Tutorial: Load balance multiple IP configurations using the Azure portal

To host multiple websites, you can use another network interface associated with a virtual machine. Azure Load Balancer supports deployment of load-balancing to support the high availability of the websites.

In this tutorial, you learn how to:

  • Create and configure a virtual network, subnet, and NAT gateway.
  • Create two Windows server virtual machines
  • Create a secondary NIC and network configurations for each virtual machine
  • Create two Internet Information Server (IIS) websites on each virtual machine
  • Bind the websites to the network configurations
  • Create and configure an Azure Load Balancer
  • Test the load balancer

Prerequisites

Create a virtual network and bastion host

In this section, you create a virtual network with a resource subnet, an Azure Bastion subnet, and an Azure Bastion host.

Important

Hourly pricing starts from the moment that Bastion is deployed, regardless of outbound data usage. For more information, see Pricing and SKUs. If you're deploying Bastion as part of a tutorial or test, we recommend that you delete this resource after you finish using it.

  1. In the portal, search for and select Virtual networks.

  2. On the Virtual networks page, select + Create.

  3. On the Basics tab of Create virtual network, enter or select the following information:

    Setting Value
    Project details
    Subscription Select your subscription.
    Resource group Select load-balancer-rg from the dropdown or Create new if it doesn't exist.
    Enter load-balancer-rg in Name.
    Select OK.
    Instance details
    Name Enter lb-vnet.
    Region Select China North 3

    Screenshot of Basics tab of Create virtual network in the Azure portal.

  4. Select the Security tab or Next button at the bottom of the page.

  5. Under Azure Bastion, enter or select the following information:

    Setting Value
    Azure Bastion
    Enable Azure Bastion Select checkbox.
    Azure Bastion host name Enter lb-bastion.
    Azure Bastion public IP address Select Create new.
    Enter lb-bastion-ip in Name.
    Select OK.
  6. Select the IP addresses tab, or Next at the bottom of the page.

  7. On Create virtual network page, enter or select the following information:

    Setting Value
    Add IPv4 address space
    IPv4 address space Enter 10.0.0.0/16 (65,356 addresses).
    Subnets Select the default subnet link to edit.
    Edit subnet
    Subnet purpose Leave the default Default.
    Name Enter backend-subnet.
    Starting address Enter 10.0.0.0.
    Subnet size Enter /24(256 addresses).
    Security
    NAT Gateway Select lb-nat-gateway.

    Screenshot of default subnet rename and configuration.

  8. Select Save.

  9. Select Review + create at the bottom of the screen, and when validation passes, select Create.

Important

Hourly pricing starts from the moment that Bastion is deployed, regardless of outbound data usage. For more information, see Pricing and SKUs. If you're deploying Bastion as part of a tutorial or test, we recommend that you delete this resource after you finish using it.

Create NAT gateway

In this section, you create a NAT gateway for outbound internet access for resources in the virtual network. For other options for outbound rules, check out Network Address Translation (SNAT) for outbound connections

  1. Sign in to the Azure portal.

  2. In the search box at the top of the portal, enter NAT gateway. Select NAT gateways in the search results.

  3. Select + Create.

  4. In the Basics tab of Create network address translation (NAT) gateway enter or select the following information:

    Setting Value
    Project details
    Subscription Select your subscription.
    Resource group Select Create new.
    Enter load-balancer-rg in Name.
    Select OK.
    Instance details
    NAT gateway name Enter lb-nat-gateway.
    Region Select China North 3.
    Availability zone Select No zone.
    Idle timeout (minutes) Enter 15.
  5. Select the Outbound IP tab or select the Next: Outbound IP button at the bottom of the page.

  6. Select Create a new public IP address under Public IP addresses.

  7. Enter nat-gw-public-ip in Name in Add a public IP address.

  8. Select OK.

  9. Select the blue Review + create button at the bottom of the page, or select the Review + create tab.

  10. Select Create.

Create virtual machines

In this section, you create two virtual machines to host the IIS websites.

  1. In the search box at the top of the portal, enter Virtual machine. Select Virtual machines in the search results.

  2. In Virtual machines, select + Create.

  3. In Create virtual machine, enter or select the following information:

    Setting Value
    Project Details
    Subscription Select your Azure subscription
    Resource Group Select load-balancer-rg
    Instance details
    Virtual machine name Enter myVM1
    Region Select China North 3
    Availability Options Select Availability zones
    Availability zone Select 1
    Security type Leave the default of Standard.
    Image Select Windows Server 2022 Datacenter - Gen2
    Size Choose VM size or take default setting
    Administrator account
    Username Enter a username
    Password Enter a password
    Confirm password Reenter password
    Inbound port rules
    Public inbound ports Select None
  4. Select the Networking tab, or select Next: Disks, then Next: Networking.

