Azure Load Balancer Flashcards
What are the primary features of Azure Load Balancer?
Layer 4 (Transport Layer)
TCP and UDP load balancing,
High availability,
Autoscaling,
Health probes,
Outbound rules
What types of Azure Load Balancers are available?
Basic
Standard
Public and Internal.
What is the difference between Basic and Standard Load Balancer?
Standard supports zonal failover, higher scale, and SLA-backed availability. Basic is limited to regional failover and smaller scale.
What is the purpose of health probes in Azure Load Balancer?
To monitor the health of backend instances, ensuring traffic is routed only to healthy instances.
How does Azure Load Balancer ensure high availability?
Distributes traffic across healthy instances in multiple availability zones and fault domains.
What security features are integrated into Azure Load Balancer?
NSG (Network Security Groups) for traffic filtering, DDoS protection for Standard tier.
What use cases are suited for Azure Load Balancer?
Web applications
distributed microservices
on-premises to cloud load balancing
and cross-region traffic distribution.
What purchasing tiers are available for Azure Load Balancer?
Basic and Standard.
What integration options does Azure Load Balancer support?
Azure Virtual Network, NSGs, Azure Firewall, DDoS Protection, Azure Monitor.
How does Azure Load Balancer handle disaster recovery?
Zonal failover with Standard Load Balancer, and geo-redundancy with cross-region load balancing.
How does Azure Load Balancer work with Azure Entra ID and RBAC?
RBAC provides role-based access control for managing load balancers and associated resources.
How does Azure Load Balancer manage outbound connections?
Outbound rules define how outbound connectivity is handled, supporting dynamic and static IPs.
What is the architecture of a Standard Load Balancer?
Zonal redundancy, managed endpoints in a region, supports HA and scale-out.
What are outbound rules in Azure Load Balancer?
Rules that define how traffic from internal VMs gets routed to external networks.
What is the SLA for Standard Load Balancer?
99.99% availability when used with two or more availability zones.
What is a Load Balancing rule?
Defines how traffic is distributed across instances based on IP and port configurations.
What are the key differences between Public and Internal Load Balancers?
Public exposes services to the internet, Internal is used within a virtual network for private services.
How does Azure Load Balancer handle session persistence?
Session persistence (or sticky sessions) ensures that client requests are directed to the same backend instance.
What monitoring tools are available for Azure Load Balancer?
Azure Monitor, Log Analytics, diagnostic settings for metrics and logs.
What is a scenario where an Internal Load Balancer is preferred?
When distributing traffic within a private network, such as between VMs in a VNet.
How does Azure Load Balancer support scaling?
Automatic scaling based on traffic patterns and backend pool instance count.
What is cross-region load balancing?
Distributing traffic across multiple regions to improve availability and latency.
How does Azure Load Balancer integrate with Virtual Machines?
Distributes traffic to VMs in a backend pool based on defined load balancing rules.
How is load distribution performed in Azure Load Balancer?
Hash-based distribution algorithm using 5-tuple (source/destination IP, port, and protocol).
What are backend pools in Azure Load Balancer?
A collection of virtual machines or instances that traffic is routed to based on load balancing rules.
What is the benefit of using a Standard Load Balancer for zonal redundancy?
Ensures traffic distribution across multiple availability zones, increasing fault tolerance.
How does Azure Load Balancer handle multiple front-end IPs?
Supports multiple front-end IPs for services that require different public or private IPs.
What is a floating IP in Azure Load Balancer?
Allows multiple front-end configurations with the same public IP, used in multi-tiered applications.
What type of workloads is Basic Load Balancer best suited for?
Small-scale, non-critical workloads, such as dev/test environments.
How does Azure Load Balancer manage multi-tenant scenarios?
Supports multiple back-end pools and IP configurations to handle different tenant requirements.
What is the relationship between NSGs and Azure Load Balancer?
NSGs can be used to control inbound and outbound traffic on Load Balancer endpoints.
What is the maximum number of backend instances supported in a Standard Load Balancer?
Up to 1,000 backend instances per load balancer.
What type of protocols does Azure Load Balancer support?
TCP and UDP.
What are inbound NAT rules in Azure Load Balancer?
Rules that map specific inbound traffic to individual backend instances.
How is session persistence configured in Azure Load Balancer?
Configured through Load Balancing rules, which allow enabling of session persistence.
