Azure Load Balancer: High Availability Patterns

Azure Load Balancer ensures your applications stay online and handle traffic efficiently by distributing requests across multiple servers. It supports different configurations like zone redundancy for maximum reliability or zonal setups for focused deployments. With the Standard Load Balancer, you get enhanced security, scalability, and support for availability zones - ideal for critical workloads.

Key points:

• Basic Load Balancer retires on 30th September 2025. Upgrade to Standard for continued service.
• Zone-redundant configurations protect against failures across datacentres.
• Health probes ensure traffic only goes to functioning servers.

For UK SMBs, balancing uptime with cost is essential. The Standard Load Balancer starts at £18.25/month (excluding VAT), with options to optimise costs using auto-scaling, Azure Reservations, and budget alerts. Prioritise security by using Network Security Groups and monitoring tools like Azure Monitor.

Quick Tip: For critical systems, use zone-redundant setups combined with active/active architectures for consistent performance during failures.

Availability Zone Patterns and Zone Redundancy

Understanding Availability Zones

Azure Availability Zones are independent datacentres located within 100 km of each other, each equipped with separate power, cooling, and networking systems. For UK SMBs, this setup is particularly relevant in regions like UK South, where Availability Zones are supported. By distributing resources across multiple zones, businesses can mitigate risks such as power outages, network disruptions, or hardware failures. These zones are linked by a high-performance network, and service updates are applied one zone at a time. Microsoft aims to keep inter-zone round-trip latencies under 2 milliseconds.

Zone Redundant vs Zonal Configurations

Choosing the right deployment model is crucial for building a resilient infrastructure. Zone redundant configurations provide the highest level of reliability. In this model, the load balancer's frontend IP address is supported by multiple independent deployments across different zones. This ensures the IP address remains functional even if one zone experiences a failure, and all backend pool members stay accessible regardless of their location.

On the other hand, zonal configurations confine the load balancer to a single zone. While this setup protects against failures in other zones, it becomes unavailable if the designated zone fails. Zonal configurations are useful when you need to assign an IP address to a specific Availability Zone. Non-zonal configurations, which lack redundancy, are more suitable for development environments or non-critical workloads.

For UK SMBs handling customer-facing or critical applications, zone redundant setups are often the preferred choice due to their resilience and simplified IP management.

Best Practices for Zone Alignment

Proper zone alignment is essential for ensuring both fault tolerance and optimal performance with Azure Load Balancer. When configuring your frontend with a new Public IP address, enable zone-redundancy to improve resilience. If zone redundancy isn’t an option, consider a zonal load balancer deployment, especially when your backend resources are concentrated within one zone.

To maintain traffic continuity and meet the Standard Load Balancer SLA, ensure your backend pool spans multiple zones and includes at least two instances. Additionally, configure Network Security Groups (NSGs) to allow necessary inbound traffic and unblock the 168.63.129.16 IP address for health probes.

For setups involving multiple frontends, ensure all IP addresses are either zone-redundant or tied to a specific zone. To optimise outbound traffic, use manual port allocation rules to avoid SNAT exhaustion and enable TCP resets for quick connection terminations. If you’re using floating IP configurations, set up a loopback interface with the load balancer's frontend IP address.

Plan your zone alignment carefully during the initial deployment, as zones cannot be changed later. For mission-critical workloads, consider combining multi-region and multi-zone strategies to safeguard against both local datacentre failures and broader regional disruptions.

High Availability Architectures with Azure Load Balancer

Active/Active vs Active/Standby Models

When it comes to SMB applications, two main architecture models are commonly used: active/active and active/standby. The active/active model uses all nodes simultaneously, ensuring maximum resource use and better performance - especially for high-traffic applications. On the other hand, the active/standby approach keeps one node active while the others remain on standby, ready to take over if needed. This setup is often favoured for disaster recovery, as standby nodes can be located in different geographical regions, boosting resilience.

In Azure Load Balancer setups, active/standby configurations rely on Network Virtual Appliances (NVAs) to expose specific TCP/UDP ports or HTTP endpoints for health probes. Active/active architectures, while offering better throughput and response times, come with added complexity compared to active/standby setups .

