Q: What is the new stickiness option for the Azure Load Balancer?
A: An Azure load-balanced set is a Layer 4 load balancer that works with TCP and UDP workloads. By default, it uses a 5-tuple load-balancing algorithm, which specifically uses the following:
- The source IP address
- The destination IP address
- The protocol type (TCP or UDP)
- The source port
- The destination port
Using a 5-tuple algorithm ensures a good distribution of traffic. It also ensures that all traffic from a specific session will be sent to the same member of the load-balanced set. However, if a different session is created or a workload (such as Remote Desktop Gateway traffic) uses different ports or protocols, then the traffic will be distributed among the various members of the set.
When you use PowerShell, another option is available for setting the distribution mode for a load-balanced set. Typically, a 5-tuple distribution algorithm is used to distribute traffic. However, there are times when this causes problems. If a client closes a connections and then reconnects, the client will likely use a new local port. That new local port wouldn't match the 5-tuple, and therefore the traffic would be directed to a different set member. Likewise, if a communication uses multiple ports or protocols, the 5-tuple mode would distribute the connections to different members, which likely would break the communication. Two additional distribution modes can be configured using PowerShell to help enable additional stickiness: 2-tuple or and 3-tuple.
For a 2-tuple distribution mode, only the source and destination IP address is used to map traffic to target members. This means any traffic from a specific IP address will always go to the same member of the load-balanced set no matter which port or protocol is used. The 3-tuple distribution mode uses the protocol in addition to the source and destination IP address. All traffic using the same Layer 4 protocol type (TCP or UDP) from an IP address will always be routed to the same member of the distribution set. Microsoft has a great blog post that goes into detail about these distribution modes: "Azure Load Balancer new distribution mode." I recommend reading this blog post, which also contains two nice figures that show how the 5-tuple distribution mode differs from the 2-tuple mode when distributing traffic from multiple connections from the same source IP address.
PowerShell must be used to set the distribution mode to a mode other than the default 5-tuple. Add the -LoadBalancerDistribution parameter with one of these values:
- -LoadBalancerDistribution "SourceIP" (use 2-tuple distribution mode)
- -LoadBalancerDistribution "SourceIPProtocol" (use 3-tuple distribution mode)
If the -LoadBalancerDistribution parameter isn't specified, the default 5-tuple distribution mode is configured. Here's an example of a script for creating a load-balanced set using 2-tuple:
Get-AzureVM -ServiceName "savilltech101" -Name "websrv1" | Add-AzureEndpoint -Name "HTTP" -Protocol tcp -LocalPort 80 -PublicPort 80 ` -LBSetName "LBHTTP" -ProbePort 80 -ProbeProtocol http -ProbePath "/" ` –LoadBalancerDistribution "SourceIP" | Update-AzureVM
You can change the distribution mode at any time. The current distribution mode can be viewed using the Get-AzureEndpoint cmdlet against a virtual machine object. To change the distribution mode, run the following code:
Set-AzureLoadBalancedEndpoint -ServiceName "savilltech101" -LBSetName "LBHTTP" ` -Protocol tcp -LocalPort 80 -ProbeProtocol http -ProbePort 80 ` –LoadBalancerDistribution "sourceIP"