topic Re: Azure multiple public front ends on load balancer in VM-Series in the Public Cloud

Azure multiple public front ends on load balancer

joeritt — Sat, 16 Mar 2019 02:53:48 GMT

Using multiple front end IPs to split my internet facing applications. Seemed to solve the health probe issue with splitting static 168.63.129.16/32 azure routes between virtual routers, but inbound traffic doesn't seem to know where to go. Single public application worked no problem, as soon as second front end IP is added, the VM series stops routing. Intend to add second VMseries 300 in parallel when PoC is cleared through single.

2 Front end public IPs

2 Untrust interfaces in 2 Separate Backend pools

2 Health probes to untrust interfaces

2 Load balancing rules with client IP persistance

NAT 1 from untrust to untrust interface 1 translated to app A (private IP)

NAT 2 from untrust to untrust interface 2 translated to app B (Private IP)

Seems like routing is unsure of where to go outbound with the 2 untrust Interfaces. Static routes and virtual routers are split between traffic destined for untrust interfaces based off source.

Many thanks!

Joe

Re: Azure multiple public front ends on load balancer

jmeurer — Sat, 16 Mar 2019 03:59:22 GMT

Rather than different interfaces, I would recommend using Port Translation or secondary IPs on one Untrust interface to glue the inbound traffic to the destination nat. As you encountered, multiple interfaces will result in complex routing that is accomplished through VR mapping internal and external interfaces together or putting all Untrust Interfaces in the same zome to over come the asymmetry with multiple 0/0 outbound routes for each interface.

Re: Azure multiple public front ends on load balancer

slashBack — Tue, 04 Oct 2022 14:40:04 GMT

Why not the same backend pool but different ports?