125124, 752 PM ‘Tutorial: Create a gateway oad balancer - Azure CLI Azure Load Balancer | Microsoft Learn Tutorial: Create a gateway load balancer using the Azure CLI Article + 06/27/2023 Azure Load Balancer consists of Standard, Basic, and Gateway SKUs. Gateway Load Balancer is used for transparent insertion of Network Virtual Appliances (NVA). Use Gateway Load Balancer for scenarios that require high performance and high scalability of NVAs. In this tutorial, you learn how to: VY Create virtual network VY Create network security group. V Create a gateway load balancer. VY Chain a load balancer frontend to gateway load balancer. Prerequisites ‘* Use the Bash environment in Azure Cloud Shell. For more information, see Quickstart for Bash in Azure Cloud Shell. i * Ifyou prefer to run CLI reference commands locally, install the Azure CLI. If you're running on Windows or macOS, consider running Azure CLI in a Docker container. For more information, see How to run the Azure CLI in a Docker container, © Ifyou're using a local installation, sign in to the Azure CLI by using the az login command. To finish the authentication process, follow the steps displayed in your terminal. For other sign-in options, see Sign in with the Azure CLI. © When you're prompted, install the Azure CLI extension on first use. For more information about extensions, see Use extensions with the Azure CLI. © Run az version to find the version and dependent libraries that are installed. To upgrade to the latest version, run az upgrade. © This tutorial requires version 2.0.28 or later of the Azure CLI. If using Azure Cloud Shell, the latest version is already installed. nitps:leam microsot.comlon-uslazurelload-balancertutora-gatewsay-< 18125124, 752 PM ‘Tutorial: Create a gateway load balancer - Azure CLI Azure Load Balancer| Microsoft Learn ‘© An Azure account with an active subscription.Create an account for free * An existing public standard SKU Azure Load Balancer. For more information on creating a load balancer, see Create a public load balancer using the Azure CLI. © For the purposes of this tutorial, the existing load balancer in the examples is named myLoadBalancer. Create a resource group ‘An Azure resource group is a logical container into which Azure resources are deployed and managed. Create a resource group with az group create: ‘Azure CLI az group create \ =-name TutoréwLB-rg \ --location eastus Configure virtual network A virtual network is needed for the resources that are in the backend pool of the gateway load balancer. Create virtual network Use az network vnet create to create the virtual network. Azure CLI az network vnet create \ --resource-group TutorGwLB-rg \ location eastus \ =-name myVNet \ address-prefixes 1@.1.0.0/16 \ subnet-name myBackendSubnet \ --subnet-prefixes 10,1.0.0/24 nitps:leam microsot.comlon-uslazurelload-balancertutora-gatewsay-< 20125124, 752 PM Tutorial: Cre a gateway load balancer - Azure CL1- Azure Load Balance | Mirsot Lear Create bastion public IP address Use az network public-ip create to create a public IP address for the Azure Bastion host Azure CLI az network public-ip create \ ~-resource-group TutorGwLB-rg \ --name myBastionIP \ --sku Standard \ --zone 123 Create bastion subnet Use az network vnet subnet create to create the bastion subnet. Azure Cll az network vnet subnet create \ =-esource-group TutorGwLB-rg \ =-name AzureBastionSubnet \ s-vnet-name myVNet \ --address-prefixes 10,1.1.0/27 Create bastion host Use az network bastion create to deploy a bastion host for secure management of resources in virtual network ‘Azure CLI az network bastion create \ --resource-group TutoréwLB-rg \ <-name myBastionHost \ --public-ip-address myBastionIP \ --vnet-name myVNet \ --location eastus It can take a few minutes for the Azure Bastion host to deploy. © Important nttps:leam microsof.comlen-usfazureload-balancerttora-gatewsay-< 3‘12504, 752 Pm “uot: Crate a gateway load balancer - Azure CLI- Azure Load Balance | Mirsot Lear Hourly pricing starts from the moment that Bastion is deployed, regardless of outbound data usage. For more information, see Pricing and SKUs. If you're deploying Bastion as part of a tutorial or test, we recommend that you delete this resource after you finish using it. Configure NSG Use the following example to create a network security group. You'll configure the NSG rules needed for network traffic in the virtual network created previously. Create NSG Use az network nsg create to create the NSG. Azure CLI az network nsg create \ --resource-group TutoréwLB-rg \ =-name myNSG Create NSG Rules Use az network nsg rule create to create rules for the NSG. Azure CLI az network nsg rule create \ --pesource-group TutoréwLB-rg \ --nsg-name myNSG \ =-name myNSGRule-AllowAll \ --protocol '*" \ --direction inbound \ --source-address-prefix '0.0.0.0/@" \ --source-port-range '*" \ --destination-address-prefix '0.0.0.0/0" \ --destination-port-range "*" \ --access allow \ --priority 100 az network nsg rule create \ =-resource-group TutorGwLB-rg \ --nsg-name myNSG \ nitps:leam