How can we improve Azure Networking?

Standard Load Balancer should support using an "internal" IP address for probing the ports.

The Standard Load Balancer and HA ports are are recommended for load balancing firewall appliances. However, the Load Balancer probe uses a common IP address for internal and external load balancers. This means that only the internal or external ports can be load balanced, which means that a messy Zookeeper alternative must be built to monitor the firewall availability.

43 votes
Vote
Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
You have left! (?) (thinking…)
nick shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

3 comments

Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
Submitting...
  • James Bland commented  ·   ·  Flag as inappropriate

    Also came across this problem. It would be good for instance if the Internal Load Balancer's probes came from it's Internal IP address, not 168.63.129.16

  • Jeremy Wilton commented  ·   ·  Flag as inappropriate

    Agreed, the load balancers use the same public IP to probe ( 168.63.129.16 ) as it does for various Azure services. The problem this presents is that when using a firewall appliance with load balancers for HA you have to implement some workaround to make sure the probe response doesn't go out your default route and instead out the way it came in.

    For Palo Alto it required us to use multiple virtual routers ( since policy based forwarding doesn't work on the firewall's IPs ) when really this can be avoided by allowing the user to configure a private IP for the probes.

Feedback and Knowledge Base