The following forum(s) have migrated to Microsoft Q&A (Preview): Azure Virtual Machines!
Visit Microsoft Q&A (Preview) to post new questions.

Learn More

 locked
Unable to access to Internet with a standard Load Balancer RRS feed

  • Question

  • Hi,

    I encounter a problem with the new Standards Load Balancer.

    With 2 VM behind a Standard Load Balancer and without public IP Address affected on VM NIC, I can't access to Internet.

    I've verified DNS configuration, I use Azure DNS.

    Is anyone encounter the same problem ?

    Best Regards,

    MsAzureAlex


    Friday, April 13, 2018 3:57 PM

Answers

  • If you create a Standard Internal Load balancer, then your backend VM will loose Internet connectivity. It is by-design to enhance security. 

    If you need your VMs to reach Internet, you can achieve this in two ways. 

    1. Create a Public IP and associate that to your VM's NIC. 
    2. Create a Standard Public Load balancer and add these 2 VMs to the backend pool. Then add outbound rule to give internet access. Here is the documentation: https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-outbound-rules-overview

    -----------------------------------------------------------------------------------------------------------

    If you found this post helpful, please give it a "Helpful" vote. 

    Please remember to mark the replies as answers if they help.

    Wednesday, February 6, 2019 3:46 AM

All replies

  • So you are able to connect to the VM but once inside you are unable to connect to the internet? 
    Friday, April 13, 2018 10:24 PM
  • Facing a similar issue, as soon as i add a VM in backend pool of a Standard Load Balancer, internet stops working. Though some of the Microsoft sites works, for example: bing.com and also i tried to access Azure backend Services(Storage Endpoints) and it works. 
    Tuesday, April 24, 2018 1:23 PM
  • I found this on the Azure Standard Load balancer documentation

    Outbound connections

    Multiple frontends with per rule opt-out. An outbound scenario must be explicitly created for the virtual machine to be able to use outbound connectivity. VNet Service Endpoints can be reached without outbound connectivity and do not count towards data processed. Any public IP addresses, including Azure PaaS services not available as VNet Service Endpoints, must be reached via outbound connectivity and count towards data processed. When only an internal Load Balancer is serving a virtual machine, outbound connections via default SNAT are not available. Outbound SNAT programming is transport protocol specific based on protocol of the inbound load balancing rule.

    So it appears this is by design. I am playing around with rules now to see if I can find a work around. 

    Tuesday, April 24, 2018 9:54 PM
  • Figured it out. Apparently you need to setup a Load balancing Rule before the LB knows what to do. I just setup the standard rule then all internet connectivity worked as planned. 

    It took quite a bit of reading and testing but this appears to be the source of the issue. 

    References I used here Outbound Connections in Azure

    Tuesday, April 24, 2018 10:30 PM
  • The LB Rule above seems to be from a Basic Load Balancer. The issue is with Standard Load Balancer even if we create LB rule !
    Wednesday, April 25, 2018 7:31 AM
  • The LB Rule above seems to be from a Basic Load Balancer. The issue is with Standard Load Balancer even if we create LB rule !

    So true as this is missing the "HA ports".

    I have the same issue and already tried this on first tests. Tested it again and with a Standard LB and I can confirm simply doing this doesn't work

    I created a post entry here post link


    • Edited by solasoft Wednesday, April 25, 2018 9:53 AM
    Wednesday, April 25, 2018 9:38 AM
  • Hi,

    I have the same issue since I added the Standard LoadBalance.

    Any update?

    Monday, December 24, 2018 12:12 AM
  • You need to add a "Standard" public IP address to each VM behind a standard load balancer. This will provide your VMs with internet access. There may be other ways to achieve this but assigning the IP was the most straight forward.
    Tuesday, February 5, 2019 11:22 PM
  • If you create a Standard Internal Load balancer, then your backend VM will loose Internet connectivity. It is by-design to enhance security. 

    If you need your VMs to reach Internet, you can achieve this in two ways. 

    1. Create a Public IP and associate that to your VM's NIC. 
    2. Create a Standard Public Load balancer and add these 2 VMs to the backend pool. Then add outbound rule to give internet access. Here is the documentation: https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-outbound-rules-overview

    -----------------------------------------------------------------------------------------------------------

    If you found this post helpful, please give it a "Helpful" vote. 

    Please remember to mark the replies as answers if they help.

    Wednesday, February 6, 2019 3:46 AM
  • Hi, 

    Just checking in if you have had a chance to see the previous response. If this answers your query, do click “Mark as Answer” and Up-Vote for the same.

    Regards, 

    Msrini

    Saturday, February 23, 2019 5:58 AM
  • Hi, 

    Any update on this issue? If the proposed answer helped please remember to mark it as the answer so others who encounter a similar issue can easily find the solution. 

    Regards, 

    Msrini

    Monday, March 18, 2019 9:32 AM
  • Please mark "proposed answer" as answer, below response is from MS support after logging the ticket

    1. Assign a Standard SKU public IP address as an Instance-Level Public IP address to the virtual machine resource or
    2. Place the virtual machine resource in the backend pool of a public Standard Load Balancer.

    Both will allow outbound connectivity from the virtual network to outside of the virtual network.



    Ragav

    Thursday, June 27, 2019 12:41 PM
  • Hi,

    If the standard LB is internal it seems it's just impossible!!! VM could not have internet access unless you add a public IP at VM or LB level...

    Not very friendly

    Tuesday, December 3, 2019 2:20 PM