Deploy an IPv6 dual stack application using Basic Load Balancer - CLI
This article shows you how to deploy a dual stack (IPv4 + IPv6) application with Basic Load Balancer using Azure CLI that includes a dual stack virtual network with a dual stack subnet, a Basic Load Balancer with dual (IPv4 + IPv6) frontend configurations, VMs with NICs that have a dual IP configuration, dual network security group rules, and dual public IPs.
To deploy a dual stack (IPV4 + IPv6) application using Standard Load Balancer, see Deploy an IPv6 dual stack application with Standard Load Balancer using Azure CLI.
If you don't have an Azure subscription, create an Azure free account before you begin.
Prerequisites
Use the Bash environment in Azure Cloud Shell. For more information, see Quickstart for Bash in Azure Cloud Shell.
If you prefer to run CLI reference commands locally, install the Azure CLI. If you're running on Windows or macOS, consider running Azure CLI in a Docker container. For more information, see How to run the Azure CLI in a Docker container.
If you're using a local installation, sign in to the Azure CLI by using the az login command. To finish the authentication process, follow the steps displayed in your terminal. For other sign-in options, see Sign in with the Azure CLI.
When you're prompted, install the Azure CLI extension on first use. For more information about extensions, see Use extensions with the Azure CLI.
Run az version to find the version and dependent libraries that are installed. To upgrade to the latest version, run az upgrade.
- This article requires version 2.0.49 or later of the Azure CLI. If using Azure Cloud Shell, the latest version is already installed.
Create a resource group
Before you can create your dual-stack virtual network, you must create a resource group with az group create. The following example creates a resource group named DsResourceGroup01 in the eastus location:
az group create \
--name DsResourceGroup01 \
--location eastus
Create IPv4 and IPv6 public IP addresses for load balancer
To access your IPv4 and IPv6 endpoints on the Internet, you need IPv4 and IPv6 public IP addresses for the load balancer. Create a public IP address with az network public-ip create. The following example creates IPv4 and IPv6 public IP address named dsPublicIP_v4 and dsPublicIP_v6 in the DsResourceGroup01 resource group:
# Create an IPV4 IP address
az network public-ip create \
--name dsPublicIP_v4 \
--resource-group DsResourceGroup01 \
--location eastus \
--sku BASIC \
--allocation-method dynamic \
--version IPv4
# Create an IPV6 IP address
az network public-ip create \
--name dsPublicIP_v6 \
--resource-group DsResourceGroup01 \
--location eastus \
--sku BASIC \
--allocation-method dynamic \
--version IPv6
Create public IP addresses for VMs
To remotely access your VMs on the internet, you need IPv4 public IP addresses for the VMs. Create a public IP address with az network public-ip create.
az network public-ip create \
--name dsVM0_remote_access \
--resource-group DsResourceGroup01 \
--location eastus \
--sku BASIC \
--allocation-method dynamic \
--version IPv4
az network public-ip create \
--name dsVM1_remote_access \
--resource-group DsResourceGroup01 \
--location eastus \
--sku BASIC \
--allocation-method dynamic \
--version IPv4
Create Basic Load Balancer
In this section, you configure dual frontend IP (IPv4 and IPv6) and the backend address pool for the load balancer and then create a Basic Load Balancer.
Create load balancer
Create the Basic Load Balancer with az network lb create named dsLB that includes a frontend pool named dsLbFrontEnd_v4, a backend pool named dsLbBackEndPool_v4 that is associated with the IPv4 public IP address dsPublicIP_v4 that you created in the preceding step.
