125124, 752 PM “Tutorial: Create a gateway load balancer - Azure portal - Azure Load Balancer | Microsoft Learn Tutorial: Create a gateway load balancer using the Azure portal Article + 11/01/2023 Azure Load Balancer consists of Standard, Basic, and Gateway SKUs. Gateway Load Balancer is used for transparent insertion of Network Virtual Appliances (NVA). Use Gateway Load Balancer for scenarios that require high performance and high scalability of NVAs. In this tutorial, you learn how to: VY Create virtual network Y Create network security group. V Create a gateway load balancer. VY Chain a load balancer frontend to gateway load balancer. Prerequisites * An Azure account with an active subscription. Create an account for free * An existing public standard SKU Azure Load Balancer. For more information on creating a load balancer, see Create a public load balancer using the Azure portal © For the purposes of this tutorial, the load balancer in the examples is named load balancer. * A virtual machine or network virtual appliance for testing, Sign in to Azure Sign in to the Azure portal Create a virtual network and bastion host The following procedure creates a virtual network with a resource subnet, an Azure Bastion subnet, and an Azure Bastion host. © Important ntips:leam microsot.comlen-us/azureload-balancorfutora-gateway-portal a6‘vasa, 7.52 Pm “Tutor Create a gatowsy load balancer Azure portal - Are Load Balancer | Microsoft Leam Hourly pricing starts from the moment that Bastion is deployed, regardless of outbound data usage. For more information, see Pricing and SKUs. If you're deploying Bastion as part of a tutorial or test, we recommend that you delete this resource after you finish using it. 1. In the portal, search for and select Virtual networks. 2. On the Virtual networks page, select + Create. 3. On the Basics tab of Create tual network, enter or select the following information: © Expand table Setting Value Project details Subscription Select your subscription. Resource group Select Create new. Enter load-balancer-rg in Name. Select OK. Instance details Name Enter Ib-vnet Region Select East US. nttps:lleam microsot.comlen-us/azureload-balancorfutora-gateway-portal 26“125124, 7:52 PM gateway load balancer - Azure portal -Azu Load Balancer | Microsoft Learn re t a « ° © & Home > Vinual networks Create virtual network x Basics Secunty Padkhesser Tage Review +ceate Asie Vital Net (ie the fundamental buleing Rack fr you pte networkin Azur Neen may pst of ‘aur esoutces, such 35 ze Virtual Machies (M1 Securely Communit wth exh ote, tb erat ahd on-premises rensvts avis rare # radon natn ta os open your ou ots arta bengswth sons tenets oF Azure'sinanictie seh as sc asi and oer Project deta Sele the sabeciption to mange dpe escctes an cos Ut resource goup ie rete orgie ane manage all sutrpton ae ¥ l . rescue group (Ne oa ce ¥ ‘Vetus network nme lbamet region © * eeus ~ 4, Select the Security tab or Next button at the bottom of the page. 5. Under Azure Bastion, enter or select the following information: <2 Expand table Setting Value Azure Bastion Enable Azure Bastion Select checkbox Azure Bastion host name Enter Ib-bastion. ‘Azure Bastion public IP address Select Create new. Enter Ib-bastion-ip in Name. hntps:ilear microsoft. conver-usiazureload-Dalanceritutoial-gateway-pertal 36125124, 752 PM “Tutorial: Create a gateway load balancer - Azure portal - Azure Load Balancer | Microsoft Learn Setting Value Select OK. 6, Select the IP addresses tab, or Next at the bottom of the page. 7. On Create virtual network page, enter or select the following information: Setting ‘Add IPv4 address space IPv4 address space Subnets Subnet template Name Starting address Subnet size Security NAT Gateway 2 Expand table Value Enter 10.0.0.0/16 (65,356 addresses) Select the default subnet link to edit. Leave the default Default Enter backend-subnet. Enter 10.0.0.0. Enter /24(256 addresses), Select