Azure Load Balancer

Question 1

What are the primary features of Azure Load Balancer?

Answer 1

Layer 4 (Transport Layer)
TCP and UDP load balancing,
High availability,
Autoscaling,
Health probes,
Outbound rules

Question 2

What types of Azure Load Balancers are available?

Answer 2

Basic
Standard
Public and Internal.

Question 3

What is the difference between Basic and Standard Load Balancer?

Answer 3

Standard supports zonal failover, higher scale, and SLA-backed availability. Basic is limited to regional failover and smaller scale.

Question 4

What is the purpose of health probes in Azure Load Balancer?

Answer 4

To monitor the health of backend instances, ensuring traffic is routed only to healthy instances.

Question 5

How does Azure Load Balancer ensure high availability?

Answer 5

Distributes traffic across healthy instances in multiple availability zones and fault domains.

Question 6

What security features are integrated into Azure Load Balancer?

Answer 6

NSG (Network Security Groups) for traffic filtering, DDoS protection for Standard tier.

Question 7

What use cases are suited for Azure Load Balancer?

Answer 7

Web applications
distributed microservices
on-premises to cloud load balancing
and cross-region traffic distribution.

Question 8

What purchasing tiers are available for Azure Load Balancer?

Answer 8

Basic and Standard.

Question 9

What integration options does Azure Load Balancer support?

Answer 9

Azure Virtual Network, NSGs, Azure Firewall, DDoS Protection, Azure Monitor.

Question 10

How does Azure Load Balancer handle disaster recovery?

Answer 10

Zonal failover with Standard Load Balancer, and geo-redundancy with cross-region load balancing.

Question 11

How does Azure Load Balancer work with Azure Entra ID and RBAC?

Answer 11

RBAC provides role-based access control for managing load balancers and associated resources.

Question 12

How does Azure Load Balancer manage outbound connections?

Answer 12

Outbound rules define how outbound connectivity is handled, supporting dynamic and static IPs.

Question 13

What is the architecture of a Standard Load Balancer?

Answer 13

Zonal redundancy, managed endpoints in a region, supports HA and scale-out.

Question 14

What are outbound rules in Azure Load Balancer?

Answer 14

Rules that define how traffic from internal VMs gets routed to external networks.

Question 15

What is the SLA for Standard Load Balancer?

Answer 15

99.99% availability when used with two or more availability zones.

Question 16

What is a Load Balancing rule?

Answer 16

Defines how traffic is distributed across instances based on IP and port configurations.

Question 17

What are the key differences between Public and Internal Load Balancers?

Answer 17

Public exposes services to the internet, Internal is used within a virtual network for private services.

Question 18

How does Azure Load Balancer handle session persistence?

Answer 18

Session persistence (or sticky sessions) ensures that client requests are directed to the same backend instance.

Question 19

What monitoring tools are available for Azure Load Balancer?

Answer 19

Azure Monitor, Log Analytics, diagnostic settings for metrics and logs.

Question 20

What is a scenario where an Internal Load Balancer is preferred?

Answer 20

When distributing traffic within a private network, such as between VMs in a VNet.

Question 21

How does Azure Load Balancer support scaling?

Answer 21

Automatic scaling based on traffic patterns and backend pool instance count.

Question 22

What is cross-region load balancing?

Answer 22

Distributing traffic across multiple regions to improve availability and latency.

Question 23

How does Azure Load Balancer integrate with Virtual Machines?

Answer 23

Distributes traffic to VMs in a backend pool based on defined load balancing rules.

Question 24

How is load distribution performed in Azure Load Balancer?

Answer 24

Hash-based distribution algorithm using 5-tuple (source/destination IP, port, and protocol).

Question 25

What are backend pools in Azure Load Balancer?

Answer 25

A collection of virtual machines or instances that traffic is routed to based on load balancing rules.

Question 26

What is the benefit of using a Standard Load Balancer for zonal redundancy?

Answer 26

Ensures traffic distribution across multiple availability zones, increasing fault tolerance.

Question 27

How does Azure Load Balancer handle multiple front-end IPs?

Answer 27

Supports multiple front-end IPs for services that require different public or private IPs.

