125124, 752 PM “Tutoriat Create a gateway load balancer - Azure PowerShell - Azure Load Balancer | Micrasof Leam Tutorial: Create a gateway load balancer using Azure PowerShell Article + 06/27/2023 Azure Load Balancer consists of Standard, Basic, and Gateway SKUs. Gateway Load Balancer is used for transparent insertion of Network Virtual Appliances (NVA). Use Gateway Load Balancer for scenarios that require high performance and high scalability of NVAs. In this tutorial, you learn how to: VY Create virtual network V Create network security group. V Create a gateway load balancer. VY Chain a load balancer frontend to gateway load balancer. Prerequisites * An Azure account with an active subscription.Create an account for free * An existing public standard SKU Azure Load Balancer. For more information on creating a load balancer, see Create a public load balancer using Azure PowerShell © For the purposes of this tutorial, the existing load balancer in the examples is named myLoadBalancer. ‘* Azure PowerShell installed locally or Azure Cloud Shell If you choose to install and use PowerShell locally, this article requires the Azure PowerShell module version 5.4.1 or later. Run Get-Nodule -ListAvailable Az to find the installed version. If you need to upgrade, see Install Azure PowerShell module, If you're running PowerShell locally, you also need to run Connect-AzAccount to create a connection with Azure. Create a resource group ‘An Azure resource group is a logical container into which Azure resources are deployed and managed. Create a resource group with New-AzResourceGroup: ntips:leam microsot.comlon-uslazureload-balancerutora-gateway-powershell 19125124, 752 PM “Tutoriat Create a gateway oad balancer - Azure PowerShell - Azure Load Balancer | Micrasof Leam ‘Azure PowerShell New-AzResourceGroup -Name ‘TutorGwL8-rg’ -Location "eastus’ Create virtual network A virtual network is needed for the resources that are in the backend pool of the gateway load balancer, Use New-AzVirtualNetwork to create the virtual network. Use New- AzBastion to deploy a bastion host for secure management of resources in virtual network. @ Important Hourly pricing starts from the moment that Bastion is deployed, regardless of outbound data usage. For more information, see Pricing and SKUs If you're deploying Bastion as part of a tutorial or test, we recommend that you delete this resource after you finish using it. ‘Azure PowerShell t# Create backend subnet config i $subnet = @ Name = ‘myBackendSubnet’ AddressPrefix = '10.1.0.0/24" t $subnetConfig = New-AzVirtualNetworkSubnetConfig @subnet fH Create Azure Bastion subnet. ## $bastsubnet = @{ Name AddressPrefix = '10.1.1.0/24' "azureBastionSubnet’ } $bastsubnetConfig = New-AzVirtualNetworkSubnetConfig @bastsubnet ## Create the virtual network ## gnet = Name = ‘nyVNet ResourceGroupNane = ‘TutorGuLB-rg" Location = ‘eastus’ AddressPrefix = '16.1.0.0/16' Subnet = $subnetConfig, $bastsubnetConfig + ntips:leam microsot.comlon-uslazureload-balancerutora-gateway-powershell 291125124, 752 PM “Tutoriat Create a gateway lad balancer - Azure PowerShell - Azure Load Balancer | Microsoft Le $vnet = New-AzVirtualNetwork @net ### Create public IP address for bastion host. ## Sip = Of Name = ‘myBastionIP" ResourceGroupName = ‘TutorGwLB-rg’ Location = ‘eastus’ Sku = ‘Standard’ AllocationMethod = ‘static’ + $publicip = New-AzPublictpAddress @ip wh Create bastion host # $bastion = @{ ResourceGroupName = 'TutorGwLB-rg’ Name = ‘myBastion’ PublictpAddress = $publicip VirtualNetwork = $vnet + New-AzBastion @bastion -AsJob Create NSG Use the following example to create a network security group. You'll configure the NSG rules needed for network traffic in the virtual network created previously. Use New-AzNetworkSecurityRuleConfig to create rules for the NSG. Use New- AzNetworkSecurityGroup to create the NSG. ‘Azure PowerShell it Create rule for network security group and place in variable. $nsgrule1 = @{ Name = ‘myNSGRule-AllowAll" Description = ‘Allow all’ Protocol = '*" SourcePortRange = '** DestinationPortRange = '** SourceAddressPrefix = '0.0.0.