Azure Loadbalancer Failover Sessions not handed over

Question

We are using a Standard Internal Azure Loadblancer to balance traffic between multiple NVA Appliances.

This works fine normally, during a failover all new connections are sent to the other NVA that is still available.

However the packets that belong to an existing connection are still sent to the appliance that is now down instead of being sent to the still active NVA.

We tried this with different Session Persistance settings (None, Client IP and ClientIP and Protocol) but experienced always the same issue.

Are there any workarounds to this?
Is there maybe a different solution for load balancing all network traffic other than azure load balancer?

Answer 1

@Lukas Müller

Thank you for reaching out.

Based on your question above I understand that when backend NVA is down, the load balancer directs new connections to NVA which is still available but the existing connections are still sent to the NVA which is down.

This actually a load balancer behavior by design, as documented here

A probe failure doesn't affect existing connections. The connection continues until the application:

• Ends the flow
• Idle timeout occurs
• The VM shuts down

When Single instance's health probe is down the new TCP connections succeed to remaining healthy backend endpoint. Established TCP connections to this backend endpoint continue.

Currently there are no work around this for Azure Load Balancer

Based on your statement above.

Is there maybe a different solution for load balancing all network traffic other than azure load balancer?

You can take a look at this guide on various architectures possible for deploying highly available NVA's and Also depending on your requirements take a look at various load balancing options available in Azure.

Hope this helps! Please let me know if you have nay questions. Thank you!

---

​​Please "Accept the answer" if the information helped you. This will help us and others in the community as well.