  5. In the Networking tab, select or enter:

    Setting Value
    Network interface
    Virtual network Select myVNet.
    Subnet Select backend-subnet(10.1.0.0/24)
    Public IP Select None.
    NIC network security group Select Advanced
    Configure network security group Select Create new.
    In Create network security group, enter myNSG in Name.
    In Inbound rules, select +Add an inbound rule.
    In Service, select HTTP.
    In Priority, enter 100.
    In Name, enter myNSGrule
    Select Add
    Select OK
  6. Select Review + create.

  7. Review the settings, and then select Create.

  8. Follow the steps 1 to 7 to create another VM with the following values and all the other settings the same as myVM1:

    Setting VM 2
    Name myVM2
    Availability zone 2
    Network security group Select the existing myNSG

Note

Azure provides a default outbound access IP for VMs that either aren't assigned a public IP address or are in the backend pool of an internal basic Azure load balancer. The default outbound access IP mechanism provides an outbound IP address that isn't configurable.

The default outbound access IP is disabled when one of the following events happens:

  • A public IP address is assigned to the VM.
  • The VM is placed in the backend pool of a standard load balancer, with or without outbound rules.
  • An Azure NAT Gateway resource is assigned to the subnet of the VM.

VMs that you create by using virtual machine scale sets in flexible orchestration mode don't have default outbound access.

For more information about outbound connections in Azure, see Default outbound access in Azure and Use Source Network Address Translation (SNAT) for outbound connections.

Create secondary network configurations

In this section, you change the private IP address of the existing NIC of each virtual machine to Static. Next, you add a new NIC resource to each virtual machine with a Static private IP address configuration.

For more information on configuring floating IP in the virtual machine configuration, see Floating IP Guest OS configuration.

  1. In the search box at the top of the portal, enter Virtual machine. Select Virtual machines in the search results.

  2. Select myVM1.

  3. Stop the virtual machine if it's running.

  4. Select Networking in Settings.

  5. In Networking, select the name of the network interface next to Network interface. The network interface begins with the name of the VM and has a random number assigned. In this example, myVM1266.

    Screenshot of myVM1 networking configuration in Azure portal.

  6. In the network interface page, select IP configurations in Settings.

  7. In IP configurations, select ipconfig1.

    Screenshot of myVM1 network interface configuration.

  8. Select Static in Assignment in the ipconfig1 configuration.

  9. Select Save.

  10. Return to the Overview page of myVM1.

  11. Select Networking in Settings.

  12. In the Networking page, select Attach network interface.

    Screenshot of myVM1 attach network interface.

  13. In Attach network interface, select Create and attach network interface.

  14. In Create network interface, enter or select the following information:

    Setting Value
    Project details
    Resource group Select load-balancer-rg.
    Network interface
    Name Enter myVM1NIC2
    Subnet Select backend-subnet (10.1.0.0/24).
    NIC network security group Select Advanced.
    Configure network security group Select myNSG.
    Private IP address assignment Select Static.
    Private IP address Enter 10.1.0.6.
  15. Select Create.

  16. Start the virtual machine.

  17. Repeat steps 1 through 16 for myVM2, replacing the following information:

    Setting myVM2
    Name myVM2NIC2
    Private IP address 10.1.0.7

Configure virtual machines

You connect to myVM1 and myVM2 with Azure Bastion and configure the secondary network configuration in this section. You add a route for the gateway for the secondary network configuration. Then you install IIS on each virtual machine and customize the websites to display the hostname of the virtual machine.

  1. In the search box at the top of the portal, enter Virtual machine. Select Virtual machines in the search results.

  2. Select myVM1.

  3. Start myVM1.

  4. In Overview, select Connect then Bastion.

  5. Enter the username and password you entered when you created the virtual machine.

  6. Select Allow for Bastion to use the clipboard.

  7. On the server desktop, navigate to Start > Windows Administrative Tools > Windows PowerShell > Windows PowerShell.

  8. In the PowerShell window, execute the route print command, which returns output similar to the following output for a virtual machine with two attached network interfaces:

    ===========================================================================
    Interface List
      4...60 45 bd 9c c7 00 ......Microsoft Hyper-V Network Adapter
     11...60 45 bd 8d 44 fa ......Microsoft Hyper-V Network Adapter #3
      1...........................Software Loopback Interface 1
    ===========================================================================
    