What is the benefit of cross-region load balancing?
Improved latency, global redundancy, and automatic failover across multiple regions.
How does Azure Load Balancer ensure traffic distribution based on backend health?
Uses health probes to check the health of backend instances and only routes traffic to healthy instances.
What are health probes?
Probes used to check the health of backend VMs or services, configured with specific protocols and ports.
How does Azure Load Balancer improve network resiliency?
Ensures balanced traffic distribution across healthy instances and uses zonal redundancy for fault tolerance.
What is a common use case for Azure Load Balancer?
Load balancing traffic across web applications or microservices for better availability and scalability.
How does Azure Load Balancer handle auto-scaling?
Automatically scales backend pool instances based on traffic and health probes.
What Azure services integrate with Azure Load Balancer?
Azure Virtual Machines, Virtual Machine Scale Sets, App Service Environments, and Azure Kubernetes Service.
What is the cost difference between Basic and Standard Load Balancers?
Basic is free for limited use, Standard has charges based on usage (rules, data processed, etc.).
What is the purpose of a frontend IP configuration?
Defines the public or private IP used by the Load Balancer for distributing traffic.
How does Azure Load Balancer support outbound connections?
By defining outbound rules that handle SNAT (Source Network Address Translation) for instances.
What is the maximum number of rules supported in a Standard Load Balancer?
Up to 300 rules per load balancer.
What is a benefit of using a Public Load Balancer?
Expose services to the internet for inbound traffic distribution.
What are the purchasing tiers for Azure Load Balancer?
Basic and Standard.
How does Azure Load Balancer handle load distribution?
Hash-based distribution of traffic using 5-tuple (source/destination IP, port, and protocol).
What is the difference between static and dynamic IP in Azure Load Balancer?
Static IPs are reserved, while dynamic IPs change when the resource is deleted or re-created.
How does Azure Load Balancer provide session affinity?
Session persistence (also called sticky sessions) directs subsequent traffic from the same client to the same backend instance.
When using Azure Load Balancer, what is port forwarding?
This is when a configured port on the front end is mapped and forwarded traffic to a configured fort on the backend.
What are the two types of Azure Load Balancer?
Internal Load Balancer and External Load Balancer
What is the primary function of an Internal Load Balancer?
To balance traffic within a virtual network
What is the primary function of an External Load Balancer?
To balance traffic from external endpoints to internal virtual machines
How does Azure Load Balancer ensure availability?
Azure Load Balancer is zonal, meaning it can be deployed in a zone to increase availability
What are the two SKUs available for Azure Load Balancer?
Basic SKU and Standard SKU
What is the key difference between the Basic and Standard Load Balancer?
Standard offers more advanced features like increased scalability, zone redundancy, and enhanced security
Can a Basic Load Balancer be upgraded to Standard?
Yes, using automated scripts or Azure PowerShell
Which load balancer supports global VNet peering?
Standard Load Balancer supports global virtual network peering, Basic does not
What type of outbound connectivity does Standard Load Balancer offer?
Explicitly defined using standard public IP addresses or standard public load balancer
What is IP 168.63.129.16?
It is the virtual IP for the Azure infrastructure load balancer used by health probes
What are inbound NAT rules used for?
To direct traffic to a specific backend resource, such as a VM
How do load balancing rules work?
They distribute traffic across a pool of backend resources based on defined rules
Can Azure Load Balancer terminate SSL/TLS traffic?
No, SSL/TLS termination is not supported by Azure Load Balancer
How do you configure Azure Load Balancer with Azure SQL Server Always On?
Use Portal or PowerShell to configure the load balancer with the SQL Server
What monitoring options are available for Load Balancer?
Load Balancer integrates with Azure Monitor for metrics and logging
Can Azure Load Balancer be used with Azure Firewall?
Yes, follow the official documentation for setup
How can you configure outbound rules for Standard Load Balancer?
Outbound rules must be explicitly defined for standard public and internal load balancers
What are the cost considerations for Basic vs Standard Load Balancer?
Standard Load Balancer generally has higher costs but offers more features
Can DDoS protection be enabled on Load Balancer?
Yes, enabling DDoS Protection applies protection to all backend resources
What happens if DDoS protection is enabled for the frontend IP of a load balancer?
All backend pool resources are protected
Can a VM be added to multiple backend pools?