Ib-nat-gateway. nttps:lleam microsot.comlen-us/azureload-balancorfutora-gateway-portal ane“125124, 7:52 PM Tutorial: Edit subnet 1 gateway load balancer -Azure portal -Azure Load Balancer | Microsoft Learn x Select an address space and configure your subnet, You can customize a defeult subnet or select from subnet templates if you plan to add select services later. Learn more c IP address space @ Subnet details Subnat template © Name~@ Starting address * © Subnet size @ IP address space @ ‘Security 0.0.0.0/16 10.0.0.0- 10.0.255.255 (65536 addresses) Default v backend-subnet ] (Fone 7/24 (256 addresses) v| 10.0.0 - 100.0255 (256 addresses) Simplify internet access for virtual machines by using a network address translation gateway. Filter subnet traffic using 2 network security group. Learn more ©? NAT gateway © Network security group © Route table 8, Select Save. None v Create new None v Create new None v 9. Select Review + create at the bottom of the screen, and when validation passes, select Create. hntps:lear microsoft. conver-usiazureload-Dalancertuteial-gateway-pertal 516125124, 752 PM “Tutorial: Create a gateway load balancer - Azure portal - Azure Load Balancer | Microsoft Learn Create NSG Use the following example to create a network security group. You configure the NSG rules needed for network traffic in the virtual network created previously. 1. In the search box at the top of the portal, enter Network Security. Select Network security groups in the search results. 2. Select + Create. 3. In the Basics tab of Create network security group, enter, or select the following information: © Expand table Setting Value Project details Subscription Select your subscription, Resource group Select load-balancer-rg Instance details Name Enter *b-nsg-R Region Select East US. 4, Select the Review + create tab or select the Review + create button 5. Select Create. 6. In the search box at the top of the portal, enter Network Security. Select Network security groups in the search results. 7. Select *lb-nsg-R. 8, Select Inbound security rules in Settings in *lb-nsg-R. 9, Select + Add. 10. In Add inbound security rule, enter or select the following information ntips:leam microsot.comlen-us/azureload-balancorfutora-gateway-portal ene125124, 752 PM “Tutorial: Create a gateway load balancer - Azure portal - Azure Load Balancer | Microsoft Learn Setting Source Source port ranges Destination Service Destination port ranges Protocol Action Priority Name 11, Select Add, 12. Select Outbound security rules in Set 13, Select + Add. (2 Expand table Value Leave the default of Any. Leave the default of Leave the default of Any. Leave the default of Custom, Enter Select Any. Leave the default of Allow. Enter 100. Enter Ilb-nsg-Rule-AllowAll-All 14. In Add outbound security rule, enter or select the following information. Setting Source Source port ranges Destination Service Destination port ranges Protocol Action 2 Expand table Value Leave the default of Any. Leave the default of *. Leave the default of Any. Leave the default of Custom. Enter". Select TCP. Leave the default of Allow. nttps:lleam microsot.comlen-us/azureload-balancorfutora-gateway-portal 76125124, 752 PM “Tutorial: Create a gateway load balancer - Azure portal - Azure Load Balancer | Microsoft Learn Setting Value Priority Enter 100. Name Enter Ib-nsg-Rule-AllowAll-TCP-Out 15, Select Add. Select this NSG when creating the NVAs for your deployment. Create Gateway Load Balancer In this section, you create the configuration and deploy the gateway load balancer. 1. In the search box at the top of the portal, enter Load balancer. Select Load balancers in the search results. 2. In the Load balancer page, select Create. 