Using Network Virtual Appliances (NVAs)

Network Virtual Appliances (NVAs) play a crucial role in improving security and managing traffic within Azure Load Balancer environments. These appliances inspect traffic between security zones, filter communication, and handle tasks like terminating VPN or SD-WAN tunnels . Azure Load Balancer supports NVA clusters in two configurations:

• Internal load balancer: Routes traffic from Azure and on-premises networks to NVAs.
• Public load balancer: Makes NVAs accessible to internet traffic .

For traffic between Azure and the public internet, NVAs use Source Network Address Translation (SNAT) to ensure traffic symmetry since different Azure load balancers handle each direction of traffic. For on-premises to Azure traffic, symmetry is maintained automatically via the internal load balancer . If an NVA instance fails, Azure Load Balancer typically redirects traffic to another instance within 10 to 15 seconds .

Before deploying NVAs, verify that your vendor has tested and validated their design for Azure. Consider factors like failover time, support for active/active or active/standby setups, and traffic symmetry requirements . Once NVAs are in place, the next step is to align your load balancer architecture with your operational goals.

Choosing the Right Load Balancer Architecture

Selecting the right architecture involves balancing factors like traffic type, geographic scope, service-level agreements (SLAs), and operational costs. The type of traffic - whether web-based (HTTP/HTTPS), public-facing, or private - will heavily influence your choice. Geographic considerations also play a role, as they affect both performance and costs.

For NVA-based solutions, you have three main options:

• Azure Load Balancer: Supports both active/active and active/standby configurations. It offers quick convergence times but requires NVAs to provide health probe ports and may need SNAT for stateful appliances.
• Azure Route Server: Works with BGP support, often requiring SNAT for traffic symmetry.
• Azure Gateway Load Balancer: Ensures traffic symmetry without needing SNAT and allows NVA sharing across multiple tenants. However, it doesn't support East-West traffic flows .

Keep in mind that more complex architectures come with higher management and monitoring costs. These may require advanced tools and expertise to maintain. Azure's "Load balancing - help me choose" tool in the portal can guide you towards the best option based on your specific needs. In many cases, combining multiple load-balancing solutions at different layers provides a more effective approach than relying on a single solution. Always assess each component of your architecture individually to ensure it meets your requirements.

Monitoring, Health Probes, and Fault Tolerance

Configuring Health Probes

Health probes play a key role in ensuring the Azure Load Balancer can continuously monitor the condition of backend instances. By default, these probes send requests to your application every 5 seconds. Azure Load Balancer supports three protocols for these probes: TCP, HTTP, and HTTPS. Here's how they work:

• TCP probes: Simply check if a connection can be established.
• HTTP/HTTPS probes: Expect a specific response from your application to confirm it's functioning correctly.

When setting up health probes, it's important to choose a port that reflects both the health of the instance and the application service. For web applications, this usually means using HTTP or HTTPS probes on the application's port. However, for UDP-based applications, you'll need to create a custom signal for health probes since UDP doesn't inherently provide connection state information.

A few things to keep in mind:

• The timeout for HTTP/HTTPS probes is fixed at 30 seconds. If your application doesn’t respond within that time, the instance is marked as unhealthy.
• The behaviour of the load balancer depends on its type:
  • Standard Load Balancer: Allows ongoing TCP connections to continue, even when health probes fail.
  • Basic Load Balancer: Terminates all existing connections immediately if probes fail.
• Ensure that the IP address 168.63.129.16 is allowed in your Network Security Groups (NSGs) and firewalls. Blocking this address will lead to probe failures.

Once your health probes are configured, monitoring their performance is equally important.

Monitoring with Azure Native Tools

After setting up health probes, you’ll need to keep an eye on their performance using Azure’s built-in monitoring tools. Azure Monitor provides essential metrics, logs, and diagnostics to track the health and performance of your load balancer. Some key metrics include:

• Data path availability
• Virtual machine availability
• SNAT connection statistics

These metrics are automatically collected, giving you real-time insights into your infrastructure. Tools like Metrics Explorer allow you to visualise performance across your Azure services, while Log Analytics (using Kusto Query Language) enables deeper analysis through resource logs and diagnostic settings.

Azure evaluates resource health every two minutes by checking data path availability. You can also set up alerts to notify you about critical issues, such as:

• Data path availability dropping to zero
• The number of healthy instances falling below a certain threshold (e.g., 25% of the total pool)
• SNAT connection failures

Maintaining Fault Tolerance

With health probes and monitoring in place, you can fine-tune settings to improve fault tolerance. Adjust probe intervals based on your application’s requirements. For instance, shorter intervals can detect failures faster but may increase network overhead, whereas longer intervals reduce network load during normal operation.

