Practical considerations for using Azure internal load balancer and BIG-IP

Background I recently had a scenario that required me to do some testing and I thought it would be a good opportunity to share. A user told me that he wants to put BIG-IP in Azure, but he has a few...
0151T000003lDVGQA2.jpg
Updated Feb 12, 2024
Version 4.0
Azure
cloud
MichaelOLeary's avatar
MichaelOLeary
Icon for Employee rankEmployee
Jan 03, 2024

Hi raviraj 

No problem, don't apologize. I'll do my best to answer, but I think it would be better to speak in person. Shoot me a private message over the DevCentral website if you like and we can set up a Zoom call.

  • If VIPs are different than external Interfaces of F5 LB, it doesn't really matter what the frontend IP is on your Azure ILB.
  • If front-end IP of Azure ILB is 10.0.2.50 and ext interfaces of F5 LB are within this Subnet 10.0.2.0/24 and VIPs are different, I would do 2 things
    • a) I would set your Azure LB rule to have the "Floating IP" checkbox enabled. This is on the rule in Azure LB. This will forward the traffic without changing the destination IP at the Azure LB.
    • b) I would enable the checkbox called "IP forwarding" which is on the Network interface. Do this on both external interfaces of the F5 LB.
  • Usually for inbound traffic you have a different rule for each port. That is true. But with internal Load Balancers in Azure (not with public-facing load balancers), you can check the box called "Enable HA Ports" on the Load Balancing rule. This will mean the rule is for all ports.