3. In the Basics tab of the Create load balancer page, enter, or select the following information: ©) Expand table Setting Value Project details Subscription Select your subscription. Resource group Select load-balancer-rg Instance details Name Enter gateway-load-balancer Region Select (US) East US. Type Select Internal. sku Select Gateway. nttps:lleam microsot.comlen-us/azureload-balancorfutora-gateway-portal ane“125124, 7:52 PM Tutorial: gateway load balancer - Azure portal -Azu Lead Balancer | Microsoft Home > Resource groups > laad-balancerg > Marketplace > Load Balancar > Create load balancer a asics 7 : " , t ‘Azure oad balancer slayer oad bance that stnbutesinceming vac among heathy vital machine instances. Lad belncers uses a hash-hasea distri algorithm 8y cfu uses a Stuplescure I, source por, cesiratin I, Castnaticn pow. pretool ype) hezh fo map trafic to salvia savers Load balancer can athe be internet ‘song where it faccesablewa pubic addresses. or internal where tony accesible fom 3 wtual network Azure load balancer ao suppert ‘Network dates: Tandtion NA to toute vac bettcen public and pat P adresses. Laan more rt si Le pease =a = one ti ma = 7 ae Osim O Basie wero Tier * @® Regional | [ents | ea emer conigmaion>—] ooolond atelier automation eve eeack 4, Select Next: Frontend IP configuration at the bottom of the page. 5. In Frontend IP configuration, select + Add a frontend IP. 6. In Add frontend IP configuration, enter or select the following information: © Expand table Setting Value Name Enter Ib-frontend-IP. Virtual network Select Ib-vnet. hntps:lear microsoft. conver-usiazureload-Dalancertuteial-gateway-pertal one125124, 752 PM “Tutorial: Create a gateway load balancer - Azure portal - Azure Load Balancer | Microsoft Learn Setting Value Subnet Select backend-subnet. Assignment Select Dynamic 7. Select Add. 8, Select Next: Backend pools at the bottom of the page. 9, In the Backend pools tab, select + Add a backend pool. 10. In Add backend pool, enter or select the following information. 2 Expand table Setting Value Name Enter Ib-backend-pool. Backend Pool Configuration Select NIC. IP Version Select IPv4. Gateway load balancer configuration Type Select Internal and External Internal port Leave the default of 10800. Internal identifier Leave the default of 800. External port Leave the default of 10801 External identifier Leave the default of 801 11. Select Add. 12, Select the Next: Inbound rules button at the bottom of the page. 13. In Load balancing rule in the Inbound rules tab, select + Add a load balancing rule. 14, In Add load balancing rule, enter or select the following information: (© Expand table nttps:lleam microsot.comlen-us/azureload-balancorfutora-gateway-portal 1016125124, 752 PM “Tutorial: Create a gateway load balancer - Azure portal - Azure Load Balancer | Microsoft Learn Setting Name IP Version Frontend IP address Backend pool Health probe Session persistence Enable TCP reset Enable floating IP Value Enter Ib-rule Select IPv4 or IPV6 depending on your requirements. Select Ib-frontend-IP. Select Ib-backend-pool. Select Create new. In Name, enter Ib-health-probe Select TCP in Protocol. Leave the rest of the defaults, and select Save. Select None. Leave the default of unchecked Leave default of unchecked. nttps:lleam microsot.comlen-us/azureload-balancorfutora-gateway-portal 16“125124, 7:52 PM Tutorial: a gstowsy load balancer Azure pol - Aire Load Balancer | Microsoft Lear Add load balancing rule x gateway-load-balancer A lead balancing rule distributes incoming treffic that is sent to a selected IP address and port combination across a group of backend pool instances. Only backend instances that the health probe considers healthy receive new traffic, Name* [Ib-rule 1p Version ~ © wa O we Frontend IP address * [Ib-frontendt-ip (Dynamic) v Backend pool * @ [Ibackend-poot High availabilty ports @ Enabled Health probe [ Ie-health-probe crcP:80) ¥] eate new Sestion persistence @) [None SS—S—™—SSS J Idle timeout (minutes) ~ © 4 Enable TCP Reset Enable Floating IP. © [[eancet_] Give feedback 15, Select Save. 16, Select the blue Review + create button at the bottom