1125124, 7:34 PM (ickstar: Create an internal load balancer - Azure CL - Azure Load Balancer | Microsoft Leam Quickstart: Create an internal load balancer to load balance VMs using the Azure CLI Article + 08/24/2023 Get started with Azure Load Balancer by using the Azure CLI to create an internal load balancer and two virtual machines. Additional resources include Azure Bastion, NAT Gateway, a virtual network, and the required subnets. fig) reateiet8as-15 myloadBalancer moral, Ed ~~ ca myPubliP —— i ye imyBackendPoo! ee = cae eg ee A view imyNAtgatewaylP myNATgateway ey ROP/SSH ~ myBackendSubnet | >K mypostonsiost FEY mytastone © BastionSubnet If you don't have an Azure subscription, create an Azure free account _ before you begin. Prerequisites * Use the Bash environment in Azure Cloud Shell. For more information, see Quickstart for Bash in Azure Cloud Shell. ntips:leam microsot.comlen-uslazureload-balanceriquickstartoae-balancer-standar-ntemabli se112504, 7:94 Pm Cuikstart Crete an internal loa blancor- Azure CL -Azure Load Balancer | Microsoft Loam ‘* Ifyou prefer to run CLI reference commands locally, install the Azure CLI. If you're running on Windows or macOS, consider running Azure CLI in a Docker container. For more information, see How to run the Azure CLI in a Docker container. © Ifyou're using a local installation, sign in to the Azure CLI by using the az login command. To finish the authentication process, follow the steps displayed in your terminal. For other sign-in options, see Sign in with the Azure CLL © When you're prompted, install the Azure CLI extension on first use. For more information about extensions, see Use extensions with the Azure CLI. © Run az version to find the version and dependent libraries that are installed. To upgrade to the latest version, run az upgrade. © This quickstart requires version 2.0.28 or later of the Azure CLI. If you're using Azure Cloud Shell, the latest version is already installed. ~ Create a resource group ‘An Azure resource group is a logical container into which you deploy and manage your Azure resources. Create a resource group with az group create Azure CLI az group create \ --name CreateIntLBQs-rg \ --location westus3 When you create an internal load balancer, a virtual network is configured as the network for the load balancer. Create the virtual network Before you deploy VMs and test your load balancer, create the supporting virtual network and subnet. The virtual network and subnet contain the resources deployed later in this article. Create a virtual network by using az network vnet create. ntips:leam mierosot.comlen-uslazureload-balanceriquickstartoae-balancer-standar-nterabli ane1125124, 734 PM (ickstar: Create an internal load balancer - Azure CL - Azure Load Balancer | Microsoft Leam ‘Azure CLI az network vnet create \ --resource-group CreatelntL8Qs-rg \ --location westus3 \ name myVNet \ address-prefixes 10,1.0.0/16 \ subnet-name myBackendSubnet \ subnet-prefixes 10.1.0.0/24 Create an Azure Bastion host In this example, you create an Azure Bastion host. The Azure Bastion host is used later in this article to securely manage the virtual machines and test the load balancer deployment. © Important Hourly pricing starts from the moment that Bastion is deployed, regardless of outbound data usage. For more information, see Pricing and SKUs. If you're deploying Bastion as part of a tutorial or test, we recommend that you delete this resource after you finish using it. Create a bastion public IP address Use az network publi create to create a public IP address for the Azure Bastion host. ‘Azure CLI az network public-ip create \ --resource-group CreateIntLBQs-rg \ --name myBastionIP \ --sku Standard \ --zone 123 Create a bastion subnet Use az network vnet subnet create to create a subnet. ‘Aaure CLI ntips:leam microsot.comlen-uslazureload-balanceriquickstartoae-balancer-standar-ntemabli 321125124, 734 PM (ickstar: Create an internal load balancer Azure CL - Azure Load Balancer | Microsoft Leam az network vnet subnet create \ --pesource-group CreateIntLBQs-rg \. --name AzureBastionSubnet \ --vnet-name myVNet \ --address-prefixes 10.1.1.0/27 Create the bastion host Use az network bastion create to create a host. Azure CLI az network bastion create \ --resource-group CreateIntLBQs-rg \ name myBastionHost \ public-ip-address myBastionIP \ vnet-name myVNet \ Location westus3 It can take a few minutes for the Azure Bastion host to deploy. Create the load balancer This section details how you can create and configure the following components of the load balancer: * A frontend IP pool that receives the incoming network traffic on the load balancer * Abackend IP pool where the frontend