locked
Internal load balancer and loopback access from VM RRS feed

  • Question

  • I understand I can not access LB IP from VM behind it. My question is what would be the solution to my problem.

    I need internal LB which will load balance traffic on TCP port 25 accross 2 VMs (SMTP relay servers). This was fine for everything on internal network except for machines themselves which need to relay SMTP as well via that VIP.

    What can be done to rearchitecuture environment so I can have my entire Azure infrastructure to be able to relay through that VIP?

    Thanks,

    G

    Thursday, July 16, 2015 9:24 PM

Answers

  • Hello,

    Greetings!

    With regards to your query ,all Internal client ( be it clients in the same Vnet or On premises) will be able to reach the SMTP relay servers behind the LB through the VIP ( Vnet VIP) , Servers themselves participating in the LB set will not be able to reach each other through the ILB.

    Hope this will clarifies!

    Best Regards
    Kamalakar
    ________________________________________________________________________________________________________________
    If a post answers your question, please click Mark As Answer on that post and Vote as Helpful.

    Saturday, July 25, 2015 7:12 AM

All replies

  • Hello artisticcheese,


    Greetings!

    We are researching on the query and would get back to you soon on this.I apologize for the inconvenience and appreciate your time and patience in this matter.

    Best Regards,
    Prasandhi Kumar

    Friday, July 17, 2015 5:23 PM
  • Hello,

    Greetings,

    Thank you for posting your query here. With regards to your query I understand that you are trying to configure SMTP relay on Azure.

    Sending email directly from a cloud like Windows Azure presents further challenges, because you don’t have a dedicated IP address, and it’s quite likely that spammers will use Windows Azure (if they haven’t already) to send truckloads of spam. Once that happens, spam blacklists will quickly flag the IP range of Windows Azure data centers as sources of spam. That means your legitimate email will stop getting through.

    The best solution to these challenges is to not send email dircetly from Windows Azure. Instead, relay all email through a third-party SMTP service (like SendGrid ) with strict anti-spam rules and perhaps dedicated IP addresses.

    You might want to refer the blog Sending emails from Azure .

    Hope this will helps!

    Best Regards
    Prasandhi Kumar
    ________________________________________________________________________________________________________________
    If a post answers your question, please click Mark As Answer on that post and Vote as Helpful.

    Saturday, July 18, 2015 12:59 PM
  • This is completely not what I asked. This is applicable to any protocol not only SMTP. I'm asking how to have internal load balancer to accept traffic from any internal client (including loopback clients). It can be HTTP as well, not specifically SMTP. Right now when you are creating internal load balancer, it's impossible to access that VIP from loopback address (machines where this LB points to)
    Saturday, July 18, 2015 1:09 PM
  • Hi,

    Internal load balancer will not get any traffic originating to the loop back interface of the VMs themselves as the OS And the TCP/IP stack would process the packet locally on the VM itself.
    Be it a Client or a VM behind LB, any traffic originating and destined to a loop back interface will end up in the same node.
    Traffic originating from a unicast host with a Valid internal ipaddress will be able to talk to one of the VMs Via the configured endpoint and get the replies .

    If the VM needs to start up a session outside to any VMs, it would use its DIP and make a unicast communication to the Other VMs, DIP being in the same network or any other machines inside the internal network.
    For anything beyond the VNET (internet) the gateway is used to route the packets out to the destination.

    Would you be able to let us know Why you would need the Vip to contact the loop back interface?

    Regards,
    Malar.

    Tuesday, July 21, 2015 3:41 AM
  • I need this VIP for internal SMTP relay for my Azure installation. Right now it's handled by 2 VMs with SMTP relay hosts installed on them. I need those hosts to be able to relay through SMTP as well. So it's impossible to do with internal load balancer you are saying.

    Greg

    P.S. Please don't go into benefits/risks and other stuff about using Azure to relay SMTP email, it has nothing to do with an issue.

    Tuesday, July 21, 2015 2:44 PM
  • Hi,

    Loop Back interface does not have the ability to send traffic outside the network but the Vms themselves have an internal ipaddress which can be used to exchange SMTP messages between them . Sending the traffic from vm to LB and back to the other Vm through the ILB isnt possible as well .