az network lb create \
--name dsLB \
--resource-group DsResourceGroup01 \
--sku Basic \
--location eastus \
--frontend-ip-name dsLbFrontEnd_v4 \
--public-ip-address dsPublicIP_v4 \
--backend-pool-name dsLbBackEndPool_v4
Create IPv6 frontend
Create an IPV6 frontend IP with az network lb frontend-ip create. The following example creates a frontend IP configuration named dsLbFrontEnd_v6 and attaches the dsPublicIP_v6 address:
az network lb frontend-ip create \
--lb-name dsLB \
--name dsLbFrontEnd_v6 \
--resource-group DsResourceGroup01 \
--public-ip-address dsPublicIP_v6
Configure IPv6 backend address pool
Create a IPv6 backend address pools with az network lb address-pool create. The following example creates backend address pool named dsLbBackEndPool_v6 to include VMs with IPv6 NIC configurations:
az network lb address-pool create \
--lb-name dsLB \
--name dsLbBackEndPool_v6 \
--resource-group DsResourceGroup01
Create a health probe
Create a health probe with az network lb probe create to monitor the health of the virtual machines.
az network lb probe create -g DsResourceGroup01 --lb-name dsLB -n dsProbe --protocol tcp --port 3389
Create a load balancer rule
A load balancer rule is used to define how traffic is distributed to the VMs. You define the frontend IP configuration for the incoming traffic and the backend IP pool to receive the traffic, along with the required source and destination port.
Create a load balancer rule with az network lb rule create. The following example creates load balancer rules named dsLBrule_v4 and dsLBrule_v6 and balances traffic on TCP port 80 to the IPv4 and IPv6 frontend IP configurations:
az network lb rule create \
--lb-name dsLB \
--name dsLBrule_v4 \
--resource-group DsResourceGroup01 \
--frontend-ip-name dsLbFrontEnd_v4 \
--protocol Tcp \
--frontend-port 80 \
--backend-port 80 \
--probe-name dsProbe \
--backend-pool-name dsLbBackEndPool_v4
az network lb rule create \
--lb-name dsLB \
--name dsLBrule_v6 \
--resource-group DsResourceGroup01 \
--frontend-ip-name dsLbFrontEnd_v6 \
--protocol Tcp \
--frontend-port 80 \
--backend-port 80 \
--probe-name dsProbe \
--backend-pool-name dsLbBackEndPool_v6
Create network resources
Before you deploy some VMs, you must create supporting network resources - availability set, network security group, virtual network, and virtual NICs.
Create an availability set
To improve the availability of your app, place your VMs in an availability set.
Create an availability set with az vm availability-set create. The following example creates an availability set named dsAVset:
az vm availability-set create \
--name dsAVset \
--resource-group DsResourceGroup01 \
--location eastus \
--platform-fault-domain-count 2 \
--platform-update-domain-count 2
Create network security group
Create a network security group for the rules that will govern inbound and outbound communication in your VNET.
Create a network security group
Create a network security group with az network nsg create
az network nsg create \
--name dsNSG1 \
--resource-group DsResourceGroup01 \
--location eastus
Create a network security group rule for inbound and outbound connections
Create a network security group rule to allow RDP connections through port 3389, internet connection through port 80, and for outbound connections with az network nsg rule create.
# Create inbound rule for port 3389
az network nsg rule create \
--name allowRdpIn \
--nsg-name dsNSG1 \
--resource-group DsResourceGroup01 \
--priority 100 \
--description "Allow Remote Desktop In" \
--access Allow \
--protocol "*" \
--direction Inbound \
--source-address-prefixes "*" \
--source-port-ranges "*" \
--destination-address-prefixes "*" \
--destination-port-ranges 3389
# Create inbound rule for port 80
az network nsg rule create \
--name allowHTTPIn \
--nsg-name dsNSG1 \
--resource-group DsResourceGroup01 \
--priority 200 \
--description "Allow HTTP In" \
--access Allow \
--protocol "*" \
--direction Inbound \
--source-address-prefixes "*" \
--source-port-ranges 80 \
--destination-address-prefixes "*" \
--destination-port-ranges 80
# Create outbound rule
az network nsg rule create \
--name allowAllOut \
--nsg-name dsNSG1 \
--resource-group DsResourceGroup01 \
--priority 300 \
--description "Allow All Out" \
--access Allow \
--protocol "*" \
--direction Outbound \
--source-address-prefixes "*" \
--source-port-ranges "*" \
--destination-address-prefixes "*" \
--destination-port-ranges "*"
Create a virtual network
Create a virtual network with az network vnet create. The following example creates a virtual network named dsVNET with subnets dsSubNET_v4 and dsSubNET_v6:
# Create the virtual network
az network vnet create \
--name dsVNET \
--resource-group DsResourceGroup01 \
--location eastus \
--address-prefixes "10.0.0.0/16" "fd00:db8:deca::/48"
# Create a single dual stack subnet
az network vnet subnet create \
--name dsSubNET \
--resource-group DsResourceGroup01 \
--vnet-name dsVNET \
--address-prefixes "10.0.0.0/24" "fd00:db8:deca:deed::/64" \
--network-security-group dsNSG1
Create NICs
Create virtual NICs for each VM with az network nic create. The following example creates a virtual NIC for each VM. Each NIC has two IP configurations (1 IPv4 config, 1 IPv6 config). You create the IPV6 configuration with az network nic ip-config create.
