Vm scale set does not work with internal standard sku Azure load balancer backend pool

0
votes

I want to load-balance my VM scale set in a VNet. My requirements are that:

  • I do not want public IP accessibility and
  • I do need https health probes.

While both Azure load balancers (in either basic or standard sku) seem to be capable of balancing also internal traffic, only the standard sku offers https health probes.

When trying to add the VM scale set to the backend pool, I cannot select it, it's not found by the wizard. Both scale set and internal standard sku load balancer are within the same region, VNet, and resource group.

It appears I'm having the same issue as someone here, only with a scale set instead of an availability set.

There is a tooltip stating

Only VMs in region with standard SKU public or no public IP can be attached to this loadbalancer. A backend pool can only contain resources from one virtual network. Create a new backend pool to add resources from a different virtual network.

So I am confused, my internal load balancer is using only private addresses, so the criterion of "with standard SKU public or no public IP" should be met. Also I note, that the tooltip does only explicitly state VMs, not VM scale set. However, I refuse to believe that the standard sku of LB should lacking features compared to the basic sku (I do have it working with a scale set and internal basic LB, albeit without https health probes).

Am I missing something here? I do realise that there's still the "Azure Application Gateway", however I think it's overly complex to set-up and overkill for my scenario. I only want internal load balancing of a scale set with https health probes. And I am starting to think that this is not possible.

Kind regards, baouss

enter image description here

1
azure-vm-scale-setazure-load-balancer
How do you create this scale set? If you create it via the Azure portal, you should see a Public standard LB associated with this scale set.Nancy Xiong
Hello, yes I created it via the portal but set load-balancing to none with the intent to set-it up afterwards. I did this because in the wizard the standard sku LB that is set-up by default is a public one, and I must not have public ip accessibility. I do connect via a VPN gateway to my VNet so the load balanced traffic is internal-only.baouss

1 Answers

1
votes

It seems a restriction that you could not select the scale set as the backend for a standard SKU load balancer on the Azure portal. The document states that

One key aspect is the scope of the virtual network for the resource. While Basic Load Balancer exists within the scope of an availability set, a Standard Load Balancer is fully integrated with the scope of a virtual network and all virtual network concepts apply.

So we only could select the eligible VMs in the virtual network as the backend pool for a Standard Load Balancer.

Wait for confirmation from Azure team: VM scale set does not work with internal standard SKU Azure load balancer backend pool

As you mentioned, currently, you could use Application Gateway with health probe Https. If not, you may create a VM scale set and choose a load balancing option--- load balancer. This will automatically associate a public standard SKU load balancer for your scale set.

enter image description here enter image description here