Skip to main content
Microsoft Azure
CHAPTER 07

Azure Load Balancer and Traffic Manager

Updated: May 15, 2026
25 min read

# CHAPTER 7

Azure Load Balancer and Traffic Manager

1. Introduction

If you run a successful e-commerce store on a single Virtual Machine, you have a massive problem: A Single Point of Failure (SPOF). If that VM crashes, or if too many customers try to checkout at once, your website goes offline and you lose money. To achieve Enterprise-grade High Availability, you must run multiple VMs simultaneously and place a Load Balancer in front of them. In this chapter, we will learn how to distribute traffic across zones and globally using Azure Load Balancer and Azure Traffic Manager.

2. Learning Objectives

By the end of this chapter, you will be able to:
  • Define High Availability (HA) and eliminate Single Points of Failure.
  • Understand the Layer 4 function of Azure Load Balancer.
  • Configure Virtual Machine Scale Sets (VMSS) for elasticity.
  • Configure Health Probes to autonomously reroute traffic.
  • Understand Global DNS routing using Azure Traffic Manager.

3. Beginner-Friendly Explanation

Imagine a busy bank.
  • Single Server: There is exactly one teller working. If 50 people walk in, the line is out the door. If the teller goes to lunch, the bank is closed.
  • VM Scale Sets: The bank hires 5 identical tellers to work at the same time.
  • The Load Balancer: The security guard at the front door. When a customer walks in, the guard looks at the 5 tellers. "Teller 1 is busy. Teller 2 is free. Go to Teller 2!"
  • Health Probes: The guard constantly asks the tellers, "Are you awake?" If Teller 3 falls asleep, the guard stops sending customers to Teller 3 and routes them to the other 4 awake tellers.

4. Virtual Machine Scale Sets (VMSS)

Before you can load balance traffic, you need a group of identical servers. Instead of building 5 VMs by hand, Azure provides Virtual Machine Scale Sets (VMSS). You give Azure a "Template" of a VM. You tell the Scale Set: "I always want exactly 3 VMs running." If a VM crashes, the Scale Set automatically uses the template to create a brand new VM to replace it. It also enables Autoscaling (e.g., "Add 2 more VMs if CPU goes over 80%").

5. Types of Azure Load Balancing

Azure has several tools for traffic routing. The two most fundamental are:
  1. 1. Azure Load Balancer (Layer 4): Operates at the TCP/UDP network layer. It is regional. It distributes traffic among VMs inside a single VNet. Extremely fast, but it doesn't "understand" HTTP traffic (it doesn't know what a URL path is).
  1. 2. Azure Application Gateway (Layer 7): Operates at the HTTP/HTTPS layer. It understands URLs. You can route mysite.com/images to one pool of servers, and mysite.com/video to a different pool.

6. Health Probes

A Load Balancer is useless if it sends a customer to a crashed server. You configure a Health Probe to ping your servers every 5 seconds (e.g., trying to connect to Port 80).
  • If a server responds, it receives traffic.
  • If it times out, the Load Balancer instantly marks it "Unhealthy" and silently reroutes all customer traffic to the surviving servers.

7. Mini Project: Conceptual Load Balancing Architecture

Setting up a Load Balancer with a VMSS in the console requires precise networking. Let's outline the conceptual steps:

Step-by-Step Overview:

  1. 1. The Blueprint: Create a *Virtual Machine Scale Set (VMSS)* running Ubuntu with Nginx installed via Custom Data. Set the initial instance count to 2.
  1. 2. The Balancer: In the Azure Portal, create an Azure Load Balancer. Choose "Public" visibility.
  1. 3. Frontend IP: The Load Balancer provisions a single, Static Public IP address.
  1. 4. Backend Pool: Point the Load Balancer to your VMSS.
  1. 5. Health Probe: Configure a probe targeting Port 80 (HTTP).
  1. 6. Load Balancing Rule: Create a rule mapping Frontend Port 80 to Backend Port 80.
  1. 7. The Result: You give the Load Balancer's Public IP to your customers. They hit the Load Balancer, and it seamlessly distributes the TCP traffic across your 2 VMs. If you manually delete one VM, the VMSS replaces it, and the Load Balancer resumes sending it traffic once it passes the Health Probe.

8. Global Routing with Traffic Manager

Azure Load Balancers are Regional (e.g., they only exist in East US). What if your East US data center loses power? Azure Traffic Manager is a DNS-based global traffic router.
  1. 1. You build a Load Balancer + VMSS in East US.
  1. 2. You build an identical Load Balancer + VMSS in West Europe.
  1. 3. You place Traffic Manager in front of both.
  1. 4. When a user in Paris visits your site, Traffic Manager uses Performance Routing to send them to the West Europe Load Balancer because it's physically closer, guaranteeing lightning-fast load times!

9. Best Practices

  • Standard vs. Basic SKU: Always choose the Standard SKU when creating an Azure Load Balancer. The Basic SKU is free, but it is missing critical enterprise features and is not compatible with modern Availability Zones.

10. Common Mistakes

  • Firewalling the Health Probe: The Load Balancer itself does not live inside your subnet. To perform Health Probes, Azure's probe servers must reach your VMs. You MUST ensure your Network Security Group (NSG) allows inbound traffic from the built-in AzureLoadBalancer Service Tag. If you block this, the Load Balancer thinks all your servers are dead and drops 100% of your traffic!

11. Exercises

  1. 1. What is a Single Point of Failure (SPOF)? How does an architecture utilizing a VM Scale Set mitigate it?
  1. 2. Explain the functional difference between a Layer 4 Azure Load Balancer and a DNS-based Azure Traffic Manager.

12. FAQs

Q: Should I use Azure Load Balancer or Application Gateway for my website? A: If you just need raw, fast distribution of traffic across identical web servers, use the Azure Load Balancer. If you need advanced HTTP features like SSL Termination (managing your HTTPS certificates), path-based routing, or a Web Application Firewall (WAF) to block SQL injections, you must use the Layer 7 Application Gateway.

13. Interview Questions

  • Q: Describe the architectural relationship between a Virtual Machine Scale Set (VMSS), a Health Probe, and an Azure Load Balancer.
  • Q: A newly deployed Azure Load Balancer is failing to route traffic to the backend VMs. You verify the VMs are running and Nginx is serving locally. Identify the most likely NSG networking misconfiguration causing this failure. *(Hint: AzureLoadBalancer Service Tag!)*

14. Summary

In Chapter 7, we achieved Enterprise High Availability. We eliminated Single Points of Failure by transitioning from standalone VMs to resilient Virtual Machine Scale Sets (VMSS). We introduced the Azure Load Balancer as the intelligent traffic cop, utilizing Frontend IPs to route users to healthy backend servers. Finally, we established autonomous self-healing via Health Probes and explored global geographic routing using Azure Traffic Manager.

15. Next Chapter Recommendation

We have a Load Balancer with a public IP address (e.g., 20.120.45.67). But humans do not memorize IP addresses; they type microsoft.com. Proceed to Chapter 8: Azure DNS and Domain Management.

Finish this Chapter

Save your progress on your learning path and prepare for coding interview challenges.

Previous Chapter Azure Virtual Networking
Next Chapter Azure DNS and Domain Management

Discussion

Join the discussion

Log in or create a free account to participate.

Sort: ·

Explore More

📖 Related Tutorials 5

Related Quizzes 6