    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0         10.1.0.1         10.1.0.4     10
             10.1.0.0    255.255.255.0         On-link          10.1.0.4    266
             10.1.0.0    255.255.255.0         On-link          10.1.0.6    266
             10.1.0.4  255.255.255.255         On-link          10.1.0.4    266
             10.1.0.6  255.255.255.255         On-link          10.1.0.6    266
           10.1.0.255  255.255.255.255         On-link          10.1.0.4    266
           10.1.0.255  255.255.255.255         On-link          10.1.0.6    266
            127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
            127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
      127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
        168.63.129.16  255.255.255.255         10.1.0.1         10.1.0.4     11
      169.254.169.254  255.255.255.255         10.1.0.1         10.1.0.4     11
            224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
            224.0.0.0        240.0.0.0         On-link          10.1.0.4    266
            224.0.0.0        240.0.0.0         On-link          10.1.0.6    266
      255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      255.255.255.255  255.255.255.255         On-link          10.1.0.4    266
      255.255.255.255  255.255.255.255         On-link          10.1.0.6    266
    ===========================================================================
    Persistent Routes:
      None
    
    IPv6 Route Table
    ===========================================================================
    Active Routes:
     If Metric Network Destination      Gateway
      1    331 ::1/128                  On-link
      4    266 fe80::/64                On-link
     11    266 fe80::/64                On-link
     11    266 fe80::382:8783:5d2:f71e/128       
                                        On-link
      4    266 fe80::1575:ced8:3e94:f23a/128
                                        On-link
      1    331 ff00::/8                 On-link
      4    266 ff00::/8                 On-link
     11    266 ff00::/8                 On-link
    ===========================================================================
    Persistent Routes:
      None
    

    In this example, Microsoft Hyper-V Network Adapter #3 (interface 13) is the secondary network interface that doesn't have a default gateway assigned to it.

  9. In the PowerShell window, execute the ipconfig /all command to see which IP address is assigned to the secondary network interface. In this example, 10.1.0.6 is assigned to interface 13. No default gateway address is returned for the secondary network interface.

    
       Connection-specific DNS Suffix  . : pbu0t5vjr3sevaritkncspakhd.ax.internal.chinacloudapp.cn
       Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter #3
       Physical Address. . . . . . . . . : 60-45-BD-A1-75-FB
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::dfb3:b93e:3516:c5b6%12(Preferred)
       IPv4 Address. . . . . . . . . . . : 10.1.0.6(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Lease Obtained. . . . . . . . . . : Monday, December 12, 2022 7:42:31 PM
       Lease Expires . . . . . . . . . . : Friday, January 19, 2159 2:17:19 AM
       Default Gateway . . . . . . . . . :
       DHCP Server . . . . . . . . . . . : 168.63.129.16
       DHCPv6 IAID . . . . . . . . . . . : 207635901
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2B-28-C9-C0-60-45-BD-9B-ED-AE
       DNS Servers . . . . . . . . . . . : 168.63.129.16
       NetBIOS over Tcpip. . . . . . . . : Enabled
    
  10. To route all traffic for addresses outside the subnet to the gateway, execute the following command:

    route -p add 0.0.0.0 MASK 0.0.0.0 10.1.0.1 METRIC 5015 IF 13
    

    In this example, 10.1.0.1 is the default gateway for the virtual network you created previously.

  11. Execute the following commands or copy and paste the code into the PowerShell window to install and configure IIS and the test websites:

    ## Install IIS and the management tools. ##
    Install-WindowsFeature -Name Web-Server -IncludeManagementTools
    
    ## Set the binding for the Default website to 10.1.0.4:80. ##
    $para1 = @{
        Name = 'Default Web Site'
        BindingInformation = '10.1.0.4:80:'
        Protocol = 'http'
    }
    New-IISSiteBinding @para1
    
    ## Remove the default site binding. ##
    $para2 = @{
        Name = 'Default Web Site'
        BindingInformation = '*:80:'
    }
    Remove-IISSiteBinding @para2
    
    ## Remove the default htm file. ##
    Remove-Item c:\inetpub\wwwroot\iisstart.htm
    
    ## Add a new htm file that displays the Contoso website. ##
    $para3 = @{
        Path = 'c:\inetpub\wwwroot\iisstart.htm'
        Value = $("Hello World from www.contoso.com" + "-" + $env:computername)
    }
    Add-Content @para3
    