of the page. 17. Select Create. Add network virtual appliances to the gateway load balancer backend pool Deploy NVAs through the Azure Marketplace. Once deployed, add the NVA virtual machines to the backend pool of the gateway load balancer. To add the virtual machines, go to the backend pools tab of your gateway load balancer. hntps:lear microsoft. conver-usiazureload-Dalancertuteial-gateway-pertal rane125124, 752 PM “Tutorial: Create a gateway load balancer - Azure portal - Azure Load Balancer | Microsoft Learn Chain load balancer frontend to the gateway load balancer In this example, you'll chain the frontend of a standard load balancer to the gateway load balancer. You add the frontend to the frontend IP of an existing load balancer in your subscription. 1. In the search box in the Azure portal, enter Load balancer. In the search results, select Load balancers. 2. In Load balancers, select load-balancer or your existing load balancer name. 3. In the load balancer page, select Frontend IP configuration in Settings. 4, Select the frontend IP of the load balancer. In this example, the name of the frontend is Ib-frontend-IP. fy load-balancer | Frontend IP configuration x eve festa © overew BE Actty tog l —e J Name 7s addrass 7 Rules count Te Access contra TAM] frontend Ue-rontendl_0 a © tags * X iagnose and solve problems Settings 1 tend pen I nb na i ope @ tod 5. Select Ib-frontend-IP (10.1.0.4) in the pull-down box next to Gateway load balancer. 6. Select Save. nttps:lleam microsot.comlen-us/azureload-balancorfutora-gateway-portal 1916125124, 752 PM “Tutorial: Create a gateway load balancer - Azure portal - Azure Load Balancer | Microsoft Learn Ib-frontend-ip x 5 Public ‘ype ype © wasves O pete publi ares * Teoria ¥ Grete new Gateway Lad balancer Tbrrontend W000 a Mo 224- 578-2 BASTE Reso cep ad Used by Telit elaad balancing rule, inbound NAT rls, inbound NAT peck, and eutbeund rules using this addres Name Tye “Give feedback Chain virtual machine to Gateway Load Balancer Alternatively, you can chain a VM's NIC IP configuration to the gateway load balancer. You add the gateway load balancer's frontend to an existing VM's NIC IP configuration. © Important A virtual machine must have a public IP address assigned before attempting to chain the NIC configuration to the frontend of the gateway load balancer. 1. In the search box in the Azure portal, enter Virtual machine. In the search results, select Virtual machines. 2. In Virtual machines, select the virtual machine that you want to add to the gateway load balancer. In this example, the virtual machine is named myVM1 3. In the overview of the virtual machine, select Networking in Settings. 4, In Networking, select the name of the network interface attached to the virtual machine. In this example, it's myvn1229. ntips:leam microsot.comlen-us/azureload-balancorfutora-gateway-portal sane“125124, 7:52 PM Tutorial: C | MYM | Networking B tnties om 5. In the network interface page, select IP configurations in Settings. 6, Select Ib-frontend-IP in Gateway Load balancer. sl Myvm229 | IP configurations 7. Select Save. Clean up resources When no longer needed, delete the resource group, load balancer, and all related 1 gateway load balancer -Azure portal -Azure Load Balancer | MicrosoftLearn resources, To do so, select the resource group load-balancer-rg that contains the resources and then select Delete. Next steps Create Network Virtual Appliances in Azure When creating the NVAs, choose the resources created in this tutorial: * Virtual network hntps:lear microsoft. conver-usiazureload-Dalancertuteial-gateway-pertal sitegateway load balancer - Azure portal - Azure Load Balancer | Microsoft Lear 125124, 752 PM Tutorial: Subnet ‘* Network security group © Gateway load balancer Advance to the next article to learn how to create a cross-region Azure Load Balancer. nttps:lleam microsot.comlen-us/azureload-balancorfutora-gateway-portal 1616