Create a public load balancer with IPv6 using Azure CLI
Note
This article describes an introductory IPv6 feature to allow Basic Load Balancers to provide both IPv4 and IPv6 connectivity. Comprehensive IPv6 connectivity is now available with IPv6 for Azure VNETs which integrates IPv6 connectivity with your Virtual Networks and includes key features such as IPv6 Network Security Group rules, IPv6 User-defined routing, IPv6 Basic and Standard load balancing, and more. IPv6 for Azure VNETs is the recommended standard for IPv6 applications in Azure. See IPv6 for Azure VNET PowerShell Deployment
An Azure load balancer is a Layer-4 (TCP, UDP) load balancer. Load balancers provide high availability by distributing incoming traffic among healthy service instances in cloud services or virtual machines in a load balancer set. Load balancers can also present these services on multiple ports or multiple IP addresses or both.
Example deployment scenario
The following diagram illustrates the load balancing solution that's deployed by using the example template described in this article.
In this scenario, you create the following Azure resources:
- Two virtual machines (VMs)
- A virtual network interface for each VM with both IPv4 and IPv6 addresses assigned
- A public load balancer with an IPv4 and an IPv6 public IP address
- An availability set that contains the two VMs
- Two load balancing rules to map the public VIPs to the private endpoints
Deploy the solution by using Azure CLI
The following steps show how to create a public load balancer by using Azure CLI. Using CLI, you create and configure each object individually, and then put them together to create a resource.
To deploy a load balancer, create and configure the following objects:
- Frontend IP configuration: Contains public IP addresses for incoming network traffic.
- Backend address pool: Contains network interfaces (NICs) for the virtual machines to receive network traffic from the load balancer.
- Load balancing rules: Contains rules that map a public port on the load balancer to a port in the backend address pool.
- Inbound NAT rules: Contains network address translation (NAT) rules that map a public port on the load balancer to a port for a specific virtual machine in the backend address pool.
- Probes: Contains health probes that are used to check the availability of virtual machine instances in the backend address pool.
Set up Azure CLI
In this example, you run the Azure CLI tools in a PowerShell command window. To improve readability and reuse, you use PowerShell's scripting capabilities, not the Azure PowerShell cmdlets.
Install and Configure the Azure CLI by following the steps in the linked article and sign in to your Azure account.
Set up PowerShell variables for use with the Azure CLI commands:
$subscriptionid = "########-####-####-####-############" # enter subscription id $location = "chinaeast2" $rgName = "pscontosorg1chinaeast209152016" $vnetName = "contosoIPv4Vnet" $vnetPrefix = "10.0.0.0/16" $subnet1Name = "clicontosoIPv4Subnet1" $subnet1Prefix = "10.0.0.0/24" $subnet2Name = "clicontosoIPv4Subnet2" $subnet2Prefix = "10.0.1.0/24" $dnsLabel = "contoso09152016" $lbName = "myIPv4IPv6Lb"
Create a resource group, a load balancer, a virtual network, and subnets
Create a resource group:
az group create --name $rgName --location $location
Create a load balancer:
$lb = az network lb create --resource-group $rgname --location $location --name $lbName
Create a virtual network:
$vnet = az network vnet create --resource-group $rgname --name $vnetName --location $location --address-prefixes $vnetPrefix
In this virtual network, create two subnets:
$subnet1 = az network vnet subnet create --resource-group $rgname --name $subnet1Name --address-prefix $subnet1Prefix --vnet-name $vnetName $subnet2 = az network vnet subnet create --resource-group $rgname --name $subnet2Name --address-prefix $subnet2Prefix --vnet-name $vnetName
Create public IP addresses for the frontend pool
Set up the PowerShell variables:
$publicIpv4Name = "myIPv4Vip" $publicIpv6Name = "myIPv6Vip"
Create a public IP address for the frontend IP pool:
$publicipV4 = az network public-ip create --resource-group $rgname --name $publicIpv4Name --location $location --version IPv4 --allocation-method Dynamic --dns-name $dnsLabel $publicipV6 = az network public-ip create --resource-group $rgname --name $publicIpv6Name --location $location --version IPv6 --allocation-method Dynamic --dns-name $dnsLabel
Important
The load balancer uses the domain label of the public IP as its fully qualified domain name (FQDN). This a change from classic deployment, which uses the cloud service name as the load balancer FQDN.
In this example, the FQDN is contoso09152016.chinaeast2.chinacloudapp.cn.
Create frontend and backend pools
In this section, you create the following IP pools:
- The frontend IP pool that receives the incoming network traffic on the load balancer.
- The backend IP pool where the frontend pool sends the load-balanced network traffic.
Set up the PowerShell variables:
$frontendV4Name = "FrontendVipIPv4" $frontendV6Name = "FrontendVipIPv6" $backendAddressPoolV4Name = "BackendPoolIPv4" $backendAddressPoolV6Name = "BackendPoolIPv6"
Create a frontend IP pool, and associate it with the public IP that you created in the previous step and the load balancer.
