Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Azure multiple public front ends on load balancer

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Azure multiple public front ends on load balancer

L0 Member

Using multiple front end IPs to split my internet facing applications. Seemed to solve the health probe issue with splitting static 168.63.129.16/32 azure routes between virtual routers, but inbound traffic doesn't seem to know where to go. Single public application worked no problem, as soon as second front end IP is added, the VM series stops routing. Intend to add second VMseries 300 in parallel when PoC is cleared through single. 

 

2 Front end public IPs

2 Untrust interfaces in 2 Separate Backend pools

2 Health probes to untrust interfaces

2 Load balancing rules with client IP persistance

NAT 1 from untrust to untrust interface 1 translated to app A (private IP)

NAT 2 from untrust to untrust interface 2 translated to app B (Private IP)

 

Seems like routing is unsure of where to go outbound with the 2 untrust Interfaces. Static routes and virtual routers are split between traffic destined for untrust interfaces based off source.

 

Many thanks!

 

Joe

2 REPLIES 2

L4 Transporter

Rather than different interfaces, I would recommend using Port Translation or secondary IPs on one Untrust interface to glue the inbound traffic to the destination nat.  As you encountered, multiple interfaces will result in complex routing that is accomplished through VR mapping internal and external interfaces together or putting all Untrust Interfaces in the same zome to over come the asymmetry with multiple 0/0 outbound routes for each interface.  

L1 Bithead

Why not the same backend pool but different ports?

  • 4285 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!