    ## Create folder to host website. ##
    $para4 = @{
        Path = 'c:\inetpub\'
        Name = 'fabrikam'
        Type = 'directory'
    }
    New-Item @para4
    
     ## Create a new website and site binding for the second IP address 10.1.0.6. ##
    $para5 = @{
        Name = 'Fabrikam'
        PhysicalPath = 'c:\inetpub\fabrikam'
        BindingInformation = '10.1.0.6:80:'
    }
    New-IISSite @para5
    
    ## Add a new htm file that displays the Fabrikam website. ##
    $para6 = @{
        Path = 'C:\inetpub\fabrikam\iisstart.htm'
        Value = $("Hello World from www.fabrikam.com" + "-" + $env:computername)
    
    }
    Add-Content @para6
    
  12. Close the Bastion connection to myVM1.

  13. Repeat steps 1 through 12 for myVM2. Use the following PowerShell code for myVM2 for the IIS install.

    ## Install IIS and the management tools. ##
    Install-WindowsFeature -Name Web-Server -IncludeManagementTools
    
    ## Set the binding for the Default website to 10.1.0.5:80. ##
    $para1 = @{
        Name = 'Default Web Site'
        BindingInformation = '10.1.0.5:80:'
        Protocol = 'http'
    }
    New-IISSiteBinding @para1
    
    ## Remove the default site binding. ##
    $para2 = @{
        Name = 'Default Web Site'
        BindingInformation = '*:80:'
    }
    Remove-IISSiteBinding @para2
    
    ## Remove the default htm file. ##
    Remove-Item C:\inetpub\wwwroot\iisstart.htm
    
    ## Add a new htm file that displays the Contoso website. ##
    $para3 = @{
        Path = 'c:\inetpub\wwwroot\iisstart.htm'
        Value = $("Hello World from www.contoso.com" + "-" + $env:computername)
    }
    Add-Content @para3
    
    ## Create folder to host website. ##
    $para4 = @{
        Path = 'c:\inetpub\'
        Name = 'fabrikam'
        Type = 'directory'
    }
    New-Item @para4
    
    ## Create a new website and site binding for the second IP address 10.1.0.7. ##
    $para5 = @{
        Name = 'Fabrikam'
        PhysicalPath = 'c:\inetpub\fabrikam'
        BindingInformation = '10.1.0.7:80:'
    }
    New-IISSite @para5
    
    ## Add a new htm file that displays the Fabrikam website. ##
    $para6 = @{
        Path = 'C:\inetpub\fabrikam\iisstart.htm'
        Value = $("Hello World from www.fabrikam.com" + "-" + $env:computername)
    }
    Add-Content @para6
    

Create load balancer

You create a zone redundant load balancer that load balances virtual machines in this section.

With zone-redundancy, one or more availability zones can fail and the data path survives as long as one zone in the region remains healthy.

During the creation of the load balancer, you configure:

  • Two frontend IP addresses, one for each website.
  • Backend pools
  • Inbound load-balancing rules
  1. In the search box at the top of the portal, enter Load balancer. Select Load balancers in the search results.

  2. In the Load balancer page, select Create.

  3. In the Basics tab of the Create load balancer page, enter, or select the following information:

    Setting Value
    Project details
    Subscription Select your subscription.
    Resource group Select load-balancer-rg.
    Instance details
    Name Enter myLoadBalancer
    Region Select China North 3.
    SKU Leave the default Standard.
    Type Select Public.
    Tier Leave the default Regional.
  4. Select Next: Frontend IP configuration.

  5. In Frontend IP configuration, select + Add a frontend IP configuration.

  6. Enter or select the following information in Add frontend IP configuration:

    Setting Value
    Name Enter Frontend-contoso.
    IP version Select IPv4.
    IP type Select IP address.
    Public IP address Select Create new.
    Enter myPublicIP-contoso for Name
    Select Zone-redundant in Availability zone.
    Select OK.

    Note

    For more information on IP prefixes, see Azure Public IP prefix.

    In regions with Availability Zones, you have the option to select no-zone (default option), a specific zone, or zone-redundant. The choice will depend on your specific domain failure requirements. In regions without Availability Zones, this field won't appear.
    For more information on availability zones, see Availability zones overview.

  7. Select Add.

  8. Select + Add a frontend IP configuration.

  9. Enter or select the following information in Add frontend IP configuration:

    Setting Value
    Name Enter Frontend-fabrikam.
    IP version Select IPv4.
    IP type Select IP address.
    Public IP address Select Create new.
    Enter myPublicIP-fabrikam for Name
    Select Zone-redundant in Availability zone.
    Select OK.
  10. Select Add.