pool sends the load balanced network traffic * Ahealth probe that determines health of the backend VM instances * Aload balancer rule that defines how traffic is distributed to the VMs Create the load balancer resource Create an internal load balancer with az network Ib create. ‘Azure CLI ntips:leam microsot.comlen-uslazureload-balanceriquickstartoae-balancer-standar-ntemabli12524, 7:24 PM (ickstar: Create an internal load balancer Azure CL - Azure Load Balancer | Microsoft Leam az network 1b create \ --pesource-group CreateIntLBQS-rg \ --name myLoadBalancer \ --sku Standard \ --vnet-name myVNet \ --subnet myBackendSubnet \ --backend-pool-name myBackEndPool \ --frontend-ip-name myFronténd Create the health probe A health probe checks all virtual machine instances to ensure they can send network traffic. A virtual machine with a failed probe check is removed from the load balancer. The virtual machine is added back into the load balancer when the failure is resolved. Create a health probe with az network lb probe create. ‘Azure CLI az network 1b probe create \ --resource-group CreateIntLBQs-rg \ --1b-name myLoadBalancer \ --name myHealthProbe \ =-protocol tcp \ --port 88 Create a load balancer rule A load balancer rule defines: ‘* Frontend IP configuration for the incoming traffic The backend IP pool to receive the traffic ‘© The required source and destination port Create a load balancer rule with az network Ib rule create. Azure CLI az network 1b rule create \ --resource-group CreateIntLaQs-rg \ ntips:leam mierosot.comlon-uslazureload-balanceriquickstartoae-balancer-standar-ntemabli 521125724, 7:34 PM Cuickstart Crete an ntrnl load balancer Azure CL Azure Load Balancer | Microsoft Leam =-Ib-nane myLoadBalancer \ =-name myHTTPRule \ =-protocol tep \ --frontend-port 8 \ =-backend-port 80 \ --frontend-ip-name myFronténd \ --backend-pool-name myBackEndPool \ --probe-name myHealthProbe \ --idle-timeout 15 \ --enable-tcp-reset true Create a network security group For a standard load balancer, the VMs in the backend pool are required to have network interfaces that belong to a network security group. To create a network security group, use az network nsg create Azure CLI az network nsg create \ --resource-group CreateIntLaQs-rg \ =-name myNSG Create a network security group rule To create a network security group rule, use az network nsg rule create. pour cu az network nsg rule create \ --resource-group CreateIntLBQS-rg \ --nsg-name myNSG \ =-name myNSGRuleHTTP \ --protocol '*" \ --direction inbound \ --source-address-prefix '*" \ --source-port-range '*" \ --destination-address-prefix --destination-port-range 8@ \ --access allow \ --priority 200 ntips:leam microsot.comlen-uslazureload-balanceriquickstartoae-balancer-standar-ntemabli 621125124, 7:34 PM (ickstar: Create an internal load balancer - Azure CL - Azure Load Balancer | Microsoft Leam Create back-end servers In this section, you create: * Two network interfaces for the virtual machines ‘* Two virtual machines to be used as servers for the load balancer Create network interfaces for the virtual machines Create two network interfaces with az network nic create. Azure CL! array=(myNicvitl myNicva2) for vmnic in "${array[@]}" do az network nic create \ --resource-group CreateIntL8Qs-rg \ name $vmnic \ ‘vnet-name myVNet \ --subnet myBackEndSubnet \ --network-security-group myNSG done Create the virtual machines Create the virtual machines with az vm create. Azure CLI array=(1 2) for n in "S{array[@]}" do az vm create \ --pesource-group CreateIntLBQS-rg \ =-name myVMgn \ nics myNicVM$n \ image win2e19datacenter \ ‘admin-username azureuser \ zone $n \ =-no-wait done ntips:leam microsot.comlen-uslazureload-balanceriquickstartoae-balancer-standar-ntemabli me1125124, 7:34 PM (ickstar: Create an internal load balancer - Azure CL - Azure Load Balancer | Microsoft Leam It can take a few minutes for the VMs to deploy. O Note Azure provides a default outbound access IP for VMs that either aren't assigned a public IP address or are in the back-end pool of an internal basic Azure load balancer. The default outbound access IP mechanism provides an outbound IP address that isn’t configurable, The default outbound access IP is disabled when one of the following events happens: * A public IP address is assigned to the VM * The VM is placed in the back-end pool of a standard load balancer, with or without outbound rules, * An Azure Virtual Network NAT gateway resource is assigned to the subnet of the VM. VMs that you create by using virtual machine scale sets in flexible orchestration mode don't have default outbound access. For more information about outbound connections in Azure, see Default outbound