Azure Load Balancer

James TerHark 1 Reputation point
2021-10-28T20:51:04.997+00:00

I have a DMZ consisting of two vnets, DMZdev 10.203.145.0 and DMZprd 10.202.81.0. In front of these two dmz vnets I have a pair of Cisco FTDs in a 3rd vnet I want to place a load balancer between the dmz and the two FTDs for HA incase one of the FTDs is down. Is this possible within Azure?

Is it possible to load balance between different vnets? It seems like I can only load balance within a single vnet.

Is it possible to have frontend's in different vnets?
Is it possible to have backends in different vnets?

Azure Load Balancer
Azure Load Balancer
An Azure service that delivers high availability and network performance to applications.
401 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. ChaitanyaNaykodi-MSFT 22,701 Reputation points Microsoft Employee
    2021-10-28T23:43:49.97+00:00

    Hello @James TerHark , Thank you for reaching out. As per the limitation for Azure Load Balancer. A load balancer rule cannot span two virtual networks. All load balancer frontends and their backend instances must be in a single virtual network. The backend resources must be in the same virtual network as the load balancer.
    This is the recommended architecture for highly available NVA. To implement this architecture you will have to move the FTDs in your respective VNETS and deploy a Standard Internal Load Balancer per VNET.

    Depending on your Architecture, traffic type, and requirements you can go through this Decision tree for load balancing in Azure for choosing your load balancing option in Azure.
    Hope this helps. Please let me know if you have any additional questions

  2. Suman Kumar Rai 0 Reputation points
    2023-12-19T14:56:25.6433333+00:00

    I am new to Azure, preparing for AZ-104 examination, don't have lot of experience but practicing daily. I think you have to use Hub and Spoke vNet architecture. I have done in following way.

    All are in the same RG and Region. I think we can do it in different regions but have not tried it yet.

    1. Create 3 vNets (HUB-vNet, Spoke-vNet1, Spoke-vNet2). Created a AzureBastionSubnet in HUB vNet.
    2. Attached 1 / 1 VMs (no Public IP, NO RDP etc.) into Spoke-vNet1 and Spoke-vNet2, installed WEB Server Role in both.
    3. Configured Azure Virtual Network Manager (added Spoke vNets to Group and selected HUB as HUB vNet).
    4. Created and configured bastion (added Spoke Subnets to bastion).
    5. Created Applicate Security Group (2) to manage clients properly.
    6. Created Network Security Group (allowed RDP for both spoke subnets).
    7. Created DNS private and added 2 spoke vnets to virtual network links.
    8. Created RecordSet, web1.domain.local and mapped both VMs IP address.
    9. IP address or FQDN = web.domain.local
    10. IP address or FQDN = web1.domain.local
    11. IP address or FQDN = 1st vm IP
    12. IP address or FQDN = 2nd vm IP
    13. Backend Setting Port 80 HTTP.
    14. Finally, allow Port 80 Public Load Balancer IP.
    15. Create 2/2 Separate Inbound security rules in NSG to open RDP, TCP:80 ports for local communication.

    The above topology is working for me.

    Even if a VM is down, the web server is UP because of load balancing.

    Cheers!RG-EastUS (2)

    0 comments