Global load balancers check health every 5 seconds when probes are active. To maximise availability, consider using zone-redundant configurations across multiple availability zones. This ensures that if one zone goes offline, traffic is automatically redistributed to healthy zones. This setup works particularly well in the zone-redundant configurations mentioned earlier.

Proactively monitor SNAT connections to prevent port exhaustion, which can cause subtle failures not easily detected by health probes. Setting up alerts for SNAT port usage and distributing traffic across multiple frontends (using different ports and IP addresses) can help isolate and manage issues effectively.

For even greater resilience, use regional redundancy by integrating regional load balancers with a global load balancer. This setup allows traffic to be redirected to the next closest healthy region if a failure occurs.

Finally, regularly test your fault tolerance strategies. For example, you can temporarily block health probes using NSGs to ensure traffic redistributes promptly and alerts are triggered as expected.

Cost Optimisation and Best Practices for UK SMBs

Optimising Azure Load Balancer Costs

Managing Azure Load Balancer costs effectively starts with understanding its pricing structure. The Standard Load Balancer costs £0.025 per hour for the first five rules, with additional rules priced at £0.01 per hour. Data processing is charged at £0.005 per GB, and inbound NAT rules are free. For a basic setup, this totals approximately £18.25 per month (excluding VAT).

To keep costs under control, start by reviewing and removing any unused load balancer rules. For compute savings, consider Azure Reservations and Spot VMs, which can cut costs by up to 72% and 90%, respectively. For businesses with predictable workloads, commitment-based pricing offers a reliable way to reduce ongoing expenses.

Another useful strategy is setting up auto-scaling to adjust resources during low-traffic periods. For instance, configuring virtual machine scale sets ensures capacity aligns with demand, which is especially beneficial for SMBs with predictable traffic patterns.

Also, set budget alerts to keep track of spending and avoid unexpected costs when expenses exceed set thresholds. If your business uses Windows Server or SQL Server licences, the Azure Hybrid Benefit can save up to 85% compared to standard pay-as-you-go rates.

By adopting these practices, UK SMBs can ensure their investments in high availability remain financially sustainable.

Key Takeaways from Azure Optimisation Blogs

Expert advice can provide even more clarity on cost-saving measures. For instance, the Azure Optimization Tips, Costs & Best Practices blog offers guidance tailored for SMBs scaling on Microsoft Azure. Their recommendations on cloud architecture and performance can be directly applied to load balancer configurations.

Here are additional tips to optimise Azure costs:

• Use consistent tagging to monitor expenses by project, department, or environment.
• Schedule auto-shutdowns for non-production environments, reducing costs by 60–70% during off-peak hours.
• Regularly audit resources to identify hidden costs from unused or orphaned resources.
• Leverage Azure Advisor for AI-driven suggestions, such as identifying underutilised VMs and unused network components.
• Implement Role-Based Access Control (RBAC) to prevent unauthorised resource provisioning and unexpected charges.

By combining these strategies, SMBs can optimise their Azure spend without sacrificing performance.

Security and Compliance for UK SMBs

For UK SMBs, ensuring security and compliance is just as important as managing costs. GDPR compliance, for example, requires careful attention to where data is stored and processed. Using Azure's UK regions (UK South and UK West) ensures data residency within the UK, addressing sovereignty concerns.

The Standard Load Balancer is built on a Zero Trust security model, offering stronger protection than the Basic Load Balancer, which will be retired on 30th September 2025. Begin planning your migration now to maintain security and avoid service interruptions.

VAT is another consideration for UK-based SMBs, with the current rate adding 20% to Azure costs. To ensure compliance with HMRC regulations, consult a tax advisor familiar with cloud services.

For businesses with high-traffic applications, data transfer costs between availability zones can quickly add up. Monitor data transfer patterns and consolidate resources within a single zone where possible to minimise these expenses.

Microsoft's $20 billion investment in cybersecurity over five years highlights its commitment to enterprise-grade security without additional licensing fees. This complements Azure's high availability features, making it a strong choice for SMBs balancing security and cost.

To keep up with evolving regulations, document and review your security configurations quarterly. This proactive approach helps maintain compliance while safeguarding your data and resources.