  11. Select Next: Backend pools.

  12. In the Backend pools tab, select + Add a backend pool.

  13. Enter or select the following information in Add a backend pool:

    Setting Value
    Name Enter myBackendPool-contoso.
    Virtual network Select myVNet.
    Backend Pool Configuration Select NIC.
  14. In IP configurations, select + Add.

  15. Select myVM1 and myVM2 that correspond with ipconfig1 (10.1.0.4) and ipconfig1 (10.1.0.5).

  16. Select Add.

  17. Select Save.

  18. Select + Add a backend pool.

  19. Enter or select the following information in Add a backend pool:

    Setting Value
    Name Enter myBackendPool-fabrikam.
    Virtual network Select myVNet.
    Backend Pool Configuration Select NIC.
  20. In IP configurations, select + Add.

  21. Select myVM1 and myVM2 that correspond with ipconfig1 (10.1.0.6) and ipconfig1 (10.1.0.7).

  22. Select Add.

  23. Select Save.

  24. Select Next: Inbound rules.

  25. In Load balancing rule in the Inbound rules tab, select + Add a load balancing rule.

  26. In Add load balancing rule, enter or select the following information:

    Setting Value
    Name Enter myHTTPRule-contoso
    IP Version Select IPv4.
    Frontend IP address Select Frontend-contoso.
    Backend pool Select myBackendPool-contoso.
    Protocol Select TCP.
    Port Enter 80.
    Backend port Enter 80.
    Health probe Select Create new.
    In Name, enter myHealthProbe-contoso.
    Select TCP in Protocol.
    Leave the rest of the defaults, and select OK.
    Session persistence Select None.
    Idle timeout (minutes) Enter or select 15.
    TCP reset Select Enabled.
    Floating IP Select Disabled.
    Outbound source network address translation (SNAT) Leave the default of (Recommended) Use outbound rules to provide backend pool members access to the internet.
  27. Select Add.

  28. Select Add a load balancing rule.

  29. In Add load balancing rule, enter or select the following information:

    Setting Value
    Name Enter myHTTPRule-fabrikam
    IP Version Select IPv4.
    Frontend IP address Select Frontend-fabrikam.
    Backend pool Select myBackendPool-fabrikam.
    Protocol Select TCP.
    Port Enter 80.
    Backend port Enter 80.
    Health probe Select Create new.
    In Name, enter myHealthProbe-fabrikam.
    Select TCP in Protocol.
    Leave the rest of the defaults, and select OK.
    Session persistence Select None.
    Idle timeout (minutes) Enter or select 15.
    TCP reset Select Enabled.
    Floating IP Select Disabled.
    Outbound source network address translation (SNAT) Leave the default of (Recommended) Use outbound rules to provide backend pool members access to the internet.
  30. Select Add.

  31. Select the blue Review + create button at the bottom of the page.

  32. Select Create.

    Note

    In this example we created a NAT gateway to provide outbound Internet access. The outbound rules tab in the configuration is bypassed as it's optional isn't needed with the NAT gateway. For more information on Azure NAT gateway, see What is Azure Virtual Network NAT? For more information about outbound connections in Azure, see Source Network Address Translation (SNAT) for outbound connections

Test load balancer

In this section, you discover the public IP address for each website. You enter the IP into a browser to test the websites you created earlier.

  1. In the search box at the top of the portal, enter Public IP. Select Public IP addresses in the search results.

  2. Select myPublicIP-contoso.

  3. Copy the IP address in the overview page of myPublicIP-contoso.

    Screenshot of myPublicIP-fabrikam public IP address.

  4. Open a web browser and paste the public IP address into the address bar.

    Screenshot of contoso website in web browser.

  5. Return to Public IP addresses. Select myPublicIP-fabrikam.

  6. Copy the IP address in the overview page of myPublicIP-fabrikam.

    Screenshot of myPublicIP-contoso public IP address.

  7. Open a web browser and paste the public IP address into the address bar.

    Screenshot of fabrikam website in web browser.

  8. To test the load balancer, refresh the browser or shut down one of the virtual machines.

Clean up resources

If you're not going to continue to use this application, delete the virtual machines and load balancer with the following steps:

  1. In the search box at the top of the portal, enter Resource group. Select Resource groups in the search results.

  2. Select load-balancer-rg in Resource groups.

  3. Select Delete resource group.

  4. Enter load-balancer-rg in TYPE THE RESOURCE GROUP NAME:. Select Delete.