$frontendV4 = az network lb frontend-ip create --resource-group $rgname --name $frontendV4Name --public-ip-address $publicIpv4Name --lb-name $lbName $frontendV6 = az network lb frontend-ip create --resource-group $rgname --name $frontendV6Name --public-ip-address $publicIpv6Name --lb-name $lbName $backendAddressPoolV4 = az network lb address-pool create --resource-group $rgname --name $backendAddressPoolV4Name --lb-name $lbName $backendAddressPoolV6 = az network lb address-pool create --resource-group $rgname --name $backendAddressPoolV6Name --lb-name $lbName
Create the probe, NAT rules, and load balancer rules
This example creates the following items:
- A probe rule to check for connectivity to TCP port 80.
- A NAT rule to translate all incoming traffic on port 3389 to port 3389 for RDP.*
- A NAT rule to translate all incoming traffic on port 3391 to port 3389 for remote desktop protocol (RDP).*
- A load balancer rule to balance all incoming traffic on port 80 to port 80 on the addresses in the backend pool.
* NAT rules are associated with a specific virtual-machine instance behind the load balancer. The network traffic that arrives on port 3389 is sent to the specific virtual machine and port that's associated with the NAT rule. You must specify a protocol (UDP or TCP) for a NAT rule. You can't assign both protocols to the same port.
Set up the PowerShell variables:
$probeV4V6Name = "ProbeForIPv4AndIPv6" $natRule1V4Name = "NatRule-For-Rdp-VM1" $natRule2V4Name = "NatRule-For-Rdp-VM2" $lbRule1V4Name = "LBRuleForIPv4-Port80" $lbRule1V6Name = "LBRuleForIPv6-Port80"
Create the probe.
The following example creates a TCP probe that checks for connectivity to the backend TCP port 80 every 15 seconds. After two consecutive failures, it marks the backend resource as unavailable.
$probeV4V6 = az network lb probe create --resource-group $rgname --name $probeV4V6Name --protocol tcp --port 80 --interval 15 --threshold 2 --lb-name $lbName
Create inbound NAT rules that allow RDP connections to the backend resources:
$inboundNatRuleRdp1 = az network lb inbound-nat-rule create --resource-group $rgname --name $natRule1V4Name --frontend-ip-name $frontendV4Name --protocol Tcp --frontend-port 3389 --backend-port 3389 --lb-name $lbName $inboundNatRuleRdp2 = az network lb inbound-nat-rule create --resource-group $rgname --name $natRule2V4Name --frontend-ip-name $frontendV4Name --protocol Tcp --frontend-port 3391 --backend-port 3389 --lb-name $lbName
Create load balancer rules that send traffic to different backend ports, depending on the front end that received the request.
$lbruleIPv4 = az network lb rule create --resource-group $rgname --name $lbRule1V4Name --frontend-ip-name $frontendV4Name --backend-pool-name $backendAddressPoolV4Name --probe-name $probeV4V6Name --protocol Tcp --frontend-port 80 --backend-port 80 --lb-name $lbName $lbruleIPv6 = az network lb rule create --resource-group $rgname --name $lbRule1V6Name --frontend-ip-name $frontendV6Name --backend-pool-name $backendAddressPoolV6Name --probe-name $probeV4V6Name --protocol Tcp --frontend-port 80 --backend-port 8080 --lb-name $lbName
Check your settings:
az network lb show --resource-group $rgName --name $lbName
Expected output:
info: Executing command network lb show info: Looking up the load balancer "myIPv4IPv6Lb" data: Id : /subscriptions/########-####-####-####-############/resourceGroups/pscontosorg1chinaeast209152016/providers/Microsoft.Network/loadBalancers/myIPv4IPv6Lb data: Name : myIPv4IPv6Lb data: Type : Microsoft.Network/loadBalancers data: Location : chinaeast2 data: Provisioning state : Succeeded data: data: Frontend IP configurations: data: Name Provisioning state Private IP allocation Private IP Subnet Public IP data: --------------- ------------------ --------------------- ----------- ------ --------- data: FrontendVipIPv4 Succeeded Dynamic myIPv4Vip data: FrontendVipIPv6 Succeeded Dynamic myIPv6Vip data: data: Probes: data: Name Provisioning state Protocol Port Path Interval Count data: ------------------- ------------------ -------- ---- ---- -------- ----- data: ProbeForIPv4AndIPv6 Succeeded Tcp 80 15 2 data: data: Backend Address Pools: data: Name Provisioning state data: --------------- ------------------ data: BackendPoolIPv4 Succeeded data: BackendPoolIPv6 Succeeded data: data: Load Balancing Rules: data: Name Provisioning state Load distribution Protocol Frontend port Backend port Enable floating IP Idle timeout in minutes data: -------------------- ------------------ ----------------- -------- ------------- ------------ ------------------ ----------------------- data: LBRuleForIPv4-Port80 Succeeded Default Tcp 80 80 false 4 data: LBRuleForIPv6-Port80 Succeeded Default Tcp 80 8080 false 4 data: data: Inbound NAT Rules: data: Name Provisioning state Protocol Frontend port Backend port Enable floating IP Idle timeout in minutes data: ------------------- ------------------ -------- ------------- ------------ ------------------ ----------------------- data: NatRule-For-Rdp-VM1 Succeeded Tcp 3389 3389 false 4 data: NatRule-For-Rdp-VM2 Succeeded Tcp 3391 3389 false 4 info: network lb show
Create NICs
Create NICs and associate them with NAT rules, load balancer rules, and probes.
