![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 37%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
Azure Load Balancer
An Azure service that delivers high availability and network performance to applications.
402 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 4%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Hello @Varma ,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
I understand you've some queries related to Azure load balancer. I've answered them below.
- Probe component in load balancer, does it probe only port and protocol of back-end pools or anything it probes? What exactly it probes?
Yes, the health probe configuration consists of protocol and port. It uses the specified protocol to initiate a connection to the mentioned port and get the health status of the backend.
- I heard load balancer is layer 4, which means it does not have any awareness of what traffic it is distributing except port and protocol? am I correct? and what is the protocol here?
Yes, Load balancer operates on layer 4 and doesn't provide application layer gateway functionality. Protocol handshakes always occur directly between the client and the backend pool instance. Load balancer doesn't interact with the payload of any flow. Application payloads are transparent to the load balancer.
Refer: https://learn.microsoft.com/en-us/azure/load-balancer/concepts
Azure Load Balancer uses a five-tuple hashing algorithm for the distribution of inbound flows (not bytes). Load balancer rewrites the headers of TCP/UDP headers flows when directing traffic to the backend pool instances (load balancer doesn't rewrite HTTP/HTTPS headers). When the load balancer's health probe indicates a healthy backend endpoint, backend instances are available to receive new traffic flows. And the health probe can be configured to use different protocols such as TCP, HTTP, or HTTPS.
To understand how these protocols are used by the load balancer health probe, please refer the below doc:
- Do we need to create public IP as separate resource separately when want to use public IP in the front end?
As part of the public load balancer creation process, you need to select an existing or create a new Public IP address in the front end of you are creating a public load balancer. It is a mandatory configuration step in the public load balancer creation process.
Even though the Public IP is associated to the load balancer, a public IP address is a resource that has its own properties.
Refer: https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/public-ip-addresses
- Does front component take always private IP from virtual network if it is private IP load balancer, what if there is no existing virtual network?
The Frontend IP configuration can either be a Public IP address or a Private IP address. The nature of the IP address determines the type of load balancer created. Private IP address selection creates an internal load balancer. Public IP address selection creates a public load balancer.
A public load balancer maps the public IP and port of incoming traffic to the private IP and port of the VM. So, this type of load balancer is not tied to any Virtual network but is deployed on a resource group level.
However, an internal load balancer distributes traffic to resources that are inside a virtual network. Azure restricts access to the frontend IP addresses of a virtual network that are load balanced. Frontend IP addresses and virtual networks are never directly exposed to an internet endpoint, meaning an internal load balancer can't accept incoming traffic from the internet. So, this type of load balancer is tied to a Virtual network. And Virtual network selection is a mandatory requirement in the internal load balancer creation process.
Additional queries are answered below:
I understand it monitors the health of the backend pool. In that case, port, protocol, https, and TCP all belong to one application/web site, correct? How is the health of the backend pool being checked using these 4 parameters?
As mentioned in the below doc,
TCP probes initiate a connection by performing a three-way open TCP handshake with the defined port. TCP probes terminate a connection with a four-way close TCP handshake.
TCP health probes are considered healthy and mark the backend endpoint as healthy when:
- The health probe is successful once after the VM boots.
- Any backend endpoint that has achieved a healthy state is eligible for receiving new flows.
HTTP and HTTPS issue an HTTP GET with the specified path. Both of these probes support relative paths for the HTTP GET. HTTPS probes are the same as HTTP probes with the addition of a Transport Layer Security (TLS).
The health probe is marked up when the instance responds with an HTTP status 200 within the timeout period. HTTP/HTTPS health probes are considered healthy and mark the backend endpoint as healthy when:
- The health probe is successful once after the VM boots.
- Any backend endpoint that has achieved a healthy state is eligible for receiving new flows.
Since the load balancer distributes traffic based on IP and port, can you give me an example of how it shifts traffic based on IP? Is it accurate to say that the IP of backend pool instances is private or public?
As I mentioned above, Azure Load Balancer uses a five-tuple hashing algorithm for the distribution of inbound flows (not bytes). When the load balancer's health probe indicates a healthy backend endpoint, backend instances are available to receive new traffic flows.
By default, Azure Load Balancer uses a five-tuple hash.
The five-tuple includes:
- Source IP address
- Source port
- Destination IP address
- Destination port
- IP protocol number to map flows to available servers
You can also use session affinity distribution mode which uses two-tuple or three-tuple based load balancing.
Refer: https://learn.microsoft.com/en-us/azure/load-balancer/concepts
To understand more about the Azure Load Balancer distribution modes, please refer:
https://learn.microsoft.com/en-us/azure/load-balancer/distribution-mode-concepts
You can switch the distribution mode in the load balancer configuration at any time. There's no downtime when switching from one distribution mode to another on a load balancer.
Kindly let us know if the above helps or you need further assistance on this issue.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.