Azure Standard Internal Load Balancer backend machines partial internet access

0
votes

Whenever i'm adding a VM(Windows/Linux) to the backend pool of a Standard(not basic) Internal load balancer, the VM loses internet access(outbound) to all the internet sites(example: www.google.co.in) except Microsoft sites(bing.com).

Things i have tried: 1. Created Health probe and load balancing rules to verify the load balancing is happening - and yes the load balancing works but no internet access 2. DisableOutboundSNAT on the Rule - load balancing works but no internet access 3. Created NSG to allow all outbound traffic (which is enabled by default) - no luck

1
azureazure-load-balancer
Check the DNS server, if BING is working - then its mostly to do with DNS settingsharishr
@harishr There is no dns issue, as soon as i remove the VM from Load Balancer's backend pool, internet works. The problem occurs only when i add the VM to Load Balancer Backend pool and only if the Load Balancer SKU is standard(it works for Basic as mentioned in the question)Mangat
Yes, but what are the rules attached to LB, can you add them to the question, also rules attached to VM (thru NIC or Subnet)harishr
@harishr The LB has Load Balancing rule on port 80 and same on Health probe. I have attached the NSG details below. NSG is applied only on VM and not on a subnet. NSG img url : imgur.com/a/IHqFqW7Mangat
This seems to be a bug as few more people seems to be facing the same issue. please try to create above scenario with 1. ILB Std and 1 VM . social.msdn.microsoft.com/Forums/azure/en-US/…Mangat

1 Answers

3
votes

Finally this issue is resolved. This is by design as mentioned on here:

So for a conclusion, if we want to access internet from the VM behind a Standard ILB, we need to associate a Public IP to the VM. ( I tested it and it worked).

Also, this seems a very good design as VM is completely private(no outbound implicitly) when it is behind a Standard Load Balancer.

Thanks to Micah for resolving this on this post.