Internal load balancers should be zone-redundant
March 21, 2025 ยท View on GitHub
SYNOPSIS
Load balancers deployed with Standard SKU should be zone-redundant for high availability.
DESCRIPTION
A load balancer is an Azure service that distributes traffic among instances of a service in a backend pool (such as VMs). Load balancers route traffic to healthy instances in the backend pool based on configured rules. However if the load balancer itself becomes unavailable, traffic sent through the load balancer may become disrupted.
In a region that supports availability zones, Standard Load Balancers can be deployed across multiple zones (zone-redundant). A zone-redundant Load Balancer allows traffic to be served by a single frontend IP address that can survive zone failure.
Also consider the data path to the backend pool, and ensure that the backend pool is deployed with zone-redundancy in mind.
In a region that supports availability zones, Standard Load Balancers should be deployed with zone-redundancy.
RECOMMENDATION
Consider using load balancers deployed across at least two availability zones.
EXAMPLES
Configure with Azure template
To configure zone-redundancy for a load balancer.
- Set the
sku.nameproperty toStandard. - Set the
properties.frontendIPConfigurations[*].zonesproperty to at least two availability zones. e.g.1,2,3.
For example:
{
"type": "Microsoft.Network/loadBalancers",
"apiVersion": "2023-09-01",
"name": "[parameters('lbName')]",
"location": "[parameters('location')]",
"sku": {
"name": "Standard",
"tier": "Regional"
},
"properties": {
"frontendIPConfigurations": [
{
"name": "frontendIPConfig",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"subnet": {
"id": "[reference(resourceId('Microsoft.Network/virtualNetworks', parameters('name')), '2023-09-01').subnets[1].id]"
}
},
"zones": [
"1",
"2",
"3"
]
}
]
}
}
Configure with Bicep
To configure zone-redundancy for a load balancer.
- Set the
sku.nameproperty toStandard. - Set the
properties.frontendIPConfigurations[*].zonesproperty to at least two availability zones. e.g.1,2,3.
For example:
resource internal_lb 'Microsoft.Network/loadBalancers@2023-09-01' = {
name: lbName
location: location
sku: {
name: 'Standard'
tier: 'Regional'
}
properties: {
frontendIPConfigurations: [
{
name: 'frontendIPConfig'
properties: {
privateIPAllocationMethod: 'Dynamic'
subnet: {
id: vnet.properties.subnets[1].id
}
}
zones: [
'1'
'2'
'3'
]
}
]
}
}
NOTES
This rule applies to internal load balancers deployed with Standard SKU. Internal load balancers do not have a public IP address and are used to load balance traffic inside a virtual network.
The zones property is not supported with:
- Public load balancers, which are load balancers with a public IP address. To address availability zones for public load balancers, use a Standard tier zone-redundant public IP address.
- Load balancers deployed with Basic SKU, which are not zone-redundant.
For regions that support availability zones, the zones property should be set to at least two zones.