Load Balancer SKUs – Configuring Load Balancing

2023-06-152023-06-15| Zoe PetersonLoad Balancer SKUs – Configuring Load Balancing| 0 Comment| 9:28 AM
Categories :

Load Balancer SKUs

Azure Load Balancer comes with two different SKU options, Basic and Standard. They differ in price, features, and delivery of the service.

Basic

The Basic load balancer is free to use and has the following capabilities:

  • Backend pool size: The Basic tier supports up to 100 instances inside a backend pool.
  • Health probes: TCP and HTTP.
  • Outbound connections: A single frontend is supported, which is selected at random when multiple frontends are configured. The default SNAT is used when there is only an ILB that is serving a VM, VM scale set, or availability set.
  • Diagnostics: Support for Azure Log Analytics for a public load balancer only, backend pool health count, and SNAT exhaustion alert.
  • Default security: Open by default; NSGs are optional.
  • Management operations: 60-90+ seconds.

The Basic SKU has the following limitations on the service that the Standard SKU doesn’t:

  • Availability zones: Not available
  • Outbound rules: Not available
  • HA ports: Not available
  • TCP Reset on Idle: Not available
  • Multiple frontends: Not available
  • Service-level agreement (SLA): Not available
  • Global VNet peering support: Not supported
  • NAT Gateway support: Not supported
  • Private link support: Not supported
  • Cross-region load balancing: Not supported

Now that you know about what the Basic SKU offers and doesn’t offer, we will explore the Standard SKU offering.

Standard

The Standard tier of Azure Load Balancer carries a cost. The charge is based on the number of rules and the data that is associated with the resource and is processed, inbound and outbound. This SKU is designed to be secure by default and has the following capabilities:

  • Backend pool size: The standard tier supports up to 1,000 instances inside a backend pool.
  • Health probes: TCP, HTTP, and HTTPS.
  • Availability zones: Support for zone-redundant and zonal frontends for inbound and outbound connections and cross-zone load balancing.
  • Outbound connections: Multiple frontends can be used per load balancing rule opt-out. Pool-based outbound NAT can be explicitly defined using outbound rules. Outbound scenarios must be explicitly created to use outbound connectivity for the VM, VM scale set, or availability set. VNet service endpoints can be reached without defining outbound connectivity. Public IP addresses and Platform as a Service (PaaS) that are not available using VNet service endpoints must be reached with outbound connectivity.
  • Outbound rules: Outbound NAT configuration needs to be defined using public IP addresses, public IP prefixes, or both. You can configure the outbound idle timeout as well as custom SNAT port allocation.
  • Diagnostics: Azure Load Balancer has support for Azure Monitor, with features including health probe status, outbound connection health (SNAT successful and failed flows), multi-dimensional metrics, and active data-plane measurements.
  • HA ports: Highly available ports for the ILB only.
  • Default Security: These are secure by default. Unless internal load balancers are whitelisted by an NSG, the endpoints are closed to inbound flows by default. Public IP addresses and load balancer endpoints are secured as well.
  • TCP Reset on Idle: This can be enabled on the idle timeout on any rule.
  • Multiple frontends: For inbound and outbound connections.
  • Management operations: < 30 seconds for most operations.
  • SLA: 99.99% for a data path with two healthy VMs.
  • Global VNet peering support: Supported for standard ILBs.
  • NAT Gateway support: Supported for public load balancers and ILBs.
  • Private link support: Supported only for standard ILBs.
  • Cross-region load balancing: Supported for public load balancers.

As you will have seen, there are some distinct differences between the two types of load balancers. It’s important to understand these differences prior to deploying any solution. One of the key items to look out for is the Standard SKU as you will need to explicitly define an NSG rule to allow traffic to flow through the load balancer. Also, remember that the basic SKU doesn’t offer an SLA, which is critical to production environments and ensuring that you have conducted due diligence. Another important feature of the Standard SKU is the option to have multiple frontends, which enables you to control traffic to multiple firewalls and services and helps you better manage your traffic. Next, we will explore configuration.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post

VPN server deployment 2 – Integrating On-Premises Networks with Azure

2021-01-042021-01-04 Zoe PetersonVPN server deployment 2 – Integrating On-Premises Networks with Azure

Figure 17.9 – Remote Access feature Figure 17.10 – Open the Getting Started Wizard Figure [...]

Read MoreRead More

Azure Bastion 3 – Securing Access to Virtual Networks

2024-02-202024-02-20 Zoe PetersonAzure Bastion 3 – Securing Access to Virtual Networks

$NetRule1 = New-AzFirewallNetworkRule -Name “Allow-DNS” -Protocol UDP -SourceAddress 10.0.2.0/24 `-DestinationAddress 8.8.8.8 -DestinationPort 53$NetRuleCollection = New-AzFirewallNetworkRuleCollection [...]

Read MoreRead More

S2S VPN connections – Integrating On-Premises Networks with Azure

2021-06-152021-06-15 Zoe PetersonS2S VPN connections – Integrating On-Premises Networks with Azure

S2S VPN connections An S2S VPN gateway connection is a connection over an IPsec/IKE (IKEv1 [...]

Read MoreRead More