¢/@" DestinationaddressPrefix = '0.0.0.0/0' Access = ‘Allow’ Priority = '100" Direction = ‘Inbound" + $rule1 = New-AzNetworkSecurityRuleConfig @nsgrulet ntips:leam microsot.comlon-uslazureload-balancerutora-gateway-powershell a 31125724, 752 PM “utoria Create a gateway load balancer - Azure PowerShel - Azure Load Balancer | Microsof Lear $nsgrule2 = @( Name = ‘nyNSGRuLe-AllowAl1-TcP-out' Description = ‘Allow all TCP Out’ Protocol = ‘TCP* SourcePortRange = DestinationPortRange = '** SourceAddressPrefix = '0.0.0.0/0° DestinationAddressPrefix = '0.0.0.0/0° Access = ‘Allow’ Priority = '120' Direction = ‘Outbound’ + $rule2 = New-AzNetworkSecurityRuleConfig @nsgrule2 tH Create network security group ## $nsg = @{ Name = ‘myNsG* ResourceGroupName = ‘TutorGwLB-rg’ Location = ‘eastus’ SecurityRules = $rulet,$rule2 + New-AzNetworkSecurityGroup @nsg Create Gateway Load Balancer In this section, you'll create the configuration and deploy the gateway load balancer. Use New-AzLoadBalancerFrontend|pConfig to create the frontend IP configuration of the load balancer. You'll use New-AzLoadBalancerTunnelinterface to create two tunnel interfaces for the load balancer. Create a backend pool with New-AzLoadBalancerBackendAddressPoolConfig for the NVAs. Ahealth probe is required to monitor the health of the backend instances in the load balancer. Use New-AzLoadBalancerProbeConfig to create the health probe. Traffic destined for the backend instances is routed with a load-balancing rule. Use New- AzLoadBalancerRuleConfig to create the load-balancing rule. To create the deploy the load balancer, use New-AzLoadBalancer. Azure PowerShell ntips:leam microsot.comlon-uslazureload-balancerutora-gateway-powershell 491125124, 752 PM “Ttoriat Create a gateway load balancer - Azure PowerShell - Azure Load Balancer | Microsoft Le it Place virtual network configuration in a variable for later use. #i $net = @ Name = 'myVNet* ResourceGroupName = ‘TutorGwLB-rg’ + $vnet = Get-AzVirtualNetwork @net i## Create load balancer frontend configuration and place in variable. ## $fe = @ Name = ‘myFrontend’ SubnetId = $vnet.subnets[@].id + $feip = New-AzLoadBalancerFrontendIpConfig @fe ### Create backend address pool configuration and place in variable. ## $intd = @ Type = ‘Internal’ Protocol = 'Vxlan* Identifier = "800° Port = '10800° y $tunnelInterfacel = New-AzLoadBalancerBackendAddressPoolTunnelinterfaceConfig @inta $int2 = @ Type = ‘External’ Protocol = 'Vxlan" Identifier = ‘802° Port = ‘10801° > $tunnelInterface2 = New-AzLoadBalancerBackendAddressPoolTunnelInterfaceConfig @int2 $po0l = @ Name = ‘nyBackendPool" Tunnelinterface = $tunnelinterface1,$tunnelinterface2 } $bepool = New-AzLoadBalancerBackendAddressPoolConfig @pool ## Create the health probe and place in variable. ## $probe = @ Nane = ‘nyHiealthProbe" Protocol = ‘http’ Port = ‘80° IntervalInSeconds = '360" ProbeCount = '5" RequestPath = '/* 3 $healthprobe = New-AzLoadBalancerProbeConfig @probe ntips:leam microsot.comlon-uslazureload-balancerutora-gateway-powershell 591125724, 752 PM “utoria Create a gateway load balancer - Azure PowerShel - Azure Load Balancer | Microsof Lear 4H Create the load balancer rule and place in variable. ## $para = @ Name = ‘nyLBRule’ Protocol = ‘Al1' FrontendPort BackendPort = "0" FrontendIpConfiguration = $feip BackendAddressPool = $bepool Probe = $healthprobe + $rule = New-AzLoadBalancerRuleConfig @para ### Create the