Skip to main content

Glasnostic for Azure Gateway Load Balancer Setup Guide

This guide shows you how to run Glasnostic as a Network Virtual Appliance (NVA) for Azure Gateway Load Balancer (GWLB) so you can gain immediate visibility into and control over how your Azure applications interact with each other as well as the wider network.

The steps are:

  1. Deploy a Gateway Load balancer.
  2. Deploy Glasnostic as an NVA for GWLB
  3. Chain the GWLB to the existing standard load balancer frontend IP address.

Prerequisites

To use Azure GWLB, you need one or more applications deployed in Azure that are fronted by a load balancer that manages the application’s public IP address.

Provision a GWLB

Create the GWLB.

az network lb create \
--resource-group myGatewayLoadBalancerGroup \
--name myGatewayLoadBalancer \
--sku Gateway \
--vnet-name myGatewayLoadBalancerVNET \
--subnet myGatewayLoadBalancerSubnet \
--frontend-ip-name myGatewayLoadBalancerFrontendIPName \
--backend-pool-name myGatewayLoadBalancerBackendPool

Configure the tunnel interfaces to its backend pool.

az network lb address-pool tunnel-interface add \
--resource-group myGatewayLoadBalancerGroup \
--lb-name myGatewayLoadBalancer \
--address-pool myGatewayLoadBalancerBackendPool \
--type external --protocol vxlan --identifier 801 --port 2000
az network lb address-pool tunnel-interface update \
--resource-group myGatewayLoadBalancerGroup \
--lb-name myGatewayLoadBalancer \
--address-pool myGatewayLoadBalancerBackendPool \
--type internal --protocol vxlan --identifier 800 --port 2001

Configure a health probe for the backend NVAs.

az network lb probe create \
--resource-group myGatewayLoadBalancerGroup \
--lb-name myGatewayLoadBalancer \
--name myGatewayLoadBalancerHealthProbe \
--protocol tcp \
--port 80
az network lb rule create \
--resource-group myGatewayLoadBalancerGroup \
--lb-name myGatewayLoadBalancer \
--name myHTTPRule \
--protocol all \
--backend-port 0 \
--frontend-ip-name myGatewayLoadBalancerFrontendIPName \
--backend-pool-name myGatewayLoadBalancerBackendPool \
--probe-name myGatewayLoadBalancerHealthProbe \
--disable-outbound-snat true

Use Glasnostic as an NVA for GWLB

Create two network interfaces

az network nic create \
--resource-group myGatewayLoadBalancerGroup \
--name glasnostic-control-nic \
--vnet-name myGatewayLoadBalancerVNET \
--subnet myGatewayLoadBalancerSubnet \
--network-security-group myGatewayLoadBalancerNSG
az network nic create \
--resource-group myGatewayLoadBalancerGroup \
--name glasnostic-data-nic \
--vnet-name myGatewayLoadBalancerVNET \
--subnet myGatewayLoadBalancerSubnet \
--network-security-group myGatewayLoadBalancerNSG

Create a Glasnostic VM with the two interfaces.

az vm create \
--resource-group myGatewayLoadBalancerGroup \
--name GlasnosticAppliance \
--image glasnostic-router \
--authentication-type ssh \
--admin-username glasnostic \
--ssh-key-value ~/.ssh/id_rsa.pub \
--size Standard_D4s_v3 \
--nics glasnostic-control-nic glasnostic-data-nic

Add the Glasnostic VM as an appliance to the GWLB backend pool.

az network nic ip-config address-pool add \
--resource-group myGatewayLoadBalancerGroup \
--lb-name myGatewayLoadBalancer \
--address-pool myGatewayLoadBalancerBackendPool \
--ip-config-name ipconfig1 \
--nic-name glasnostic-data-nic

Chain the existing standard load balancer frontend to GWLB

Find the GWLB Frontend IP.

MY_GATEWAY_LOAD_BALANCER_FRONTEND=$(az network lb show --resource-group myGatewayLoadBalancerGroup --name myGatewayLoadBalancer | jq .frontendIpConfigurations[0].id)

Chain the GWLB Frontend IP to the existing standard load balancer.

az network lb frontend-ip update \
--resource-group myLoadBalancerGroup \
--lb-name myLoadBalancer \
--name myLoadBalancerFrontendIPName \
--public-ip-address myLoadBalancerFrontendIP \
--gateway-lb $MY_GATEWAY_LOAD_BALANCER_FRONTEND

Verify the result

If your application(s) receive traffic and you have already set up an environment for the NVA (see Creating an Environment ), then log in to the Glasnostic Console. Select your environment and you should see a detailed service map of your application landscape.