Load balancing refers to the process of evenly distributing load (incoming network traffic) across a group of server resources or servers.
Printed 2022-11-14
Azure Load Balancer operates at Layer 4 of the OSI (Open Systems Interconnection) model. It serves as a single point of interaction with clients. Load Balancer distributes incoming flows that arrive at the external interface of the load balancing subsystem to server pool instances. These threads correspond to configured load balancing rules and performance samples. A server pool can include Azure Virtual Machines or instances of a scalable set of virtual machines.
What is Azure Load Balancer?
Public Load Balancer provides outbound connections for virtual machines on a virtual network. These connections are made by converting their private IP addresses into public IP addresses. Public Load Balancers are used to balance traffic directed from the Internet to virtual machines.
See also: www.websitehosting.com/guide/
Internal (or private) Load Balancers are used where private IP addresses are only needed on the interface. Internal Load Balancers are used to balance traffic within the virtual network. In a hybrid scenario, the external Load Balancer interface can be accessed from the local network.
Azure provides a set of fully managed load balancing solutions for custom scenarios.
If you require DNS-based global routing and don't need to handle TLS connections (SSL offloading), handling HTTP or HTTPS application layer requests, you may want to consider Traffic Balancer.
If you want to load balance servers in the region at the application level, take a look at the features of the Application Gateway.
If you want to optimize global routing for your web traffic, as well as provide better performance and reliability for users via fast global failover, check out Front Door.
In complex scenarios, it may make sense to combine these solutions.
Why use Azure Load Balancer?
With Azure Load Balancer, you can scale applications and create high-availability services. Load Balancer supports both inbound and outbound scenarios. Load Balancer provides low latency and high throughput and scales up to millions of flows for all applications that use the TCP and UDP protocols.
Basic scenarios that can be executed using the Azure Load Balancer subsystem (categorized as "Standard"):
- Load balancing internal and external traffic on Azure virtual machines.
- Increase availability by allocating resources within and across zones.
- Configure outbound connectivity for Azure virtual machines.
- Using health samples to monitor resources with load balancing.
- Leveraging port redirection to access virtual machines on the virtual network over a public IP address and port.
- Enabling IPv6 load balancing support.
- Load Balancer "Standard" level provides multidimensional metrics through Azure Monitor. These metrics can be filtered, grouped and broken down by the measurements provided. They provide current and historical performance and service health information. Analytics for Azure Load Balancer provides a pre-configured dashboard with useful visualisations for these metrics. The Resource Availability service is also supported. For more information, see the Load Balancer Troubleshooting article (categorized as "Standard") with metrics, alerts, and resource uptime information .
- Load balancing services on multiple ports, multiple IP addresses, or both .
- Relocation of internal and external Load Balancer resources in Azure regions.
- Load balancing TCP and UDP flows on all ports simultaneously using High Availability Ports.
Ensuring Security by Default
- Load Balancer (price category "Standard") is built based on the "Trust No One" network security model.
- Load Balancer (price category "Standard") is secured by default and is part of your virtual network. This virtual network is a private and isolated network.
- Load Balancer (price category "Standard") and standard public IP addresses are closed for incoming connections unless opened using network security groups. Network security groups are used to explicitly allow permitted traffic. If you do not have an NSG on a subnet or network interface of a virtual machine resource, traffic cannot reach that resource. For more information about Network Security Groups and how to apply them in your scenario, see the Network Security Groups article.
- Load Balancer (prices. Basic category) has Internet access by default.
- Load Balancer does not store customer data.