Not for NIC-based load balancers, but IP-based load balancers can support this
Can an on-premises IP be added to an Azure Load Balancer backend pool?
No, only Azure-specific resources can be added to the backend pool
What is the maximum throughput of an Azure Load Balancer?
Throughput is determined by the backend virtual machines’ capacity
What is the importance of health probes?
Health probes ensure that backend instances are available before traffic is routed to them
Which tool can be used to view health probe traffic?
Netstat can be used to view health probe traffic
How can you upgrade from a Basic to Standard Load Balancer?
Use automated scripts or Azure PowerShell for an upgrade
Can you ping the frontend of your Standard Load Balancer?
Yes, you can ping the Standard Public Load Balancer frontend
Can Load Balancer work with custom IP address prefixes?
Yes, Load Balancer supports Bring Your Own IP (BYOIP) scenarios
Does Load Balancer support multi-region availability?
Yes, Standard Load Balancer supports zonal and cross-regional availability
How does Standard Load Balancer differ from Basic in terms of security?
Standard offers advanced security features such as DDoS protection
Does Load Balancer support global load balancing?
No, Azure Traffic Manager or Front Door is used for global load balancing
How do you integrate Load Balancer with Azure Monitor?
You can enable logging and metrics via Azure Monitor
Can Load Balancer be used for both IPv4 and IPv6?
Yes, Load Balancer supports both IPv4 and IPv6 configurations
How can Load Balancer help in disaster recovery?
By distributing traffic across multiple regions, Load Balancer ensures redundancy and failover
What features does Standard Load Balancer offer for high availability?
Zone redundancy, health probes, multi-region deployments, and integration with virtual machines
Can Load Balancer balance traffic across different Availability Zones?
Yes, Standard Load Balancer supports traffic distribution across zones
How are outbound rules defined in a Standard Load Balancer?
Outbound rules need to be explicitly defined for outbound traffic
What is the difference between health probes in Standard and Basic Load Balancer?
Standard has more robust health probe configurations and monitoring options
How do you monitor backend instance traffic?
Use Azure Monitor metrics or netstat to analyze traffic
What happens if a health probe fails?
If a health probe fails, the Load Balancer stops routing traffic to that instance until it is healthy again
Does Load Balancer have built-in DDoS protection?
DDoS protection is available on Standard SKU, but must be enabled
How is load distributed among VMs in a backend pool?
Load is distributed using load-balancing rules and health probes
How do Availability Sets work with Load Balancer?
All VMs in an Availability Set must follow the same load balancing rules if using the same Load Balancer
How can Load Balancer help with application failover?
By using health probes and zonal configurations, traffic is rerouted in case of instance failure
How does Load Balancer handle inbound NAT rules?
Inbound NAT rules direct traffic to a specific backend resource like a VM
Does Load Balancer support session persistence?
Yes, Load Balancer can configure session persistence using ‘source IP’
Can you view the public IP used by your VM through Load Balancer?
Yes, by using services like OpenDNS or the nslookup command
What ports are restricted for health probes?
Ports 19, 21, 25, 70, 110, 119, 143, 220, 993 are restricted for security reasons
How do you configure Azure Load Balancer with Azure SQL Always On availability?
Use Portal or PowerShell to configure Load Balancer for SQL Always On
What happens when a frontend IP reaches connection limits?
The Load Balancer uses another frontend IP for traffic distribution.
When a frontend IP in an Azure Load Balancer reaches its connection limits, several key behaviors occur:
Connection Denial: The load balancer can no longer accept new inbound connections once the limit is reached. Any new connection attempts are denied or dropped. Existing connections will continue to function unless the connections themselves hit other limits or encounter issues.
Scaling Considerations: For a Standard Load Balancer, connection limits are higher, and you can use multiple front-end IPs or scale the backend pool to distribute the traffic more evenly across resources. This way, the load balancer can handle higher volumes of traffic without hitting a single IP limit.
Application Impact: Applications relying on that frontend IP may experience degraded performance or outages for new incoming requests if the connection limit is breached. Ongoing traffic could be rerouted or dropped depending on how the infrastructure is configured (e.g., failover mechanisms).
Possible Workaround: To avoid such limits, you can distribute traffic across multiple front-end IP configurations or multiple load balancers. Additionally, configuring autoscaling for backend services ensures the infrastructure can scale to handle more connections effectively.