access in Azure and Use Source Network Address Translation (SNAT) for outbound connections. Add virtual machines to the backend pool ‘Add the virtual machines to the backend pool with az network nic ip-config address-pool add, ‘Azure CLI array=(Vid VM2) for vm in "S{array[@]}" do az network nic ip-config address-pool add \ address-pool myBackendPool \ p-config-name ipconfigi \ nic-name myNic$vm \ resource-group CreateIntLeQs-rg \ ‘Lb-name myLoadBalancer ntips:leam mierosot.comlon-uslazureload-balanceriquickstartoae-balancer-standar-ntemabli ana1125124, 734 PM (ickstar: Create an internal load balancer - Azure CL - Azure Load Balancer | Microsoft Leam done Create NAT gateway To provide outbound internet access for resources in the backend pool, create a NAT gateway. Create public IP Use az network public-ip create to create a single IP for the outbound connectivity. azure CU az network public-ip create \ =-resource-group CreaterntLBQs-rg \ --name myNATgatewayIP \ --sku Standard \ Create NAT gateway resource Use az network nat gateway create to create the NAT gateway resource. The public IP created in the previous step is associated with the NAT gateway. ‘Azure CLI az network nat gateway create \ ~-resource-group CreateIntLBQS-rg \ --nane myNATgateway \ =-public-ip-addresses myNATgatewayIP \ =-idle-timeout 1 Associate NAT gateway with subnet Configure the source subnet in virtual network to use a specific NAT gateway resource with az network vnet subnet update. ‘Azure CLI ntips:leam microsot.comlen-uslazureload-balanceriquickstartoae-balancer-standar-ntemabli ena1125124, 734 PM (ickstar: Create an internal load balancer Azure CL - Azure Load Balancer | Microsoft Leam az network vnet subnet update \ --pesource-group CreateIntLBQs-rg \ s-vnet-name myVNet \ =-name myBackendSubnet \ --nat-gateway myNATgateway Create test virtual machine Create the network interface with az network nic create. ‘Azure CLI az network nic create \ --resource-group CreateIntLBQs-rg \ --name myNicTestvM \ --vnet-name myVNet \ --subnet myBackEndSubnet \ --network-security-group myNSG Create the virtual machine with az vm create. ‘Azure CLI az vm create \ --resource-group CreateIntLBQs-rg \ --name myTestVM \ --nics myNicTestVM \ --image Win2@19Datacenter \ --admin-username azureuser \ =-no-wait You might need to wait a few minutes for the virtual machine to deploy. Install IIS Use az vm extension set to install IIS on the backend virtual machines and set the default website to the computer name. ‘Azure CLI array=(myVM myVM2) for vm in “${array[@]}" ntips:leam mierosot.comlon-uslazureload-balanceriquickstartoae-balancer-standar-ntemabli soi12524, 7:24 Pmt (ickstar: Create an internal load balancer - Azure CL - Azure Load Balancer | Microsoft Leam do az vm extension set \ --publisher Microsoft.Compute \ s-version 1.8 \ --name CustomScriptextension \ --vm-name $vm \ --resource-group CreateIntLBQS-rg \ --settings '{"commandToExecute":"powershell Add-WindowsFeature Web- Server; powershell Add-Content -Path \"C:\\inetpub\\wwwroot\\Default.htm\" = Value $($env:computername)"}' done Test the load balancer 1.Sign in to the Azure portal. 2. On the Overview page, find the private IP address for the load balancer. In the menu on the left, select All services > All resources > myLoadBalancer. 3. In the overview of myLoadBalancer, copy the address next to Private IP Address. If Private IP address isn't visible, select See more. 4, In the menu on the left, select Alll services > All resources. From the resources list, in the CreatelntLBQS-rg resource group, select myTestVM. 5. On the Overview page, select Connect > Bastion. 6. Enter the username and password that you entered when you created the VM 7. On myTestVM, open Internet Explorer. 8, Enter the IP address from the previous step into the address bar of the browser. The default page of the IIS web server is shown on the browser. ntips:leam microsot.comlen-uslazureload-balanceriquickstartoae-balancer-standar-ntemabli se1125124, 7:34 PM (ickstar: Create an internal load balancer - Azure CL - Azure Load Balancer | Microsoft Leam @ 3 3 s mt Hello World from myVM1 Clean up resources When your resources are no longer needed, use the az group delete command to remove the resource group, load balancer, and all related resources. ‘Azure CLI az group delete \ --name CreateIntLBQs-rg Next steps In this quickstart: * You created an internal load balancer ¢ Attached two virtual machines * Configured the load balancer traffic rule and health probe * Tested the load balancer To learn more about Azure Load Balancer, continue to: [wri cre Londoner? | ntips:leam microsot.comlen-uslazureload-balanceriquickstartoae-balancer-standar-ntemabli aire