Add Outbound internet traffic routing capability for Azure Internal Load balancer
The Azure Internal load balancer - standard Tier have limitation on Outbound connectivity for Azure VM that does not have Public IP associated with them.
We have Azure Microsoft SQL Virtual Machine that should not have any Public IP associated with them for security reason . We had to use Azure ILB for MS SQL Always ON Configuration. We had to use some of the standard Tier features. We are having issues with Outbound connectivity for the configuration. It would be ideal if Microsoft can also add to Standard SKU the outbound connectivity feature available in Basic SKU
Agred, really unexpected and confusing! Even though you can quite easily work around this using a NAT Gateway or AzFW on the subnet, I really don't understand why outbound internet is not supported by default on Standard ILB.
Josh Jones commented
This is basic functionality(quite literally) that should be present in all iterations of the load balancer. I mean, whoda thunk that a load balanced application might need outbound internet access. Glaring oversight. Please fix this. And no, Natting a pub IP to another PUB ip isn't an ok workaround.
David Sanftenberg commented
It is absolutely mental that this is considered acceptable behaviour for a load balancer. Basic SKU LBs have a valuable feature that the Standard SKU ones don't: they don't break your VMs' internet access.
Yes, if we could add a public IP front-end (internal & public mixed on same LB instance) then we could define an outbound rule for egress traffic. Today you cannot mix internal/public front-ends on the same LB, so you have to define a second LB and double the per-hour cost just for egress traffic.
This behavior is completely unexpected and stumped us for days! Please resolve asap, it is obvious in enterprises that you would use Standard Internal Load balancers as you want it to be highly available across AZs to load balance for VMs that are across AZs. But you still want your VMs that don't have public ips to be able to talk to azure services and the public internet the same as they can if they aren't attached to the load balancer.