In the Azure architecture, this is a simple way to build a free High Availability NVA to connect internal VMs to internet.
Today, I want talk about my experience with High Availability for Internet Access.
I used a Azure Marketplace application ready to go and it jumped on my eyes there was only one VM dedicated for internet access.
It was a single point of failure and I started to think how to improve it, simplifying the deployment, the managebility and the scalibility.
I thought it was able to be a good moment to start to use Azure Load Balancer standard sku and Azure Virtual Machine ScaleSet (VMSS) together.
In detail, there is:
- a VNET with two subnets, one is a frontend subnet and one is a backend subnet.
- two Azure Load Balancer, one is external LB with public IP Address and one is internal LB with Private VIP
- a VMSS based on UBUNTU distribution with two network interface, one connect with frontend subnet and one connect with backend subnet.
- a route table that change default routing for backend subnet. It sends all internet traffic to private VIP of Azure Internal Load Balancer
To connect to single VM, is possible to use ssh. External Load Balancer has configured NAT Rule to allow you to connect to each single VM.
NAT rule map internal TCP port with External TCP 2200x port.
- VM1 has 22001
- VM2 has 22002
- and so on.
Example, to connect to third instance VM by ssh:
ssh username@External-Load-Balancer-public-ip-address -p 22003