# Create NICs
az network nic create \
--name dsNIC0 \
--resource-group DsResourceGroup01 \
--network-security-group dsNSG1 \
--vnet-name dsVNET \
--subnet dsSubNet \
--private-ip-address-version IPv4 \
--lb-address-pools dsLbBackEndPool_v4 \
--lb-name dsLB \
--public-ip-address dsVM0_remote_access
az network nic create \
--name dsNIC1 \
--resource-group DsResourceGroup01 \
--network-security-group dsNSG1 \
--vnet-name dsVNET \
--subnet dsSubNet \
--private-ip-address-version IPv4 \
--lb-address-pools dsLbBackEndPool_v4 \
--lb-name dsLB \
--public-ip-address dsVM1_remote_access
# Create IPV6 configurations for each NIC
az network nic ip-config create \
--name dsIp6Config_NIC0 \
--nic-name dsNIC0 \
--resource-group DsResourceGroup01 \
--vnet-name dsVNET \
--subnet dsSubNet \
--private-ip-address-version IPv6 \
--lb-address-pools dsLbBackEndPool_v6 \
--lb-name dsLB
az network nic ip-config create \
--name dsIp6Config_NIC1 \
--nic-name dsNIC1 \
--resource-group DsResourceGroup01 \
--vnet-name dsVNET \
--subnet dsSubNet \
--private-ip-address-version IPv6 \
--lb-address-pools dsLbBackEndPool_v6 \
--lb-name dsLB
Create virtual machines
Create the VMs with az vm create. The following example creates two VMs and the required virtual network components if they do not already exist.
Create virtual machine dsVM0 as follows:
az vm create \
--name dsVM0 \
--resource-group DsResourceGroup01 \
--nics dsNIC0 \
--size Standard_A2 \
--availability-set dsAVset \
--image MicrosoftWindowsServer:WindowsServer:2019-Datacenter:latest
Create virtual machine dsVM1 as follows:
az vm create \
--name dsVM1 \
--resource-group DsResourceGroup01 \
--nics dsNIC1 \
--size Standard_A2 \
--availability-set dsAVset \
--image MicrosoftWindowsServer:WindowsServer:2019-Datacenter:latest
View IPv6 dual stack virtual network in Azure portal
You can view the IPv6 dual stack virtual network in Azure portal as follows:
- In the portal's search bar, enter dsVnet.
- When myVirtualNetwork appears in the search results, select it. This launches the Overview page of the dual stack virtual network named dsVnet. The dual stack virtual network shows the two NICs with both IPv4 and IPv6 configurations located in the dual stack subnet named dsSubnet.
Clean up resources
When no longer needed, you can use the az group delete command to remove the resource group, VM, and all related resources.
az group delete --name DsResourceGroup01
Next steps
In this article, you created a Basic Load Balancer with a dual frontend IP configuration (IPv4 and IPv6). You also created a two virtual machines that included NICs with dual IP configurations (IPV4 + IPv6) that were added to the backend pool of the load balancer. To learn more about IPv6 support in Azure virtual networks, see What is IPv6 for Azure Virtual Network?