Gateway Load Balancer now typically accessible in all areas | Azure Weblog and Updates

By
computingmagic.tech
-
0
1

04b1

04b1
04b1 04b1 04b1 04b1

04b1 Beforehand, we 04b1 introduced the general public preview 04b1 launch of Gateway Load Balancer 04b1 (GWLB) 04b1 , a brand new SKU 04b1 of 04b1 Azure Load Balancer 04b1 focused for clear NVA 04b1 (community digital equipment) insertion supported 04b1 by a rising checklist of 04b1 NVA suppliers. Right this moment, 04b1 putting NVAs within the path 04b1 of visitors is a rising 04b1 want for purchasers as their 04b1 workloads scale. Frequent use circumstances 04b1 of NVAs we’ve seen are:

04b1

    04b1

  • 04b1 Permitting or blocking particular IPs 04b1 utilizing digital firewalls.

    • 04b1

  • 04b1 Defending purposes from DDoS assaults.

    • 04b1

  • 04b1 Analyzing or visualizing visitors patterns.

    • 04b1

04b1

04b1 And GWLB now gives the 04b1 next advantages for NVA eventualities:

04b1

    04b1

  • 04b1 Supply IP preservation.

    • 04b1

  • 04b1 Circulate symmetry.

    • 04b1

  • 04b1 Light-weight NVA administration at scale.

    • 04b1

  • 04b1 Auto-scaling with Azure Digital Machines 04b1 Scale Units (VMSS).

    • 04b1

04b1

04b1 With GWLB, bump-in-the-wire service chaining 04b1 turns into straightforward so as 04b1 to add on to new 04b1 or current architectures in Azure. 04b1 This implies prospects can simply 04b1 “chain” a brand new GWLB 04b1 useful resource to each Normal 04b1 Public Load Balancers and particular 04b1 person digital machines with Normal 04b1 Public IPs, overlaying eventualities involving 04b1 each extremely accessible, zonally resilient 04b1 deployments and easier workloads.

04b1

Gateway Load Balancer datapath diagram. Traffic originating from the Internet will traverse the Gateway Load Balancer first before reaching the Standard Load Balancer or Virtual Machine.

04b1

04b1 Determine 1: 04b1 GWLB could be related 04b1 to a number of shopper 04b1 sources, together with each Normal 04b1 Public Load Balancers and Digital 04b1 Machines with Normal Public IPs. 04b1 When GWLB is chained to 04b1 the front-end configuration or VM 04b1 NIC IP configuration, unfiltered visitors 04b1 from the web will first 04b1 be directed to the GWLB 04b1 after which attain the configured 04b1 NVAs. The NVAs will then 04b1 examine the visitors and ship 04b1 the filtered visitors to the 04b1 ultimate vacation spot, the patron 04b1 software hosted on both the 04b1 load balancer or digital machine.

04b1

04b1 What’s new with Gateway Load 04b1 Balancer

04b1

04b1 GWLB borrows a majority of 04b1 the identical ideas because the 04b1 Normal Load Balancers that prospects 04b1 are conversant in at the 04b1 moment. You’ll have many of 04b1 the identical parts reminiscent of 04b1 frontend IPs, load balancing guidelines, 04b1 backend swimming pools, well being 04b1 probes, and metrics, however you’ll 04b1 additionally see a brand new 04b1 part distinctive to GWLB—VXLAN tunnel 04b1 interfaces.

04b1

04b1 VXLAN is an encapsulation protocol 04b1 utilized by GWLB. This permits 04b1 visitors packets to be encapsulated 04b1 and decapsulated with VXLAN headers 04b1 as they traverse the suitable 04b1 information path, all whereas sustaining 04b1 their unique supply IP and 04b1 circulate symmetry with out requiring 04b1 Supply Community Handle Translation (SNAT) 04b1 or different advanced configurations like 04b1 user-defined routes (UDRs).

04b1

04b1 The VXLAN tunnel interfaces are 04b1 configured as a part of 04b1 the GWLB’s back-end pool and 04b1 allow the NVAs to isolate 04b1 “untrusted” visitors from “trusted” visitors. 04b1 Tunnel interfaces can both be 04b1 inside or exterior and every 04b1 backend pool can have as 04b1 much as two tunnel interfaces. 04b1 Usually, the exterior interface is 04b1 used for “untrusted” visitors—visitors coming 04b1 from the web and headed 04b1 to the equipment. Correspondingly, the 04b1 interior interface is used for 04b1 “trusted” visitors—visitors going out of 04b1 your home equipment to your 04b1 software.

04b1

04b1 Contoso case examine

04b1

04b1 To higher perceive the use 04b1 case of GWLB, let’s dive 04b1 deeper into instance retail firm 04b1 Contoso’s use case.

04b1

04b1 Who’s Contoso?