    Best Regards
    Prasandhi Kumar
    ________________________________________________________________________________________________________________
    If a post answers your question, please click Mark As Answer on that post and Vote as Helpful

    Thursday, July 23, 2015 4:19 PM
  • Hi,

    Loop Back interface does not have the ability to send traffic outside the network but the Vms themselves have an internal ipaddress which can be used to exchange SMTP messages between them . Sending the traffic from vm to LB and back to the other Vm through the ILB isnt possible as well .

    Best Regards
    Prasandhi Kumar
    ________________________________________________________________________________________________________________
    If a post answers your question, please click Mark As Answer on that post and Vote as Helpful

    So what would be the proper solution for internal SMTP relay VIP which every VM in my Azure installation can use? Internal VIP is perfect from all points of view except for ability to be utilized by hosts behind that VIP.

    Do I need to create external VIP instead?

    Thursday, July 23, 2015 4:21 PM
  • Hi,

    The VMs will route traffic to the destination SMTP servers more efficiently

    1. If the SMTP server is part of the on-premises network then the unicast traffic from each smtp relay server is routed through the site to site tunnel to the destination server

    2. If the SMTP server is outside (internet), then the traffic is routed through the Gateway assigned to the VNET and get the responses back

    If each server would be sending the traffic individually using their Dedicated IP Address  there should not be any routing issues to get to the resources.

    If refer the following link, you'd find:
    http://azure.microsoft.com/blog/2014/05/20/internal-load-balancing/

    Frequently asked questions:

    3. I already have a load balanced endpoint in a deployment in a Regional Virtual Network, can I attach this endpoint to an ILB?

    No. ILB should be referenced when the endpoint is created, it is not possible to convert a regular endpoint to an ILB endpoint and vice versa. This will be supported in the near future.

    5. If I set up an ILB on my Virtual Machines, will “loopback” from those same machines work on the load-balanced VIP?

    No. You cannot access the ILB VIP from the same Virtual Machines that are being load-balanced

    Regards

    5. If I set up an ILB on my Virtual Machines, will “loopback” from those same machines work on the load-balanced VIP?

    No. You cannot access the ILB VIP from the same Virtual Machines that are being load-balanced

    Regards,
    Malar.

    Friday, July 24, 2015 2:56 AM
  • Cmon guys. I already told you what I want to do. I want internal loadbalancer in Azure which will will allow connections from all internal hosts. I don't need a lecture of what SMTP is, how to properly use SMTP or anything else. 

    If Azure can not do it then please accept this and tell me "Azure can not do that". I don't need a bunch of workarounds I already know about.

    Friday, July 24, 2015 11:58 AM
  • Hello,

    Greetings!

    With regards to your query ,all Internal client ( be it clients in the same Vnet or On premises) will be able to reach the SMTP relay servers behind the LB through the VIP ( Vnet VIP) , Servers themselves participating in the LB set will not be able to reach each other through the ILB.

    Hope this will clarifies!

    Best Regards
    Kamalakar
    ________________________________________________________________________________________________________________
    If a post answers your question, please click Mark As Answer on that post and Vote as Helpful.

    Saturday, July 25, 2015 7:12 AM
  • Hello,

    Greetings!

    With regards to your query ,all Internal client ( be it clients in the same Vnet or On premises) will be able to reach the SMTP relay servers behind the LB through the VIP ( Vnet VIP) , Servers themselves participating in the LB set will not be able to reach each other through the ILB.

    Hope this will clarifies!

    Best Regards
    Kamalakar
    ________________________________________________________________________________________________________________
    If a post answers your question, please click Mark As Answer on that post and Vote as Helpful.

    So, this essentially means that Azure can NOT provide internal load balancers reachable by ALL VMs in Azure
    Saturday, July 25, 2015 11:42 AM
  • modify hostfile on each SMTP VM, pointing to the machine itself, e.g. smtp.mydomain.com targeting 127.0.0.1, you might need to deal with loopback as well.
    Tuesday, October 20, 2015 7:37 PM