Does a public load balancer on Azure enforce any limits regarding big traffic spikes?

ML-1722 100 Reputation points
2024-05-23T14:38:48.5966667+00:00

Hi all,

We have a service fronted by a layer-4 load balancer on AWS that handles lots of long-lived TCP connections with IoT devices. If the service experienced a serious disruption, all these devices will attempt to reconnect in a short time frame. If we migrate to Azure, will we hit any limit on a single Azure Load Balancer or a Frontend IP with a connection spike like this? What is the recommended number of long-lived connections to keep on a single Frontend IP or Load Balancer?

The connections we have is in the order of millions, and when a big connection spike happens our backend servers will reject excessive SYN packets. Would the behavior affect Load Balancer health checks or existing connections and make things worse? Are there any workarounds?

Azure Load Balancer
Azure Load Balancer
An Azure service that delivers high availability and network performance to applications.
451 questions
0 comments No comments
{count} votes

Accepted answer
  1. ChaitanyaNaykodi-MSFT 26,216 Reputation points Microsoft Employee
    2024-05-23T23:59:15.18+00:00

    @ML-1722

    Thank you for reaching out.

    Based on your question above.

    If we migrate to Azure, will we hit any limit on a single Azure Load Balancer or a Frontend IP with a connection spike like this? What is the recommended number of long-lived connections to keep on a single Frontend IP or Load Balancer?

    Azure Load Balancer is Azure's most performant Load Balancer all while keeping latency ultra-low. As documented here Load balancer provides low latency and high throughput and scales up to millions of flows for all TCP and UDP applications. Azure Load Balancer acts as a passthrough through load balancer and does not interact with TCP handshake. A TCP handshake occurs between the client and the selected backend VM. More details here on load balancer algorithm.

    As documented here Load Balancer doesn't apply any throughput limits. However, throughput limits for virtual machines and virtual networks still apply. For more information, see Virtual machine network bandwidth.To answer your question above the connection limit is not applied at Azure Load Balancer but limit for the backend pools members (VMs) should be considered instead.

    The connections we have is in the order of millions, and when a big connection spike happens our backend servers will reject excessive SYN packets. Would the behavior affect Load Balancer health checks or existing connections and make things worse? Are there any workarounds?

    Yes as SYN packets will be rejected the health probe will be marked as down. If all the backend instances are rejecting the SYN packets here as documented here Azure Load balancer sends no new flows to the backend pool. Standard Load Balancer allows established TCP flows to continue given that a backend pool has more than one backend instance. This behavior will also depend on how you have configured the health probe, like which protocol and port.

    Hope this helps! Please let me know if you have any additional questions. Thank you!


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.