3.1 Azure Load Balancer and Traffic Manager
📘Microsoft Azure Networking Solutions (AZ-700)
Overview
Azure Load Balancer (ALB) is a Layer 4 (Transport layer) load balancer that distributes network traffic across multiple resources, such as Virtual Machines (VMs) or virtual machine scale sets. Its main purpose is high availability and scalability of applications.
There are two main types:
- Public Load Balancer
- Internal (Private) Load Balancer
Choosing the right type depends on where the traffic comes from and who needs access.
1. Public Load Balancer
Definition:
A Public Load Balancer has a public IP address and routes internet traffic to resources in your Azure virtual network (VNet).
Key Characteristics:
- Internet-facing: Can be accessed from outside Azure (internet users).
- High availability: Distributes traffic across multiple VMs or services.
- Supports TCP and UDP protocols.
- Backend pool: VMs or services in your VNet that receive traffic.
When to Use (IT Environment Examples):
- Your web application or API is hosted in Azure and needs to be accessed by internet clients.
- Example: A company hosts a web portal for customers. You deploy multiple VMs for redundancy. A public load balancer distributes incoming traffic across the VMs.
- Can also be used with Azure Kubernetes Service (AKS) if external access is needed.
Features:
- Health probes: Checks VM availability and only sends traffic to healthy instances.
- Static or dynamic public IP assignment.
- Can handle millions of concurrent connections with low latency.
2. Internal (Private) Load Balancer
Definition:
An Internal Load Balancer (ILB) has a private IP address and routes traffic within the VNet or from connected networks (like via VPN or ExpressRoute). It is not accessible from the public internet.
Key Characteristics:
- VNet-facing only: Only accessible from inside Azure or through network peering, VPN, or ExpressRoute.
- Supports TCP and UDP protocols.
- Used to load balance traffic for internal services like databases, application tiers, or APIs.
- Backend pool: VMs or services inside the same VNet or peered VNets.
When to Use (IT Environment Examples):
- Internal business applications, such as a payroll system or ERP, that employees or internal services access.
- Multi-tier applications:
- Frontend VMs (with public load balancer) accept internet traffic.
- Internal load balancer distributes traffic from the frontend VMs to backend app servers or database servers.
- Example: A company has multiple app servers in a VNet. ILB ensures even traffic distribution while keeping servers private and secure.
Features:
- Supports internal DNS resolution.
- Can be used with Availability Sets or VM Scale Sets.
- Can work with Azure Private Link or VPN for hybrid network scenarios.
Comparison Table: Public vs Internal Load Balancer
| Feature | Public Load Balancer | Internal Load Balancer |
|---|---|---|
| IP Address | Public IP | Private IP |
| Access | Internet-facing | VNet/Internal only |
| Common Use Case | Web apps, APIs, external services | Internal apps, databases, APIs |
| Protocols Supported | TCP/UDP | TCP/UDP |
| Backend Pool | VMs, VM Scale Sets | VMs, VM Scale Sets |
| Security Considerations | Requires NSGs, Firewall, DDoS Protection | Usually secured by VNet, NSGs |
| Hybrid Access | Can be accessed from internet | Requires VPN/ExpressRoute/Peering |
Exam Tips:
- Traffic Source Determines Choice:
- Internet → Public Load Balancer
- Internal network → Internal Load Balancer
- Think Multi-tier Apps:
- Frontend VMs usually use public LB
- Backend servers usually use internal LB
- Protocols:
- Both support TCP/UDP, so if the exam mentions protocols, match the right scenario.
- Health Probes:
- Always configure them; exam might ask how ALB determines VM availability.
- Hybrid Networks:
- ILB can be accessed via VPN or ExpressRoute if you need on-prem to Azure load balancing.
✅ Summary for Exam:
- Use Public LB for internet-facing apps.
- Use Internal LB for internal apps, APIs, or services.
- Always consider backend pools, health probes, and NSG/security rules.
- Multi-tier apps often combine both: public LB for frontend, internal LB for backend.