Azure Load Balancer Deep Dive

Conclusion

Azure Load Balancer plays a critical role in creating resilient and highly available architectures for UK SMBs. By efficiently distributing traffic and rerouting it from failed instances, it helps minimise downtime and ensures seamless operations.

With support for both TCP and UDP protocols, Azure Load Balancer caters to a range of application needs. Whether you're managing a customer-facing website, internal business systems, or multi-layered architectures, it provides the stability and continuity required during hardware issues or scheduled maintenance. These capabilities align with the high availability strategies discussed earlier.

Key Takeaways

Here are the main points to remember when leveraging Azure Load Balancer:

• Zone-redundant configurations offer unmatched resilience. By using a single frontend IP address that remains operational even during zone failures, this setup reduces the risk of service interruptions compared to zonal configurations, which are limited to specific zones.
• The Standard Load Balancer is ideal for mission-critical workloads, thanks to advanced features like HA ports. Unlike the Basic Load Balancer, which lacks support for availability zones and does not include an SLA, the Standard tier provides enhanced reliability and peace of mind.
• Health probes and continuous monitoring are essential for fault tolerance. These tools ensure traffic is directed only to healthy resources, reducing the need for manual intervention during failures and speeding up recovery times.
• For SMBs with tight budgets, balancing high availability with cost efficiency is key. By carefully monitoring usage and selecting the appropriate load balancer SKU, businesses can minimise downtime without overspending.
• Active/active architectures combined with zone-redundant load balancers offer the highest level of resilience. This approach distributes traffic across multiple healthy instances, maintaining performance even during partial failures. It ensures applications remain responsive during peak demand and unexpected outages.
• Integrating network virtual appliances with Azure's monitoring tools creates a scalable and reliable system. This setup allows for seamless growth as your business expands, without requiring a complete architectural overhaul.

FAQs

What is the difference between zone-redundant and zonal configurations in Azure Load Balancer, and how can I decide which one suits my business needs?

Azure Load Balancer offers two configuration options to suit different needs: zone-redundant and zonal setups. Each has its strengths, depending on your application's requirements.

Zone-redundant configurations spread resources across multiple availability zones, ensuring your applications remain operational even if one zone fails. This makes it a great choice for critical applications where reliability is non-negotiable.

On the other hand, zonal configurations allocate resources to a specific zone. While this approach is more budget-friendly, it provides less protection against zone failures. It's a practical option for non-critical workloads where cost efficiency is a priority.

When choosing between the two, think about your business's tolerance for downtime and your budget. If you're running mission-critical services, the zone-redundant setup is the safer bet. For tasks that are less sensitive to interruptions, the zonal configuration can help you save on costs.

What are the best ways for UK SMBs to optimise costs and improve efficiency with Azure Load Balancer?

UK small and medium-sized businesses (SMBs) can manage costs effectively with Azure Load Balancer by choosing the appropriate tier - either Basic or Standard - based on their specific workload needs. Another key step is rightsizing resources, which helps prevent over-provisioning and unnecessary expenses.

Using autoscaling is another smart move, as it allows resources to adjust automatically to demand. This means businesses can avoid paying for unused capacity during quieter periods. Similarly, setting start and stop schedules for non-production virtual machines (VMs) can significantly cut costs. Keeping an eye on data transfer usage is also crucial to avoid unexpected charges.

For more long-term savings, tools like Azure Advisor can help identify personalised cost-saving opportunities. Pairing these insights with best practices for resource management ensures efficient and economical use of Azure services.

By adopting these strategies, UK SMBs can build resilience while achieving scalable, cost-efficient operations on Azure.

How do Network Virtual Appliances (NVAs) improve security and manage traffic in Azure Load Balancer setups?

Network Virtual Appliances (NVAs) are crucial for boosting security and managing traffic in Azure Load Balancer setups. They handle tasks like inspecting, filtering, and routing traffic, offering an extra layer of protection against potential threats.

For businesses, integrating NVAs means greater control over how traffic flows and is processed. This added control not only increases resilience but also ensures fault tolerance. NVAs are particularly beneficial for small and medium-sized businesses (SMBs) striving to maintain reliable availability and strong security within their cloud environments.

Related posts

• Azure Load Balancer: Best Practices for SMBs
• 5 Failover Patterns for High Availability in Azure
• Azure Resiliency Patterns for SMB Applications