Microsoft recently added a new tier of load balancer to Azure, the Standard Load Balancer, in addition to the previous (now renamed) Basic Load Balancer. In this post, I will compare the two and explain why you might opt to deploy the Standard Load Balancer.
Layer-4 Load Balancing
Azure has offered load balancing functionality for as long as I have worked with Microsoft’s cloud platform (over 4 years). The Azure Load Balancer was free (and still is) and offered simple, Layer-4 (TCP or UDP), load balancing to application or web services on a virtual network.
If you need more than the Layer-4 functionality of the Azure Load Balancer, then you can deploy third-party solutions as network virtualization appliances (specialized Linux virtual machines) from the likes of Kemp, Citrix, and F5, and more.
Recent changes to Azure’s architectural possibilities and the ever-growing demands of customers means that the Azure Load Balancer, as it has been, is no longer enough for many customers, even those that were happy with Layer-4 load balancing. This is why:
- The Azure Load Balancer is now known as the Basic tier load balancer
- A new Standard tier load balancer is generally available and offers higher-scale and new features.
The Standard tier load balancer is a paid-for feature using a complex set of consumption-based charges and the Basic tier continues to be free.
Comparing the Load Balancers
The following will explain why you would use the Standard tier load balancer from Azure.
Backend Pool Size
The backend pool is the set of machines/services that are being load balanced for scale and high availability. The Basic tier is limited to 100 instances but the Standard tier can scale out to 1000 instances (matching a virtual machine scale set).
Endpoints are the machines/services that make up a backend pool. The Basic tier is quite restrictive. A load balancer is restricted to a single availability set, virtual machine scale set, or a single machine. The Standard tier can span any virtual machine in a single virtual network, including blends of scale sets, availability sets, and machines.
The architecture feature that will drive a lot of customers to the Standard tier is availability zones, where you can scale a service out across up to 3 zones (sets of data centers) in a single region for a 99.99 percent service level agreement (SLA). A Standard tier public IP address can scale out to the availability zones using the Standard tier load balancer. The Basic tier load balancer is restricted to non-availability zone deployments.
The Basic tier offers some diagnostics through Log Analytics (paid for per GB of monitoring data) but the Standard tier offers much more data through Azure Monitor. This appears to be the focus now for operational monitoring and alerting.
In the scenario of network virtualization appliances, the Basic tier normally provides a active/passive solution with virtual firewalls. HA Ports, a feature of the Standard tier, enables virtual firewalls to become active/active and this provides the ability to scale out for high traffic deployments.
Secure By Default
The Basic tier relies on network security groups (NSGs) or virtual appliances to secure virtual machines. The Standard tier is secure by default and requires a network security group to explicitly permit traffic through a public IP address.
The Standard tier supports having multiple frontend IP addresses for inbound and outbound traffic. However, the Basic tier only supports multiple frontends for inbound traffic.
This addresses something that annoys me with the load balancer, not to mention the web application gateway! Creating a new rule or making a configuration change is slow! With the Basic tier, it can take 60+ seconds for a configuration to save. Most operations will complete in under 30 seconds with the Standard tier.
The SLA of the Basic load balancer is implied in the virtual machine SLA. That depends on how you deploy virtual machines. The Standard tier has its own SLA, which is 99.99 percent (matching the highest virtual machine SLA).