Azure Standard Internal Load Balancer backend machines partial internet access

0
votes

Whenever i'm adding a VM(Windows/Linux) to the backend pool of a Standard(not basic) Internal load balancer, the VM loses internet access(outbound) to all the internet sites(example: www.google.co.in) except Microsoft sites(bing.com).

Things i have tried: 1. Created Health probe and load balancing rules to verify the load balancing is happening - and yes the load balancing works but no internet access 2. DisableOutboundSNAT on the Rule - load balancing works but no internet access 3. Created NSG to allow all outbound traffic (which is enabled by default) - no luck

1
azureazure-load-balancer
Check the DNS server, if BING is working - then its mostly to do with DNS settings - harishr
@harishr There is no dns issue, as soon as i remove the VM from Load Balancer's backend pool, internet works. The problem occurs only when i add the VM to Load Balancer Backend pool and only if the Load Balancer SKU is standard(it works for Basic as mentioned in the question) - Mangat
Yes, but what are the rules attached to LB, can you add them to the question, also rules attached to VM (thru NIC or Subnet) - harishr
@harishr The LB has Load Balancing rule on port 80 and same on Health probe. I have attached the NSG details below. NSG is applied only on VM and not on a subnet. NSG img url : imgur.com/a/IHqFqW7 - Mangat
This seems to be a bug as few more people seems to be facing the same issue. please try to create above scenario with 1. ILB Std and 1 VM . social.msdn.microsoft.com/Forums/azure/en-US/… - Mangat

1 Answers

3
votes

Finally this issue is resolved. This is by design as mentioned on here:

So for a conclusion, if we want to access internet from the VM behind a Standard ILB, we need to associate a Public IP to the VM. ( I tested it and it worked).

Also, this seems a very good design as VM is completely private(no outbound implicitly) when it is behind a Standard Load Balancer.

Thanks to Micah for resolving this on this post.