04b1

04b1 Contoso is a retail firm 04b1 that makes use of Azure 04b1 Load Balancer at the moment 04b1 to make their internet servers 04b1 supporting their retail platform regionally 04b1 resilient. Previously few years, they’ve 04b1 skilled exponential progress and now 04b1 serve over 20 million guests 04b1 per thirty days. When confronted 04b1 with the necessity to scale 04b1 their retail platform, they selected 04b1 Azure Load Balancer due to 04b1 its excessive efficiency coupled with 04b1 ultra-low latency. Because of their 04b1 success, they’ve begun to undertake 04b1 stricter safety practices to guard 04b1 buyer transactions and cut back 04b1 the danger of dangerous visitors 04b1 reaching their platforms.

04b1

04b1 What does Contoso’s structure appear 04b1 like at the moment?

04b1

04b1 Considered one of their load 04b1 balancers supporting the 04b1 eastus 04b1 area is named contoso-eastus 04b1 and has a front-end IP 04b1 configuration with the general public 04b1 IP 101.22.462. Right this moment, 04b1 visitors headed to 101.22.462 on 04b1 port 80 is distributed to 04b1 the backend situations on port 04b1 80 as nicely.

04b1

04b1 What’s the issue?

04b1

04b1 The safety group just lately 04b1 recognized some doubtlessly malicious IP 04b1 addresses which were making an 04b1 attempt to entry their retail 04b1 platform. Because of this, they’re 04b1 trying to place a network-layer 04b1 digital firewall to guard their 04b1 purposes from IP addresses with 04b1 poor reputations.

04b1

04b1 What’s the plan?

04b1

04b1 Contoso has determined to go 04b1 along with a third-party NVA 04b1 vendor whose home equipment the 04b1 group has utilized in different 04b1 contexts reminiscent of smaller scale 04b1 purposes or different internal-facing instruments. 04b1 The safety group desires to 04b1 maintain the creation of extra 04b1 sources to a minimal to 04b1 simplify their NVA administration structure, 04b1 in order that they determine 04b1 map one GWLB with an 04b1 auto-scaling backend pool of NVAs 04b1 utilizing Azure VMSS to every 04b1 group of load balancers deployed 04b1 in the identical area.

04b1

04b1 Deploying Gateway Load Balancer

04b1

04b1 The cloud infrastructure group at 04b1 Contoso creates a GWLB with 04b1 their NVAs deployed utilizing Azure 04b1 VMSS. Then, they chain this 04b1 GWLB to their 5 Normal 04b1 Public LBs for the eastus 04b1 area. After verifying that their 04b1 Information Path Availability and Well 04b1 being Probe Standing metrics are 04b1 100% on each their GWLB 04b1 and on every chained Normal 04b1 Public LB, they run a 04b1 fast packet seize to make 04b1 sure all the pieces is 04b1 working as anticipated.

04b1

04b1 What occurs now?

04b1

04b1 Now, visitors packets whose vacation 04b1 spot are any of the 04b1 frontend IPs of the Normal 04b1 Public LBs for eastus can 04b1 be encapsulated utilizing VXLAN and 04b1 despatched to the GWLB first. 04b1 At this level, the firewall 04b1 NVAs will decapsulate the visitors, 04b1 examine the supply IP, and 04b1 decide whether or not this 04b1 visitors is secure to proceed 04b1 on in direction of the 04b1 top software. The NVA will 04b1 then re-encapsulate visitors packets that 04b1 meet the firewall’s standards and 04b1 ship it again to the 04b1 Normal LB. When the visitors 04b1 reaches the Normal LB, the 04b1 packets can be decapsulated, that 04b1 means that the visitors will 04b1 seem as if it got 04b1 here immediately from the web, 04b1 with its unique supply IP 04b1 intact. That is what we 04b1 imply by clear NVA insertion, 04b1 as Contoso’s retail platform purposes 04b1 will behave precisely as they 04b1 did earlier than, with out 04b1 ever realizing that the packet 04b1 was inspected or filtered by 04b1 a firewall equipment previous to 04b1 reaching the appliance server.

04b1

04b1 Gateway Load Balancer companions

04b1

04b1 Gateway Load Balancer helps a 04b1 wide range of NVA suppliers, 04b1 you possibly can study extra 04b1 about every of our companions 04b1 on our 04b1 companions web page 04b1 .

04b1

04b1 Digital firewalls

04b1

    04b1

  • 04b1 Verify Level

    • 04b1

  • 04b1 Cisco

    • 04b1

  • 04b1 F5

    • 04b1

  • 04b1 Fortinet

    • 04b1

  • 04b1 Palo Alto Networks

    • 04b1

04b1

04b1 Visitors observability

04b1

    04b1

  • 04b1 cPacket Networks

    • 04b1

  • 04b1 Glasnostic

    • 04b1

04b1

04b1 Community safety

04b1

    04b1

  • 04b1 Citrix

    • 04b1

  • 04b1 Pattern Micro

    • 04b1

  • 04b1 Valtix

    • 04b1

04b1

04b1 DDoS safety

04b1

04b1 Study extra

04b1

04b1 Check out Gateway Load Balancer 04b1 at the moment with the 04b1 assistance of our 04b1 quickstart tutorials 04b1 , or learn extra about 04b1 Gateway Load Balancer on our 04b1 04b1 public documentation 04b1 .

04b1

04b1 04b1 04b1 04b1

04b1

LEAVE A REPLY

Please enter your comment!
Please enter your name here