microsot.comlon-uslazureload-balancerttora-gateway-<112524, 7:52 PM ‘Tutorial: Create a gateway oad balancer - Azure CLI- Azure Load Balancer| Microsoft Learn =-name myNSGRule-AllowAll-TCP-out \ =-protocol ‘TCP’ \ --direction outbound \ --source-address-prefix '0.0.0.0/8" \ --source-port-range ‘*" \ --destination-address-prefix '0.0.0.0/0" \ --destination-port-range ‘*" \ --access allow \ --priority 100 Configure Gateway Load Balancer In this section, you'll create the configuration and deploy the gateway load balancer. Create Gateway Load Balancer To create the load balancer, use az network |b create. Azure CLI az network 1b create \ --resource-group TutorGwLB-rg \ --name myLoadBalancer-gw \ --sku Gateway \ --vnet-name myVNet \ --subnet myBackendSubnet \ --backend-pool-name myBackendPool \ --frontend-ip-name myFrontEnd Create tunnel interface An internal interface is automatically created with Azure CLI with the --identifier of 900 and --port of 10800. You'll use az network Ib address-pool tunnel-interface add to create external tunnel interface for the load balancer. ‘Azure CLI az network 1b address-pool tunnel-interface add \ --address-pool myBackEndPool \ --identifier '901" \ nitps:leam microsot.comlon-uslazureload-balancertutora-gatewsay-< 59‘125128, 7:52 PM ‘Tutorial: Create a gateway load balancer - Azure CLI Azure Load Balancer| Microsoft Learn <-1b-name myLoadBalancer-gu \ =-protocol VXLAN \ =-resource-group TutorGwLB-rg \ --type External \ --port '10801" Create health probe A health probe is required to monitor the health of the backend instances in the load balancer, Use az network Ib probe create to create the health probe. ‘Azure CLI az network 1b probe create \ --resource-group TutorGwLB-rg \ =-Ib-name myLoadBalancer-gw \ =-name myHealthProbe \ --protocol http \ ~-port 88 \ --path "/* \ -+interval '5* \ --threshold "2" Create load-balancing rule Traffic destined for the backend instances is routed with a load-balancing rule. Use az network |b rule create to create the load-balancing rule. ‘Azure CLI az network 1b rule create \ --resource-group TutorGwLB-rg \ --1b-name myLoadBalancer-gu \ --name myLBRule \ =-protocol All \ --frontend-port @ \ --backend-port @ \ --frontend-ip-name myFronténd \ --backend-pool-name myBackéndPool \ --probe-name myHealthProbe hntps:leam microsof. conver-usiazureload-nalancerfutorial-gateway-c125124, 752 PM ateway load balancer - Azure CLI-Azure Load Balancer | Microsoft Learn Add network virtual appliances to the Gateway Load Balancer backend pool Deploy NVAs through the Azure Marketplace. Once deployed, add the virtual machines to the backend pool with az network nic ip-config address-pool add. Chain load balancer frontend to Gateway Load Balancer In this example, you'll chain the frontend of a standard load balancer to the gateway load balancer. You'll add the frontend to the frontend IP of an existing load balancer in your subscription. Use az network Ib frontend-ip show to place the resource ID of your gateway load balancer frontend into a variable. Use az network Ib frontend-ip update to chain the gateway load balancer frontend to your existing load balancer. ‘Azure CLI feid=$(az network 1b frontend-ip show \ =-resource-group TutorGwLB-rg \ --1b-name myLoadBalancer-gw \ --name myFrontend \ --query id \ --output tsv) az network 1b frontend-ip update \ --resource-group CreatePubLBQS-rg \ shame myFrontendIP \ --1b-name myLoadBalancer \ --public-ip-address myPublicIP \ --gateway-1b $feid Chain virtual machine to Gateway Load Balancer Alternatively, you can chain a VM's NIC IP configuration to the gateway load balancer. nitps:leam microsot.comlon-uslazurelload-balancertutora-gatewsay-< 78125124, 752 PM ‘Tutorial: Create a gateway oad balancer - Azure CLI- Azure Load Balancer| Microsoft Learn You'll add the gateway load balancer's frontend to an existing VM's NIC IP configuration. Use az network Ib frontend-ip show to place the resource ID of your gateway load balancer frontend into a variable Use az network Ib frontend-ip update to chain the gateway load balancer frontend to your ‘existing VM's NIC IP configuration. Azure CLI feid-$(az network 1b frontend-ip show \ =-resource-group TutorwL8-rg \ =-lb-name myLoadBalancer-gu \ =-name myFrontend \ ~-query id \ =-output tsv) az network nic ip-config update \ ~-resource-group MyResourceGroup =-nicename MyNIC --name MyTPconfig --gateway-1b $feid Clean up resources When no longer needed, you can use the az group delete command to remove the resource group, load balancer, and the remaining resources. ‘Azure CLI az group delete \ =-name TutorGuLB-rg Next steps Create Network Virtual Appliances in Azure. When creating the NVAs, choose the resources created in this tutorial: © Virtual network nitps:leam microsot.comlon-usfazureload-balancerttora-gatewsay-< 8cer | Microsoft Learn tea gateway load balancer - Azure CLI- Azure Load 8 125124, 752 PM © Subnet * Network security group * Gateway Load Balancer Advance to the next article to learn how to create a cross-region Azure Load Balancer. nitps:leam microsot.comlon-usfazureload-balancerttora-gatewsay-< 9