and add subnet into it.

#Configure virtual network
az network vnet create `
--resource-group myResourceGroupSLB `
--location westeurope `
--name myVnet `
--subnet-name mySubnet

Step 8: Create a Network security group so we can specify the port to be opened.

#Create a network security group
az network nsg create `
--resource-group myResourceGroupSLB `
--name myNetworkSecurityGroup

Step 9: Open Port 80 on the Network security group so communication from port 80 can be allowed.

#Create a network security group rule named myNetworkSecurityGroupRule for port 80 
az network nsg rule create `
--resource-group myResourceGroupSLB `
--nsg-name myNetworkSecurityGroup `
--name myNetworkSecurityGroupRule `
--protocol tcp `
--direction inbound `
--source-address-prefix '*' `
--source-port-range '*' `
--destination-address-prefix '*' `
--destination-port-range 80 `
--access allow `
--priority 200

Step 10:Create three Network Interface cards.

#Create three NIC cards one for each VM
$no_Of_NIC = 1,2,3
foreach($i in $no_Of_NIC ){

    az network nic create `
        --resource-group myResourceGroupSLB `
        --name myNic$i `
        --vnet-name myVnet `
        --subnet mySubnet `
        --network-security-group myNetworkSecurityGroup `
        --lb-name myLoadBalancer `
        --lb-address-pools myBackEndPool
}

Step11: Create three virtual machines and add three NIC cards to these VMs.

#Create Three Virtual Machines and attach the three NIC cards created in the previous step
$no_Of_VM = 1,2,3
foreach($i in $no_Of_VM ){

  az vm create `
    --resource-group myResourceGroupSLB `
    --name myVM$i `
    --nics myNic$i `
    --image UbuntuLTS `
    --generate-ssh-keys `
    --zone $i `
    --custom-data "C:\Demo\cloud-init.txt"
}

We have used the the below cloud-init file to deploy the Nginx, Nodejs and NPM packages while creating the VMs.If you look at the config file very carefully you will find that it listens to the port and sends a string “Hello World from host “+ Hostname. so in case of VM1 it will display the message Hello World from host VM1 and for VM2 it will display Hello World from host VM2

#cloud-config
package_upgrade: true
packages:
  - nginx
  - nodejs
  - npm
write_files:
  - owner: www-data:www-data
  - path: /etc/nginx/sites-available/default
    content: |
      server {
        listen 80;
        location / {
          proxy_pass http://localhost:3000;
          proxy_http_version 1.1;
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection keep-alive;
          proxy_set_header Host $host;
          proxy_cache_bypass $http_upgrade;
        }
      }
  - owner: azureuser:azureuser
  - path: /home/azureuser/myapp/index.js
    content: |
      var express = require('express')
      var app = express()
      var os = require('os');
      app.get('/', function (req, res) {
        res.send('Hello World from host ' + os.hostname() + '!')
      })
      app.listen(3000, function () {
        console.log('Hello world app listening on port 3000!')
      })
runcmd:
  - service nginx restart
  - cd "/home/azureuser/myapp"
  - npm init
  - npm install express -y
  - nodejs index.js

Step 12:Test the Loadbalancer

# Now Test the Load Balancer by going into the IP address exposed by NLB
az network public-ip show `
    --resource-group myResourceGroupSLB `
    --name myPublicIP `
    --query [ipAddress] `
    --output tsv

Here is the entire Demo explained in my Video.

Hope it was useful!!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.