5.1.4.1. Configure Internal and Public Load Balancers
š” First Principle: Selecting the load balancer type based on whether traffic is internet-facing or internal is a fundamental security and architectural decision that ensures traffic is distributed securely and efficiently according to its source.
Scenario: You need to distribute incoming web traffic from the internet to your public-facing web servers. Separately, you have a set of internal application servers that only need to receive traffic from other services within your Virtual Network.
What It Is: Azure Load Balancer is a Layer 4 (TCP/UDP) load balancer that distributes incoming network traffic across multiple healthy backend virtual machines (VMs) or services.
Types of Azure Load Balancer:
- Public Load Balancer:
- Purpose: Distributes internet-facing traffic.
- Frontend: Requires a public IP address.
- Internal Load Balancer:
- Purpose: Handles traffic within a virtual network.
- Frontend: Uses a private IP address.
Shared Components Both types use backend pools, health probes, and load balancing rules.
ā ļø Common Pitfall: Using a Public Load Balancer for internal-only traffic. This unnecessarily exposes an endpoint to the internet, creating a security risk.
Key Trade-Offs:
- Public vs. Internal: Public load balancers provide internet accessibility but increase the attack surface. Internal load balancers enhance security by keeping traffic private but cannot be accessed from the internet.
Reflection Question: How does configuring an Internal Load Balancer (for internal services) versus a Public Load Balancer (for internet-facing services) fundamentally impact network security, scalability, and high availability by aligning traffic distribution with the required accessibility?