Question 28

What is a floating IP in Azure Load Balancer?

Answer 28

Allows multiple front-end configurations with the same public IP, used in multi-tiered applications.

Question 29

What type of workloads is Basic Load Balancer best suited for?

Answer 29

Small-scale, non-critical workloads, such as dev/test environments.

Question 30

How does Azure Load Balancer manage multi-tenant scenarios?

Answer 30

Supports multiple back-end pools and IP configurations to handle different tenant requirements.

Question 31

What is the relationship between NSGs and Azure Load Balancer?

Answer 31

NSGs can be used to control inbound and outbound traffic on Load Balancer endpoints.

Question 32

What is the maximum number of backend instances supported in a Standard Load Balancer?

Answer 32

Up to 1,000 backend instances per load balancer.

Question 33

What type of protocols does Azure Load Balancer support?

Answer 33

TCP and UDP.

Question 34

What are inbound NAT rules in Azure Load Balancer?

Answer 34

Rules that map specific inbound traffic to individual backend instances.

Question 35

How is session persistence configured in Azure Load Balancer?

Answer 35

Configured through Load Balancing rules, which allow enabling of session persistence.

Question 36

What is the benefit of cross-region load balancing?

Answer 36

Improved latency, global redundancy, and automatic failover across multiple regions.

Question 37

How does Azure Load Balancer ensure traffic distribution based on backend health?

Answer 37

Uses health probes to check the health of backend instances and only routes traffic to healthy instances.

Question 38

What are health probes?

Answer 38

Probes used to check the health of backend VMs or services, configured with specific protocols and ports.

Question 39

How does Azure Load Balancer improve network resiliency?

Answer 39

Ensures balanced traffic distribution across healthy instances and uses zonal redundancy for fault tolerance.

Question 40

What is a common use case for Azure Load Balancer?

Answer 40

Load balancing traffic across web applications or microservices for better availability and scalability.

Question 41

How does Azure Load Balancer handle auto-scaling?

Answer 41

Automatically scales backend pool instances based on traffic and health probes.

Question 42

What Azure services integrate with Azure Load Balancer?

Answer 42

Azure Virtual Machines, Virtual Machine Scale Sets, App Service Environments, and Azure Kubernetes Service.

Question 43

What is the cost difference between Basic and Standard Load Balancers?

Answer 43

Basic is free for limited use, Standard has charges based on usage (rules, data processed, etc.).

Question 44

What is the purpose of a frontend IP configuration?

Answer 44

Defines the public or private IP used by the Load Balancer for distributing traffic.

Question 45

How does Azure Load Balancer support outbound connections?

Answer 45

By defining outbound rules that handle SNAT (Source Network Address Translation) for instances.

Question 46

What is the maximum number of rules supported in a Standard Load Balancer?

Answer 46

Up to 300 rules per load balancer.

Question 47

What is a benefit of using a Public Load Balancer?

Answer 47

Expose services to the internet for inbound traffic distribution.

Question 48

What are the purchasing tiers for Azure Load Balancer?

Answer 48

Basic and Standard.

Question 49

How does Azure Load Balancer handle load distribution?

Answer 49

Hash-based distribution of traffic using 5-tuple (source/destination IP, port, and protocol).

Question 50

What is the difference between static and dynamic IP in Azure Load Balancer?

Answer 50

Static IPs are reserved, while dynamic IPs change when the resource is deleted or re-created.

Question 51

How does Azure Load Balancer provide session affinity?

Answer 51

Session persistence (also called sticky sessions) directs subsequent traffic from the same client to the same backend instance.

Question 52

When using Azure Load Balancer, what is port forwarding?

Answer 52

This is when a configured port on the front end is mapped and forwarded traffic to a configured fort on the backend.

Question 53

What are the two types of Azure Load Balancer?

Answer 53

Internal Load Balancer and External Load Balancer

Question 54

What is the primary function of an Internal Load Balancer?

Answer 54

To balance traffic within a virtual network

Question 55

What is the primary function of an External Load Balancer?

Answer 55

To balance traffic from external endpoints to internal virtual machines

Question 56

How does Azure Load Balancer ensure availability?

