This blog post was co-authored by Anavi Nahar, Program Manager II, Azure Networking.
Today we are announcing a set of networking enhancements for Azure virtual machine scale sets. We are adding new ways to assign IP addresses, configure DNS, and assign network security.
Azure scale sets were built to provide a fast and easy way to deploy and manage a collection of virtual machines. The initial implementation of scale sets included a core set of network features most commonly associated with scalable compute clusters; for example, Azure Load Balancer and Application Gateway integration, support for load balancing and dynamic NAT pools routing to private IP addresses.
Since the initial release of scale sets in 2016, we've been working to support more advanced networking scenarios, and to attain network equivalency between scale set VMs, and standalone VMs in Availability Sets. Today's announcement opens up exciting new application scenarios for scale sets with more complex networking requirements, as well as allowing existing applications that were designed for standalone virtual machines to take advantage of scale set features such as easy dynamic scaling, autoscale and patching.
Here's a summary of the new features you can now use with scale sets, and where to find more information.
Public IPv4 addresses per VM
Previously you could only assign private IP addresses to scale set VMs. Typical scale set architectures would assign one or more public IP addresses to a load balancer, which would route incoming connections to the private scale set VM IP addresses, or assign a public IP address to a "jump box" VM in the same VNet which could connect directly to the VMs.
Though private IP addresses per VM is an optimal configuration for many applications which deploy at scale, in some cases it is useful for VMs to support direct external connections, and to connect to one another across regions. There are also cases where outbound network bandwidth requirements exceed that provided by a load balancer.
Now you can configure a scale set to allocate a public IPv4 address to every VM. Examples of where this can be useful include:
- Distributed databases where stateful nodes communicate with one another, potentially across regions. Scale sets provide the elasticity and easy deployment at scale. Public IP per VM provides maximum network interoperability. E.g. Couchbase.
VM Scale Sets make it possible for Couchbase users to scale their cluster up simply by moving a slider in the Azure Portal. VMSS also provide improved reliability and ease of management over previous approaches of managing VMs. The new Public IP per VM feature allows the configuration of cross-datacenter replication leveraging the high bandwidth, low latency Azure backbone. With this architecture, cross region communication is limited only by a nodes bandwidth cap, which can be as high as many Gbps. As always, it’s been a pleasure working with the Microsoft team on testing preview versions of this feature. You can try the GA version yourself in Azure Marketplace or with the Azure 2.0 CLI.
- Ben Lackey - Director of Partner Solutions at Couchbase
- Applications where outbound bandwidth exceeds load balancer capabilities. Public IP per VM increases this bandwidth by allowing each VM to use its NIC for outbound network traffic.
- Applications which need a direct connection from client to server. One example is gaming, where a game console makes direct connections to VMs doing game physics for massive shared reality environments.
- Large scale client simulations. E.g. stress testing a retail service by simulating a large number of independent clients.
Previously scale sets relied on the specific DNS settings of the VNet and subnet they were created in. With configurable DNS, you can now configure the DNS settings for a scale set directly. You can configure which DNS Servers the VMs in the scale set should reference, and specify a domain name label to apply to each VM.
Multiple IP addresses per NIC, multiple NICs per VM
Why stop at one public IP address per VM when you can have up to 400? The ability to define more than one IP address and NIC for a virtual machine is particularly useful for applications like Web Application Firewalls, which need to manage multiple networks and can optimize resources by being able to easily scale out VMs.
Now you can define up to 50 IP addresses per NIC, and up to 8 NICs per VM (depending on VM size) for all the VMs in your scale set.
Network Security Groups per scale set
A Network Security Group (NSG) contains a list of security rules that allow or deny network traffic to resources connected to Azure Virtual Networks. NSGs enable you to customize your security requirements to your security needs.
Previously you could assign an NSG to a subnet, or to standalone virtual machine NICS, but not directly to a scale set. NSGs can now be applied directly to scale sets. Network traffic rules can be enforced and controlled through NSGs securing your scale sets in Azure, allowing finer grained control over your infrastructure.
IPv6 Load Balancer support - public preview
As IPv4 addresses become scarcer, more applications are leveraging the 128-bit address space provided by IPv6. Now with the public preview of IPv6 load balancer support, you can configure Azure Load Balancers with public IPv6 addresses, which can route requests to VM scale set VMs.
The Azure Accelerated Networking feature, which dramatically improves network performance by enabling single root I/O virtualization (SR-IOV) to a VM, is now available for virtual machine scale sets. This feature is generally available for Windows, and in public preview for Linux.
To find out more about these networking features for scale sets and how to use them, refer to Azure Virtual Machine Scale Sets Networking.