Azure Loadbalancer: IP Source Affinity

Microsoft released some new network functionalities on the Azure Platform. One of this new functionalities is: IP Source Affinity for Azure Loadbalancer which can be used to maintain affinity between the user’s IP address and the server. This comes in handy when an application, for example, makes use of web forms and you do not want to lose any data after a refresh. This post will go in to some more details about this functionality.

In general there are two types of session affinity available:

  • IP Source Affinity: This type of session affinity sticks the user’s IP address to the webserver to create a “sticky session”.
  • Application layer persistence: On this level a sticky session is created by identifying each individually user using a “session cookie”.

The application layer persistence is preferred (more accurate) but is not supported at the moment by the Azure Loadbalancer.

To configure the IP Source Affinity on the Azure Loadbalancer the new property “LoadBalancerDistribution” can be used. The script shown below is an example on how you can configure this functionality.

Get-AzureVM -ServiceName <cloudservice> -Name <name> | Add-AzureEndpoint -Name https -Protocol tcp -LocalPort 443 -PublicPort 443 -LBSetName HTTPS-in -DefaultProbe -LoadBalancerDistribution sourceIP | Update-AzureVM

The property LoadBalancerDistribution does have three value options:

  • SourceIP, create a session based on the client IP address.
  • Protocol, create a session based on the used protocol.
  • None, this value disables the IP Source Affinity.

In the next example we use the value SourceIP to maintain affinity between the user’s IP address and the load balanced hosts.

To test the functionality, create 2 virtual machines in a single cloudservice within Azure and install a default IIS configuration. Add a website hosted on port 443 on both servers and edit the home page, so you can identify to which server the request is directed.

The next thing to do is create the load balanced endpoints for both the virtual machines using the following scripts:

Get-AzureVM -ServiceName <Cloudservice1> -Name <VM1> | Add-AzureEndpoint -Name https -Protocol tcp -LocalPort 443 -PublicPort 443 -LBSetName HTTPS-in -DefaultProbe -LoadBalancerDistribution sourceIP | Update-AzureV

Get-AzureVM -ServiceName <Cloudservice1> -Name <VM2> | Add-AzureEndpoint -Name https -Protocol tcp -LocalPort 443 -PublicPort 443 -LBSetName HTTPS-in -DefaultProbe -LoadBalancerDistribution sourceIP | Update-AzureVM

After the endpoints have been created, the configuration can be tested on the cloudapp.net URL.

page1

 

The external IP address will be used to setup the affinity with the webserver. As your IP address will not change that often you will always get directed to the same webserver. You can test this by refreshing the page.

And that’s basically it! This new feature can help you setup a loadbalancer with session affinity and in some cases this might mean you don’t have to install separated loadbalancers to support sticky sessions. Now we just have to wait until the next upgrade with individual cookie support.

  • Charanjit

    Example made me realize that SourceIP is generic name instead of a value of source machines.