Answer 56

Azure Load Balancer is zonal, meaning it can be deployed in a zone to increase availability

Question 57

What are the two SKUs available for Azure Load Balancer?

Answer 57

Basic SKU and Standard SKU

Question 58

What is the key difference between the Basic and Standard Load Balancer?

Answer 58

Standard offers more advanced features like increased scalability, zone redundancy, and enhanced security

Question 59

Can a Basic Load Balancer be upgraded to Standard?

Answer 59

Yes, using automated scripts or Azure PowerShell

Question 60

Which load balancer supports global VNet peering?

Answer 60

Standard Load Balancer supports global virtual network peering, Basic does not

Question 61

What type of outbound connectivity does Standard Load Balancer offer?

Answer 61

Explicitly defined using standard public IP addresses or standard public load balancer

Question 62

What is IP 168.63.129.16?

Answer 62

It is the virtual IP for the Azure infrastructure load balancer used by health probes

Question 63

What are inbound NAT rules used for?

Answer 63

To direct traffic to a specific backend resource, such as a VM

Question 64

How do load balancing rules work?

Answer 64

They distribute traffic across a pool of backend resources based on defined rules

Question 65

Can Azure Load Balancer terminate SSL/TLS traffic?

Answer 65

No, SSL/TLS termination is not supported by Azure Load Balancer

Question 66

How do you configure Azure Load Balancer with Azure SQL Server Always On?

Answer 66

Use Portal or PowerShell to configure the load balancer with the SQL Server

Question 67

What monitoring options are available for Load Balancer?

Answer 67

Load Balancer integrates with Azure Monitor for metrics and logging

Question 68

Can Azure Load Balancer be used with Azure Firewall?

Answer 68

Yes, follow the official documentation for setup

Question 69

How can you configure outbound rules for Standard Load Balancer?

Answer 69

Outbound rules must be explicitly defined for standard public and internal load balancers

Question 70

What are the cost considerations for Basic vs Standard Load Balancer?

Answer 70

Standard Load Balancer generally has higher costs but offers more features

Question 71

Can DDoS protection be enabled on Load Balancer?

Answer 71

Yes, enabling DDoS Protection applies protection to all backend resources

Question 72

What happens if DDoS protection is enabled for the frontend IP of a load balancer?

Answer 72

All backend pool resources are protected

Question 73

Can a VM be added to multiple backend pools?

Answer 73

Not for NIC-based load balancers, but IP-based load balancers can support this

Question 74

Can an on-premises IP be added to an Azure Load Balancer backend pool?

Answer 74

No, only Azure-specific resources can be added to the backend pool

Question 75

What is the maximum throughput of an Azure Load Balancer?

Answer 75

Throughput is determined by the backend virtual machines’ capacity

Question 76

What is the importance of health probes?

Answer 76

Health probes ensure that backend instances are available before traffic is routed to them

Question 77

Which tool can be used to view health probe traffic?

Answer 77

Netstat can be used to view health probe traffic

Question 78

How can you upgrade from a Basic to Standard Load Balancer?

Answer 78

Use automated scripts or Azure PowerShell for an upgrade

Question 79

Can you ping the frontend of your Standard Load Balancer?

Answer 79

Yes, you can ping the Standard Public Load Balancer frontend

Question 80

Can Load Balancer work with custom IP address prefixes?

Answer 80

Yes, Load Balancer supports Bring Your Own IP (BYOIP) scenarios

Question 81

Does Load Balancer support multi-region availability?

Answer 81

Yes, Standard Load Balancer supports zonal and cross-regional availability

Question 82

How does Standard Load Balancer differ from Basic in terms of security?

Answer 82

Standard offers advanced security features such as DDoS protection

Question 83

Does Load Balancer support global load balancing?

Answer 83

No, Azure Traffic Manager or Front Door is used for global load balancing

Question 84

How do you integrate Load Balancer with Azure Monitor?

Answer 84

You can enable logging and metrics via Azure Monitor

Question 85

Can Load Balancer be used for both IPv4 and IPv6?