Explain an outbound rule
An Outbound Rule in Azure Load Balancer is used to manage and define how outbound traffic flows from your virtual machines (VMs) or virtual machine scale sets to external destinations (i.e., the internet). The rule helps provide predictable and reliable outbound connectivity for resources deployed in Azure.
Key Concepts of an Outbound Rule:
NAT for Outbound Traffic: The outbound rule defines how the source network address translation (SNAT) is handled for outbound traffic. Without an explicit outbound rule, Azure assigns ephemeral IP addresses for outbound connectivity, but you might need control over which IP address is used (e.g., a fixed public IP).
Frontend and Backend Association: The outbound rule connects the backend VMs (or VM scale sets) with a frontend public IP address. When VMs initiate outbound traffic, the load balancer applies SNAT using the frontend public IP as the source, making it appear as if the traffic is originating from that IP.
Idle Timeout: You can configure an idle timeout for outbound connections. This helps you control how long a connection can remain idle before the load balancer closes it.
Allocation of Ports: For each frontend IP configuration, there’s a limit on the number of ports available for SNAT. You can configure outbound rules to distribute these ports more effectively across the backend instances, helping manage high outbound connection volumes.
Benefits:
Predictable IP Addressing: By assigning a static public IP to the outbound rule, you ensure that all outbound traffic from your VMs appears to come from the same IP, which is helpful for security, whitelisting, or compliance purposes.
Scalability: Outbound rules allow for scaling of outbound connectivity, particularly useful when multiple VMs or scale sets need to connect to the internet concurrently.
Example Use Case:
Imagine you have a web application hosted on VMs behind a load balancer. You want all outbound traffic from your VMs to use a single public IP address so that third-party services can whitelist it. You create an Outbound Rule that associates the backend VMs with the frontend public IP, ensuring that any outbound internet traffic uses this IP.
Explain how zones are used with the Azure Load Balancer for high availability.
Azure Load Balancer supports zone-redundant and zone-specific configurations to ensure high availability for applications deployed across multiple Availability Zones. This provides resilience against zone-level failures and ensures continuous operation of your services.
Key Concepts for Using Availability Zones with Azure Load Balancer:
Availability Zones:
Availability Zones are physically separate data centers within an Azure region. Each zone has its own power, cooling, and networking. Azure Load Balancer can leverage multiple zones to provide redundancy and fault tolerance.
Zone-Redundant Load Balancer:
A zone-redundant load balancer spreads its frontend IP across multiple Availability Zones. This means that the load balancer is highly available across the entire region, and traffic will continue to flow even if one zone goes down.
When you configure the frontend IP of the load balancer as zone-redundant, the load balancer distributes incoming traffic to backend resources spread across multiple zones, improving reliability and availability.
The key benefit here is resilience to zone failures. Even if an entire zone fails, the load balancer continues to route traffic to resources in the remaining zones.
Zone-Specific Load Balancer:
In a zone-specific configuration, the frontend IP is tied to a specific zone. This setup is useful when you want to limit traffic routing to resources only within a certain zone.
Each zone-specific load balancer is isolated within a single zone, which can be beneficial for applications that have strict latency requirements or need to be deployed in specific zones for compliance purposes.
However, in this configuration, if that zone goes down, the load balancer and its associated services may become unavailable.
Backend Pool with Availability Zones:
When deploying VMs or VM scale sets in the backend pool, you can spread these resources across multiple Availability Zones. The load balancer will automatically distribute traffic to these backend resources, ensuring that if one zone fails, traffic is still routed to healthy instances in other zones.
This setup ensures that applications maintain high availability and are protected against zone failures.
Health Probes and Failover:
The load balancer uses health probes to monitor the status of backend resources. In a multi-zone setup, the load balancer can detect if a resource in a specific zone becomes unhealthy or unavailable (due to zone failure) and route traffic to resources in other zones.
This ensures that application traffic is routed to the remaining healthy zones, minimizing downtime.
Example Scenario:
Suppose you have an application deployed across three Availability Zones in a region. You configure a zone-redundant load balancer with VMs in the backend pool spread across all three zones. This ensures that if one zone experiences a failure (power outage, network failure, etc.), the load balancer continues to distribute traffic to VMs in the other two zones. Users experience no downtime because traffic is seamlessly redirected to healthy resources in the remaining zones.
