Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, April 13, 2018 3:57 PM | 1 vote
Hi,
I encounter a problem with the new Standards Load Balancer.
With 2 VM behind a Standard Load Balancer and without public IP Address affected on VM NIC, I can't access to Internet.
I've verified DNS configuration, I use Azure DNS.
Is anyone encounter the same problem ?
Best Regards,
MsAzureAlex
All replies (13)
Wednesday, February 6, 2019 3:46 AM ✅Answered | 1 vote
If you create a Standard Internal Load balancer, then your backend VM will loose Internet connectivity. It is by-design to enhance security.
If you need your VMs to reach Internet, you can achieve this in two ways.
- Create a Public IP and associate that to your VM's NIC.
- Create a Standard Public Load balancer and add these 2 VMs to the backend pool. Then add outbound rule to give internet access. Here is the documentation: https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-outbound-rules-overview
If you found this post helpful, please give it a "Helpful" vote.
Please remember to mark the replies as answers if they help.
Friday, April 13, 2018 10:24 PM
So you are able to connect to the VM but once inside you are unable to connect to the internet?
Tuesday, April 24, 2018 1:23 PM
Facing a similar issue, as soon as i add a VM in backend pool of a Standard Load Balancer, internet stops working. Though some of the Microsoft sites works, for example: bing.com and also i tried to access Azure backend Services(Storage Endpoints) and it works.
Tuesday, April 24, 2018 9:54 PM
I found this on the Azure Standard Load balancer documentation:
Outbound connections
Multiple frontends with per rule opt-out. An outbound scenario must be explicitly created for the virtual machine to be able to use outbound connectivity. VNet Service Endpoints can be reached without outbound connectivity and do not count towards data processed. Any public IP addresses, including Azure PaaS services not available as VNet Service Endpoints, must be reached via outbound connectivity and count towards data processed. When only an internal Load Balancer is serving a virtual machine, outbound connections via default SNAT are not available. Outbound SNAT programming is transport protocol specific based on protocol of the inbound load balancing rule.
So it appears this is by design. I am playing around with rules now to see if I can find a work around.
Tuesday, April 24, 2018 10:30 PM
Figured it out. Apparently you need to setup a Load balancing Rule before the LB knows what to do. I just setup the standard rule then all internet connectivity worked as planned.
It took quite a bit of reading and testing but this appears to be the source of the issue.
References I used here Outbound Connections in Azure
Wednesday, April 25, 2018 7:31 AM
The LB Rule above seems to be from a Basic Load Balancer. The issue is with Standard Load Balancer even if we create LB rule !
Wednesday, April 25, 2018 9:38 AM
The LB Rule above seems to be from a Basic Load Balancer. The issue is with Standard Load Balancer even if we create LB rule !
So true as this is missing the "HA ports".
I have the same issue and already tried this on first tests. Tested it again and with a Standard LB and I can confirm simply doing this doesn't work
I created a post entry here post link
Monday, December 24, 2018 12:12 AM
Hi,
I have the same issue since I added the Standard LoadBalance.
Any update?
Tuesday, February 5, 2019 11:22 PM
You need to add a "Standard" public IP address to each VM behind a standard load balancer. This will provide your VMs with internet access. There may be other ways to achieve this but assigning the IP was the most straight forward.
Saturday, February 23, 2019 5:58 AM
Hi,
Just checking in if you have had a chance to see the previous response. If this answers your query, do click “Mark as Answer” and Up-Vote for the same.
Regards,
Msrini
Monday, March 18, 2019 9:32 AM
Hi,
Any update on this issue? If the proposed answer helped please remember to mark it as the answer so others who encounter a similar issue can easily find the solution.
Regards,
Msrini
Thursday, June 27, 2019 12:41 PM
Please mark "proposed answer" as answer, below response is from MS support after logging the ticket
- Assign a Standard SKU public IP address as an Instance-Level Public IP address to the virtual machine resource or
- Place the virtual machine resource in the backend pool of a public Standard Load Balancer.
Both will allow outbound connectivity from the virtual network to outside of the virtual network.
Ragav
Tuesday, December 3, 2019 2:20 PM
Hi,
If the standard LB is internal it seems it's just impossible!!! VM could not have internet access unless you add a public IP at VM or LB level...
Not very friendly