Answer 85

Yes, Load Balancer supports both IPv4 and IPv6 configurations

Question 86

How can Load Balancer help in disaster recovery?

Answer 86

By distributing traffic across multiple regions, Load Balancer ensures redundancy and failover

Question 87

What features does Standard Load Balancer offer for high availability?

Answer 87

Zone redundancy, health probes, multi-region deployments, and integration with virtual machines

Question 88

Can Load Balancer balance traffic across different Availability Zones?

Answer 88

Yes, Standard Load Balancer supports traffic distribution across zones

Question 89

How are outbound rules defined in a Standard Load Balancer?

Answer 89

Outbound rules need to be explicitly defined for outbound traffic

Question 90

What is the difference between health probes in Standard and Basic Load Balancer?

Answer 90

Standard has more robust health probe configurations and monitoring options

Question 91

How do you monitor backend instance traffic?

Answer 91

Use Azure Monitor metrics or netstat to analyze traffic

Question 92

What happens if a health probe fails?

Answer 92

If a health probe fails, the Load Balancer stops routing traffic to that instance until it is healthy again

Question 93

Does Load Balancer have built-in DDoS protection?

Answer 93

DDoS protection is available on Standard SKU, but must be enabled

Question 94

How is load distributed among VMs in a backend pool?

Answer 94

Load is distributed using load-balancing rules and health probes

Question 95

How do Availability Sets work with Load Balancer?

Answer 95

All VMs in an Availability Set must follow the same load balancing rules if using the same Load Balancer

Question 96

How can Load Balancer help with application failover?

Answer 96

By using health probes and zonal configurations, traffic is rerouted in case of instance failure

Question 97

How does Load Balancer handle inbound NAT rules?

Answer 97

Inbound NAT rules direct traffic to a specific backend resource like a VM

Question 98

Does Load Balancer support session persistence?

Answer 98

Yes, Load Balancer can configure session persistence using ‘source IP’

Question 99

Can you view the public IP used by your VM through Load Balancer?

Answer 99

Yes, by using services like OpenDNS or the nslookup command

Question 100

What ports are restricted for health probes?

Answer 100

Ports 19, 21, 25, 70, 110, 119, 143, 220, 993 are restricted for security reasons

Question 101

How do you configure Azure Load Balancer with Azure SQL Always On availability?

Answer 101

Use Portal or PowerShell to configure Load Balancer for SQL Always On

Question 102

What happens when a frontend IP reaches connection limits?

Answer 102

The Load Balancer uses another frontend IP for traffic distribution.

When a frontend IP in an Azure Load Balancer reaches its connection limits, several key behaviors occur:

Connection Denial: The load balancer can no longer accept new inbound connections once the limit is reached. Any new connection attempts are denied or dropped. Existing connections will continue to function unless the connections themselves hit other limits or encounter issues.

Scaling Considerations: For a Standard Load Balancer, connection limits are higher, and you can use multiple front-end IPs or scale the backend pool to distribute the traffic more evenly across resources. This way, the load balancer can handle higher volumes of traffic without hitting a single IP limit.

Application Impact: Applications relying on that frontend IP may experience degraded performance or outages for new incoming requests if the connection limit is breached. Ongoing traffic could be rerouted or dropped depending on how the infrastructure is configured (e.g., failover mechanisms).

Possible Workaround: To avoid such limits, you can distribute traffic across multiple front-end IP configurations or multiple load balancers. Additionally, configuring autoscaling for backend services ensures the infrastructure can scale to handle more connections effectively.

Question 103

Explain an outbound rule

Answer 103

An Outbound Rule in Azure Load Balancer is used to manage and define how outbound traffic flows from your virtual machines (VMs) or virtual machine scale sets to external destinations (i.e., the internet). The rule helps provide predictable and reliable outbound connectivity for resources deployed in Azure.

Key Concepts of an Outbound Rule:
NAT for Outbound Traffic: The outbound rule defines how the source network address translation (SNAT) is handled for outbound traffic. Without an explicit outbound rule, Azure assigns ephemeral IP addresses for outbound connectivity, but you might need control over which IP address is used (e.g., a fixed public IP).

