1125124, 753 PM Tutorial: Configure outbound connectivily witha gateway load balancer - Azure Load Balancer | Microsoft Learn Tutorial: Configure outbound connectivity with a gateway load balancer Article + 10/24/2023 ‘Azure Load Balancer consists of Standard, Basic, and Gateway SKUs. Gateway Load Balancer (GWLB) is used for transparent insertion of Network Virtual Appliances (NVA). Use Gateway Load Balancer for scenarios that require high performance and high scalability of NVAs. In this tutorial, you learn how to: Y Chain a virtual machine's IP or to a Gateway Load Balancer. Y Create a new load balancer frontend IP configuration. Y Create an outbound rule for virtual machine traffic. Prerequisites * An Azure account with an active subscription. Create an account for free ‘* An existing public standard SKU Azure Load Balancer. For more information on creating a load balancer, see Create a public load balancer using the Azure portal © For the purposes of this tutorial, the standard load balancer is named myLoadBalancer and is located in a resource group called myResourceGroup. * An existing Gateway SKU Azure Load Balancer. For more information on creating a gateway load balancer, see Create a gateway load balancer using the Azure portal © For the purposes of this tutorial, the gateway load balancer in the examples is name myGatewayLoadBalancer. * Avvirtual machine or network virtual appliance deployed in the same region and resource group as the load balancers. For more information on deploying a virtual machine, see Create a Windows VM in the Azure portal, © For the purposes of this tutorial, the virtual machine is named myVM1 Chain a virtual machine to a gateway load balancer ntps:leam mierosot.comlen-usfazurelload-balancertutora-gateway-outbound-connectivity wr‘i254, 753 PM “Tutorial: Configure outbound connectivity wit 8 gateway lad balancer - Azure Load Balancer | Miroso Lam In this section, you chain an existing virtual machine's public IP to a gateway load balancer. A gateway load balancer can be inserted in the path of outbound traffic by chaining to virtual machine instance level public IPs. This method secures both inbound and outbound traffic reaching or originating from this virtual machine's public IP. 1. Navigate to your existing virtual machine. This example uses a virtual machine named myVM1 2. To verify your virtual machine has a standard SKU public IP associated with it, select Public IP address > Overview and confirm that the SKU is Standard. 3. Return to your virtual machine. 4. In Overview of the virtual machine, select Networking under Settings. 5, Select the network interface attached to the virtual machine. This example uses myvm1185_z1. @ MYM Networking + x re oes WR Nn es ek P Dag inabe pee ad oundponniee Oitendsenile spHatinsayeee etary 6. In Network interface, select IP configurations under Settings. 7. Select myFrontend in Gateway Load balancer. ay myvmt85.21 | configurations = 8, Select Save. hntps:leam mierosof. conver-usiazureload-nalancerutorial-gateway-outdound-connectivty 21125124, 753 PM “Tutorial: Configure outbound connectivity witha gateway load balancer - Azure Load Balancer | Microsoft Learn Create a load balancer frontend In this section, you create a new frontend IP configuration for outbound traffic in our existing standard public load balancer. Using separate public IPs for inbound and outbound traffic is a recommend best practice. Reusing the same public IP for inbound and outbound traffic can increase the risk of SNAT exhaustion, as load balancing and inbound NAT rules decrease the number of available SNAT ports. 1. Navigate to myLoadBalancer or your existing standard public load balancer and go to the Frontend IP configuration under Settings. qj MyloadBalancer | Frontend IP configuration P Dire sae potore 2, Select + Add to create a new frontend IP configuration 3. In the Add frontend IP configuration page, enter or select the following information: © Expand table Setting Value Name Enter myOutboundFrontend IP version Select IPv4. IP type Select IP address. Public IP address Select Create new. In Add a public IP address, enter myOutboundPublicIP for name, and select Ok, Gateway Load Select myGatewayLoadBalancerFrontEnd. balancer ntps:leam mierosot.comlon-usfazurelload-balancertutora-gateway-outbound-connectivity 37“125124, 7:53 PM “Tutriak Configure autbound connectvy with @ gateway load balancer - Azure Load Balancer | Microsoft Lear Add frontend IP configuration Name + Pversion © pa O ms wigs © Wosvess © 1? refx Public P adiess* New! nyOutbourdP bP v Gestenew [stem toad bancer © ‘nyGWhronténd 10.005) Faure Sisto abcd -2345-789-0be-dfO124S67R Resource HEE 202s 4, Select Add. O Note This step will chain your frontend to the gateway load balancer frontend specified. Any inbound or outbound traffic served by this frontend is redirected to the gateway load balancer for inspection by the configured NVAs before being distributed to this load balancer’s backend instances. Create outbound rule 1. In Load balancer, select Outbound rules under Settings. 2. Select + Add in Outbound rules to add a rule. hntps:leam mierosof. conver-usiazureload-nalancerutorial-gateway-outdound-connectivty an“125124, 7:53 PM “Tutoriak Configure autbound connectvy with @ gateway load balancer - Azure Load Balancer | Microsoft Lear + myLoadBalancer | Outbound rules» x fad ]< EER] o mech co itch © One 1 svg ionmetie st oo Po a 2 Daarene on he pers on ernare sage dda nde tet ce 1 ath oetes osu 3. In Add outbound rule window, Enter or select the following information in: © Expand table Setting Value Name Enter myOutboundRule. IP version Select IPva. Frontend IP Select the frontend IP address of the load balancer. This example uses address myOutboundFrontend, Protocol Leave the default of All. Idle timeout Enter 4 or your desired value. (minutes) TCP Reset Leave the default of Enabled. Backend pool Select the backend pool of the load balancer. This example uses myBackendPool Port allocation Portallocation _Select Manually choose number of outbound ports Outbound ports Choose by Select Maximum number of backend instances. Ports per instance Enter the anticipated maximum number of backend instances. This example uses 2 backend instances. hntps:leam mierosof. conver-usiazureload-nalancer tutorial gateway-outdound-connectvty 57“125124, 7:53 PM “Tutriak Configure autbound connectvy with @ gateway load balancer - Azure Load Balancer | Microsoft Lear Add outbound rule Nome * ‘nyOutboundule Z IP Version *| Protocol Idle ineout (minutes) © Max 700 TP Reset © Enabled Disabled Backend pool * ‘myBackendPoo! (instances) v Port allacation ‘Azure automatically assign the numberof outbound ports to use for source network address translation (SNAT based on ‘the number of frortend IP addresses and backend pool instances. Learn mare abour cutbound connectiiy Por allocation ‘Manually choose number of autbound ports v ‘outbound ports ‘Choose by * [Maximum number ofbackend instances Ports per instance © 10664 ‘Aailable frontend ports 1000 Maximum numberof backend stances [6 v HE 2 sino 4, Select Add. © Important Gateway load balancer doesn't currently support chaining with NAT Gateway. Outbound traffic origina .g from Azure virtual machines, served through NAT Gateway, goes directly to the Internet. And that NAT Gateway takes precedence over any instance-level public IPs or load balancers for outbound traffic. NAT Gateway can be configured for outbound connectivity together with a Standard Public Load Balancer and Gateway Load Balancer architecture for hntps:leam mierosof. conver-usiazureload-nalancer tutorial gateway-outbound-connectivty112504, 753 Pm Tori: Config outbound connectviy wth a gateway load balancer Azure Load Balancer | Mirosot Learn inbound connectivity. In this scenario, all inbound traffic flows as expected through the gateway load balancer to the Standard load balancer, while outbound traffic goes to the Internet directly. If NVAs need to be inserted for outbound traffic, apply the methods described in this article. For example, chaining an instance-level public IP or outbound rules load balancer frontend to a gateway load balancer. Clean up resources When no longer needed, delete the resource group, load balancer, and all related resources, To do so, select the resource group myResourceGroup that contains the resources and then select Delete. Next steps In this tutorial, you learned how to: * Chained a virtual machine's IP address to a Gateway Load Balancer. * Created a new load balancer frontend IP configuration. * Created an outbound rule for virtual machine traffic. Learn how to [ deploy highly available NVAS | with Azure Load Balancer. ntps:leam mierosot.comlon-usfazurelload-balancertutora-gateway-outbound-connectivity a