load balancer resource. ## $1b = @ ResourceGroupName = ‘TutorGwlB-rg" Name = ‘myLoadBalancer-gw' Location Sku = ‘Gateway' LoadBalancingRule = $rule FrontendIpConfiguration = $feip BackendAddressPool = $bepool Probe = $healthprobe "eastus’ + New-AzLoadBalancer @1b Add network virtual appliances to the Gateway Load Balancer backend pool Deploy NVAs through the Azure Marketplace. Once deployed, add the virtual machines to the backend pool with Add-AzVMNetworkinterface Chain load balancer frontend to Gateway Load Balancer In this example, you'll chain the frontend of a standard load balancer to the gateway load balancer. You'll add the frontend to the frontend IP of an existing load balancer in your subscription. Use Set-AzLoadBalancerFrontendlpConfig to chain the gateway load balancer frontend to your existing load balancer. ntips:leam microsot.comlon-uslazureload-balancerutora-gateway-powershell 69125124, 752 PM “Tutoriat Create a gateway oad balancer - Azure PowerShell - Azure Load Balancer | Micrasof Leam ‘Azure PowerShell ‘## Place the gateway load balancer configuration into a variable. HH $pari = @ ResourceGroupName = ‘TutorGwLB-rg’ Name = ‘myloadBalancer-gw' y Seuld Get-AzLoadBalancer @par1 th Place the existing load balancer into 2 variable. ## $par2 = @( ResourceGroupName = 'CreatePubLags-rg" Name = ‘myloadBalancer* 3 $lb = Get-azLoadBalancer @par2 HH Place the existing public IP for the existing load balancer into a variable. $par3 = @ ResourceGroupName = ‘CreatePubLegs-re" Name = ‘nyPublicIP" t $publicIP = Get-AzPublictPAddress @par3 i Chain the gateway load balancer to your existing load balancer frontend. ## $para = @ Name myFronténdIP" PubliciPAddress = $publiciP LoadBalancer = $1b GatewayLoadBalancerId = $gulb.FrontendIpConfigurations. Id y $config = Set-AzLoadBalancerFrontendIpConfig @para $config | Set-AzLoadBalancer Chain virtual machine to Gateway Load Balancer Alternatively, you can chain a VM's NIC IP configuration to the gateway load balancer. You'll add the gateway load balancer's frontend to an existing VM's NIC IP configuration. Use Set-AzNetworkinterfacelpConfig to chain the gateway load balancer frontend to your existing VM’s NIC IP configuration. Azure PowerShell ntips:leam microsot.comlon-uslazureload-balancertutora-gateway-powershell 719125124, 752 PM “Tutoriat Create a gateway load balancer - Azure PowerShell - Azure Load Balancer | Micrasof Leam WH Place the gateway load balancer configuration into a variable. ## $par1 = @ ResourceGroupName = 'TutorGwLB-rg' Name = ‘myLoadBalancer-gw' + $gwlb = Get-AzLoadBalancer @part it Place the existing NIC into a variable. ## $par2 = @( ResourceGroupName = ‘MyResourceGroup" Name = ‘myNic* 3 $nic = Get-AzNetworkInterface @par2 #% Chain the gateway load balancer to your existing VM NIC. ## $par3 = @ Nane = ‘nyTPconfig* NetworkInterface = $nic GatewayLoadBalancerId = $gwlb.FrontendIpConfigurations.Id } $config = Set-AzNetworkInterfaceIpConfig @par3 $config | Set-AzNetworkinterface Clean up resources When no longer needed, you can use the Remove-AzResourceGroup command to remove the resource group, load balancer, and the remaining resources. ‘Azure PowerShell Remove-AzResourceGroup -Name ‘TutorGwLB-rg" Next steps Create Network Virtual Appliances in Azure. When creating the NVAs, choose the resources created in this tutorial: © Virtual network Subnet ntips:leam microsot.comlon-uslazureload-balancerutora-gateway-powershell 89125124, 752 PM “Tutoriat Create a gateway lad balancer - Azure PowerShell - Azure Load Balancer | Microsoft Le © Network security group * Gateway Load Balancer Advance to the next article to learn how to create a cross-region Azure Load Balancer. ntips:leam microsot.comlon-uslazureload-balancerutora-gateway-powershell 9