Frontend and Backend Association: The outbound rule connects the backend VMs (or VM scale sets) with a frontend public IP address. When VMs initiate outbound traffic, the load balancer applies SNAT using the frontend public IP as the source, making it appear as if the traffic is originating from that IP.

Idle Timeout: You can configure an idle timeout for outbound connections. This helps you control how long a connection can remain idle before the load balancer closes it.

Allocation of Ports: For each frontend IP configuration, there’s a limit on the number of ports available for SNAT. You can configure outbound rules to distribute these ports more effectively across the backend instances, helping manage high outbound connection volumes.

Benefits:

Predictable IP Addressing: By assigning a static public IP to the outbound rule, you ensure that all outbound traffic from your VMs appears to come from the same IP, which is helpful for security, whitelisting, or compliance purposes.
Scalability: Outbound rules allow for scaling of outbound connectivity, particularly useful when multiple VMs or scale sets need to connect to the internet concurrently.
Example Use Case:
Imagine you have a web application hosted on VMs behind a load balancer. You want all outbound traffic from your VMs to use a single public IP address so that third-party services can whitelist it. You create an Outbound Rule that associates the backend VMs with the frontend public IP, ensuring that any outbound internet traffic uses this IP.

Question 104

Explain how zones are used with the Azure Load Balancer for high availability.

Answer 104

Azure Load Balancer supports zone-redundant and zone-specific configurations to ensure high availability for applications deployed across multiple Availability Zones. This provides resilience against zone-level failures and ensures continuous operation of your services.

Key Concepts for Using Availability Zones with Azure Load Balancer:
Availability Zones:

Availability Zones are physically separate data centers within an Azure region. Each zone has its own power, cooling, and networking. Azure Load Balancer can leverage multiple zones to provide redundancy and fault tolerance.
Zone-Redundant Load Balancer:

A zone-redundant load balancer spreads its frontend IP across multiple Availability Zones. This means that the load balancer is highly available across the entire region, and traffic will continue to flow even if one zone goes down.
When you configure the frontend IP of the load balancer as zone-redundant, the load balancer distributes incoming traffic to backend resources spread across multiple zones, improving reliability and availability.
The key benefit here is resilience to zone failures. Even if an entire zone fails, the load balancer continues to route traffic to resources in the remaining zones.
Zone-Specific Load Balancer:

In a zone-specific configuration, the frontend IP is tied to a specific zone. This setup is useful when you want to limit traffic routing to resources only within a certain zone.
Each zone-specific load balancer is isolated within a single zone, which can be beneficial for applications that have strict latency requirements or need to be deployed in specific zones for compliance purposes.
However, in this configuration, if that zone goes down, the load balancer and its associated services may become unavailable.
Backend Pool with Availability Zones:

When deploying VMs or VM scale sets in the backend pool, you can spread these resources across multiple Availability Zones. The load balancer will automatically distribute traffic to these backend resources, ensuring that if one zone fails, traffic is still routed to healthy instances in other zones.
This setup ensures that applications maintain high availability and are protected against zone failures.
Health Probes and Failover:

The load balancer uses health probes to monitor the status of backend resources. In a multi-zone setup, the load balancer can detect if a resource in a specific zone becomes unhealthy or unavailable (due to zone failure) and route traffic to resources in other zones.
This ensures that application traffic is routed to the remaining healthy zones, minimizing downtime.
Example Scenario:
Suppose you have an application deployed across three Availability Zones in a region. You configure a zone-redundant load balancer with VMs in the backend pool spread across all three zones. This ensures that if one zone experiences a failure (power outage, network failure, etc.), the load balancer continues to distribute traffic to VMs in the other two zones. Users experience no downtime because traffic is seamlessly redirected to healthy resources in the remaining zones.

Benefits of Using Availability Zones with Azure Load Balancer:
High Availability: Ensures that your application remains available even if an entire zone fails.
Fault Tolerance: By distributing both the load balancer and backend resources across zones, you minimize the impact of localized failures.
Reduced Latency: In some cases, zone-specific load balancers can be used to reduce latency by keeping traffic within a single zone.
Seamless Failover: Automatic routing of traffic to healthy resources in the event of zone failures.
By leveraging Availability Zones with Azure Load Balancer, you can build highly available and resilient applications that withstand failures at the zone level, providing robust uptime and ensuring business continuity.