Benefits of Using Availability Zones with Azure Load Balancer:
High Availability: Ensures that your application remains available even if an entire zone fails.
Fault Tolerance: By distributing both the load balancer and backend resources across zones, you minimize the impact of localized failures.
Reduced Latency: In some cases, zone-specific load balancers can be used to reduce latency by keeping traffic within a single zone.
Seamless Failover: Automatic routing of traffic to healthy resources in the event of zone failures.
By leveraging Availability Zones with Azure Load Balancer, you can build highly available and resilient applications that withstand failures at the zone level, providing robust uptime and ensuring business continuity.
Does Azure load balancer support rate limiting?
Azure Load Balancer does not natively support rate limiting. It operates at Layer 4 of the OSI model, focusing on distributing incoming network traffic across backend resources without inspecting or controlling the application layer data.
Microsoft Learn
For rate limiting and more advanced traffic management features, consider using Azure Application Gateway or Azure Front Door. These services operate at Layer 7, allowing for more granular control over HTTP(S) traffic, including capabilities like URL-based routing, SSL termination, and Web Application Firewall (WAF) integration.
Microsoft Learn
Alternatively, you can implement rate limiting within your application code or by deploying network virtual appliances (NVAs) that offer such functionality. For instance, NGINX Plus can be configured to enforce rate limits and can be used in conjunction with Azure’s load balancing services to achieve the desired traffic control.
F5
In summary, while Azure Load Balancer itself doesn’t provide rate limiting, Azure offers other services and solutions that can help you implement this feature based on your specific requirements.
Can Azure Loadbalancer work across regions?
Yes, azure now has a layer 4 cross-regional load balancer using anycast.
Has Azure Loadbalancer got HTTP and HTTPS health probes?
Yes, Azure Load Balancer supports both HTTP and HTTPS health probes. These probes are used to monitor the health of your application instances by sending HTTP or HTTPS requests to specified paths and ports. If an instance responds with an HTTP status code other than 200 (e.g., 403, 404, or 500) or fails to respond within a certain timeframe, the load balancer considers the instance unhealthy and stops directing traffic to it.
Microsoft Learn
To configure an HTTP or HTTPS health probe in the Azure portal:
Navigate to your Load Balancer resource.
Under the “Settings” section, select “Health probes.”
Click on “+ Add” to create a new probe.
Choose “HTTP” or “HTTPS” as the protocol.
Specify the port and the path for the probe to monitor.
Set the desired interval between probe attempts.
For detailed guidance on managing health probes, refer to the official Azure documentation.
Can you have a backend in multiple regions when using Azure cross-region load balancer?
Yes, Azure’s cross-region Load Balancer is specifically designed to distribute traffic across multiple Azure regions. It achieves this by routing incoming requests to the closest healthy regional load balancer, ensuring low latency and high availability for your applications. This setup allows you to have backend services deployed in various regions, all managed under a single global endpoint.
Is traffic flowing over the azure network when going from the azure cross region loadbalaner to the backend
Yes, traffic flows over the Azure backbone network when it travels from the Azure cross-region Load Balancer to the regional load balancers in each backend region. This approach ensures secure and optimized traffic flow, reducing latency and avoiding the public internet for routing between regions. The Azure backbone provides a private, reliable, and high-performance network infrastructure, allowing for efficient inter-region connectivity for applications requiring high availability and low latency.
When using Azure cross-region load balancer, if a region dies or goes offline and you have multiple backends, will the traffic be routed to the available backends?
Yes, with Azure’s cross-region Load Balancer, if a region becomes unavailable, traffic will automatically reroute to available backend regions. The cross-region Load Balancer monitors the health of each regional load balancer in the backend pool. If one region fails, it will stop sending traffic to that region and distribute it to other healthy regional backends.
This failover is managed seamlessly by Azure, ensuring high availability and resilience, which is particularly useful for applications that require uninterrupted access across multiple Azure regions.
Does the azure cross-region load balancer support UDP and TCP?
Yes, Azure’s cross-region Load Balancer supports both TCP and UDP protocols. This capability allows you to distribute traffic across multiple Azure regions for applications that utilize either protocol. The cross-region Load Balancer operates at Layer 4, making it suitable for handling all UDP and TCP protocols
Can azure cross region loadbalaner rupport rate limiting
No