Set up the PowerShell variables:
$nic1Name = "myIPv4IPv6Nic1" $nic2Name = "myIPv4IPv6Nic2" $subnet1Id = "/subscriptions/$subscriptionid/resourceGroups/$rgName/providers/Microsoft.Network/VirtualNetworks/$vnetName/subnets/$subnet1Name" $subnet2Id = "/subscriptions/$subscriptionid/resourceGroups/$rgName/providers/Microsoft.Network/VirtualNetworks/$vnetName/subnets/$subnet2Name" $backendAddressPoolV4Id = "/subscriptions/$subscriptionid/resourceGroups/$rgname/providers/Microsoft.Network/loadbalancers/$lbName/backendAddressPools/$backendAddressPoolV4Name" $backendAddressPoolV6Id = "/subscriptions/$subscriptionid/resourceGroups/$rgname/providers/Microsoft.Network/loadbalancers/$lbName/backendAddressPools/$backendAddressPoolV6Name" $natRule1V4Id = "/subscriptions/$subscriptionid/resourceGroups/$rgname/providers/Microsoft.Network/loadbalancers/$lbName/inboundNatRules/$natRule1V4Name" $natRule2V4Id = "/subscriptions/$subscriptionid/resourceGroups/$rgname/providers/Microsoft.Network/loadbalancers/$lbName/inboundNatRules/$natRule2V4Name"
Create a NIC for each back end, and add an IPv6 configuration:
$nic1 = az network nic create --name $nic1Name --resource-group $rgname --location $location --private-ip-address-version "IPv4" --subnet $subnet1Id --lb-address-pools $backendAddressPoolV4Id --lb-inbound-nat-rules $natRule1V4Id $nic1IPv6 = az network nic ip-config create --resource-group $rgname --name "IPv6IPConfig" --private-ip-address-version "IPv6" --lb-address-pools $backendAddressPoolV6Id --nic-name $nic1Name $nic2 = az network nic create --name $nic2Name --resource-group $rgname --location $location --private-ip-address-version "IPv4" --subnet $subnet2Id --lb-address-pools $backendAddressPoolV4Id --lb-inbound-nat-rules $natRule2V4Id $nic2IPv6 = az network nic ip-config create --resource-group $rgname --name "IPv6IPConfig" --private-ip-address-version "IPv6" --lb-address-pools $backendAddressPoolV6Id --nic-name $nic2Name
Create the backend VM resources, and attach each NIC
To create VMs, you must have a storage account. For load balancing, the VMs need to be members of an availability set. For more information about creating VMs, see Create an Azure VM by using PowerShell.
Set up the PowerShell variables:
$availabilitySetName = "myIPv4IPv6AvailabilitySet" $vm1Name = "myIPv4IPv6VM1" $vm2Name = "myIPv4IPv6VM2" $nic1Id = "/subscriptions/$subscriptionid/resourceGroups/$rgname/providers/Microsoft.Network/networkInterfaces/$nic1Name" $nic2Id = "/subscriptions/$subscriptionid/resourceGroups/$rgname/providers/Microsoft.Network/networkInterfaces/$nic2Name" $imageurn = "MicrosoftWindowsServer:WindowsServer:2012-R2-Datacenter:latest" $vmUserName = "vmUser" $mySecurePassword = "PlainTextPassword*1"
Warning
This example uses the username and password for the VMs in cleartext. Take appropriate care when you use these credentials in cleartext. For a more secure method of handling credentials in PowerShell, see the
Get-Credential
cmdlet.Create the availability set:
$availabilitySet = az vm availability-set create --name $availabilitySetName --resource-group $rgName --location $location
Create the virtual machines with the associated NICs:
az vm create --resource-group $rgname --name $vm1Name --image $imageurn --admin-username $vmUserName --admin-password $mySecurePassword --nics $nic1Id --location $location --availability-set $availabilitySetName --size "Standard_A1" az vm create --resource-group $rgname --name $vm2Name --image $imageurn --admin-username $vmUserName --admin-password $mySecurePassword --nics $nic2Id --location $location --availability-set $availabilitySetName --size "Standard_A1"