Question 105

Does Azure load balancer support rate limiting?

Answer 105

Azure Load Balancer does not natively support rate limiting. It operates at Layer 4 of the OSI model, focusing on distributing incoming network traffic across backend resources without inspecting or controlling the application layer data.
Microsoft Learn

For rate limiting and more advanced traffic management features, consider using Azure Application Gateway or Azure Front Door. These services operate at Layer 7, allowing for more granular control over HTTP(S) traffic, including capabilities like URL-based routing, SSL termination, and Web Application Firewall (WAF) integration.
Microsoft Learn

Alternatively, you can implement rate limiting within your application code or by deploying network virtual appliances (NVAs) that offer such functionality. For instance, NGINX Plus can be configured to enforce rate limits and can be used in conjunction with Azure’s load balancing services to achieve the desired traffic control.
F5

In summary, while Azure Load Balancer itself doesn’t provide rate limiting, Azure offers other services and solutions that can help you implement this feature based on your specific requirements.

Question 106

Can Azure Loadbalancer work across regions?

Answer 106

Yes, azure now has a layer 4 cross-regional load balancer using anycast.

Question 107

Has Azure Loadbalancer got HTTP and HTTPS health probes?

Answer 107

Yes, Azure Load Balancer supports both HTTP and HTTPS health probes. These probes are used to monitor the health of your application instances by sending HTTP or HTTPS requests to specified paths and ports. If an instance responds with an HTTP status code other than 200 (e.g., 403, 404, or 500) or fails to respond within a certain timeframe, the load balancer considers the instance unhealthy and stops directing traffic to it.
Microsoft Learn

To configure an HTTP or HTTPS health probe in the Azure portal:

Navigate to your Load Balancer resource.
Under the “Settings” section, select “Health probes.”
Click on “+ Add” to create a new probe.
Choose “HTTP” or “HTTPS” as the protocol.
Specify the port and the path for the probe to monitor.
Set the desired interval between probe attempts.
For detailed guidance on managing health probes, refer to the official Azure documentation.

Question 108

Can you have a backend in multiple regions when using Azure cross-region load balancer?

Answer 108

Yes, Azure’s cross-region Load Balancer is specifically designed to distribute traffic across multiple Azure regions. It achieves this by routing incoming requests to the closest healthy regional load balancer, ensuring low latency and high availability for your applications. This setup allows you to have backend services deployed in various regions, all managed under a single global endpoint.

Question 109

Is traffic flowing over the azure network when going from the azure cross region loadbalaner to the backend

Answer 109

Yes, traffic flows over the Azure backbone network when it travels from the Azure cross-region Load Balancer to the regional load balancers in each backend region. This approach ensures secure and optimized traffic flow, reducing latency and avoiding the public internet for routing between regions. The Azure backbone provides a private, reliable, and high-performance network infrastructure, allowing for efficient inter-region connectivity for applications requiring high availability and low latency.

Question 110

When using Azure cross-region load balancer, if a region dies or goes offline and you have multiple backends, will the traffic be routed to the available backends?

Answer 110

Yes, with Azure’s cross-region Load Balancer, if a region becomes unavailable, traffic will automatically reroute to available backend regions. The cross-region Load Balancer monitors the health of each regional load balancer in the backend pool. If one region fails, it will stop sending traffic to that region and distribute it to other healthy regional backends.

This failover is managed seamlessly by Azure, ensuring high availability and resilience, which is particularly useful for applications that require uninterrupted access across multiple Azure regions.

Question 111

Does the azure cross-region load balancer support UDP and TCP?

Answer 111

Yes, Azure’s cross-region Load Balancer supports both TCP and UDP protocols. This capability allows you to distribute traffic across multiple Azure regions for applications that utilize either protocol. The cross-region Load Balancer operates at Layer 4, making it suitable for handling all UDP and TCP protocols

Question 112

Can azure cross region loadbalaner rupport rate limiting

Answer 112

No