Skip to content

Latest commit

 

History

History
95 lines (64 loc) · 6.08 KB

File metadata and controls

95 lines (64 loc) · 6.08 KB

Migrate from Inbound NAT Pools to NAT Rules

Azure Load Balancer NAT Pools are the legacy approach for automatically assigning Load Balancer front end ports to each instance in a Virtual Machine Scale Set. NAT Rules on Standard SKU Load Balancers have replaced this functionality with an approach that is both easier to manage and faster to configure.

Why Migrate to NAT Rules?

NAT Rules provide the same functionality as NAT Pools, but have the following advantages:

  • NAT Rules can be managed using the Portal
  • NAT Rules can leverage Backend Pools, simplifying configuration
  • NAT Rules configuration changes apply more quickly than NAT Pools
  • NAT Pools cannot be used in conjunction with user-configured NAT Rules

Migration Process

The migration process will create a new Backend Pool for each Inbound NAT Pool existing on the target Load Balancer. A corresponding NAT Rule will be created for each NAT Pool and associated with the new Backend Pool. Existing Backend Pool membership will be retained.

Important

The migration process removes the Virtual Machine Scale Set(s) from the NAT Pools before associating the Virtual Machine Scale Set(s) with the new NAT Rules. This requires an update to the Virtual Machine Scale Set(s) model, which may cause a brief downtime while instances are upgraded with the model.

Note

Frontend port mapping to Virtual Machine Scale Set instances may change with the move to NAT Rules, especially in situations where a single NAT Pool has multiple associated Virtual Machine Scale Sets. The new port assignment will align sequentially to instance ID numbers; when there are multiple Virtual Machine Scale Sets, ports will be assigned to all instances in one scale set, then the next, continuing.

Note

Service Fabric Clusters take significantly longer to update the Virtual Machine Scale Set model (up to an hour).

Prerequisites

Install the 'AzureLoadBalancerNATPoolMigration' module

Install the module from the PowerShell Gallery

Install-Module -Name AzureLoadBalancerNATPoolMigration -Scope CurrentUser -Repository PSGallery -Force

Use the module to upgrade NAT Pools to NAT Rules

  1. Connect to Azure with Connect-AzAccount
  2. Find the target Load Balancer for the NAT Rules upgrade and note its name and Resource Group name
  3. Run the migration command

Example: specify the Load Balancer name and Resource Group name

Start-AzNATPoolMigration -ResourceGroupName <loadBalancerResourceGroupName> -LoadBalancerName <LoadBalancerName>

Example: pass a Load Balancer from the pipeline

Get-AzLoadBalancer -ResourceGroupName -ResourceGroupName <loadBalancerResourceGroupName> -Name <LoadBalancerName> | Start-AzNATPoolMigration

Common Questions

Will migration cause downtime to my NAT ports?

Yes, because we must first remove the NAT Pools before we can create the NAT Rules, there will be a brief time where there is no mapping of the front end port to a back end port.

Note

Downtime for NAT'ed port on Service Fabric clusters will be significantly longer--up to an hour for a Silver cluster in testing.

Do I need to keep both the new Backend Pools created during the migration and my existing Backend Pools if the membership is the same?

No, following the migration, you can review the new backend pools. If the membership is the same between backend pools, you can replace the new backend pool in the NAT Rule with an existing backend pool, then remove the new backend pool.

Next steps

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.

Trademarks

This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.