How to configure Azure Websites to communicate with Azure WebRole on Internal Load Balancer Endpoint


I recently worked on configuring Azure Websites to communicate with Azure Web Role on Internal Load Balancer(ILB) Endpoint. The requirement was that the Azure WebRole should not have an external endpoint.

There are 3 things to configure:

1. Configure Azure Websites Virtual Network . If you plan to first create Virtual Network, make sure to have a Dynamic routing gateway and to have Point to Site enabled.

2.  Configure  Internal Load Balancer in the Azure WebRole. (Review the section Internal Load Balancing (ILB) in the referenced article). The changes are to Azure Web Role cscfg and csdef files.

3. Configure the Web Role to connect to Virtual Network  

4. Get the IP address of the Internal Load Balancer (ILB) using Powershell: Get-AzureDeployment -ServiceName websitetowebroleilbvnet2 | Get-AzureInternalLoadBalancer

5. The final config(cscfg) file for the Web Role will look like:

 <VirtualNetworkSite name="VNET NAME" />

    <AddressAssignments>

      <InstanceAddress roleName="WebRole1">

        <Subnets>

          <Subnet name="Subnet-1"/>

        </Subnets>

      </InstanceAddress>

    </AddressAssignments>   

    <LoadBalancers>

      <LoadBalancer name="FaridaLB">

        <FrontendIPConfiguration type="private" subnet="Subnet-1" />

      </LoadBalancer>

    </LoadBalancers>

   </NetworkConfiguration>

 

6. In the WebRole definition file, reference the load balancer

CSDEF:

<Endpoints>

      <InputEndpoint name="Endpoint1" protocol="http" port="80" loadBalancer="FaridaLB" />

    </Endpoints>

 

Comments (1)

  1. Simone says:

    Hi, I try a similar solution but the ILB is between two web roles and not between a website and a web role BUT trying to deploy this configuration I receive an error like (immedialty after uploading the package) saying "The specified configuration settings for Settings are invalid. Verify that the service configuration file is a valid XML file, and that role instance counts are specified as positive integers.  Http Status Code: BadRequest  OperationId: 874024071e88327f8cb73c16f15f3ac2".

    this is my configuration:

    from cscfg:

    <NetworkConfiguration>

    <VirtualNetworkSite name="WE" />

    <AddressAssignments>

     <InstanceAddress roleName="Role1">

      <Subnets>

       <Subnet name="WE_WWW" />

      </Subnets>

     </InstanceAddress>

     <InstanceAddress roleName="Role">

      <Subnets>

       <Subnet name="WE_SERVICE" />

      </Subnets>

     </InstanceAddress>

    </AddressAssignments>

    <LoadBalancers>

     <LoadBalancer name="WEB_ILB">

      <FrontendIPConfiguration type="private" subnet="WE_WWW" staticVirtualNetworkIPAddress="192.168.1.5" />

     </LoadBalancer>

     <LoadBalancer name="API_ILB">

      <FrontendIPConfiguration type="private" subnet="WE_SERVICE" staticVirtualNetworkIPAddress="192.168.2.5" />

     </LoadBalancer>

    </LoadBalancers>

    </NetworkConfiguration>

    from csdef:

    <WebRole name="Role1" vmsize="Small">

    <Sites>

     <Site name="Web">

      <Bindings>

       <Binding name="httpIn" endpointName="httpIn" />

       <Binding name="httpsIn" endpointName="httpsIn" />

      </Bindings>

     </Site>

    </Sites>

    <Endpoints>

     <InputEndpoint name="httpIn" protocol="http" port="80" loadBalancer="WEBILB" />

     <InputEndpoint name="httpsIn" protocol="https" port="443" certificate="Valuta" />

    </Endpoints>

    <Imports>

     <Import moduleName="Diagnostics" />

     <Import moduleName="RemoteAccess" />

     <Import moduleName="RemoteForwarder" />

    </Imports>

    <Certificates>

     <Certificate name="Valuta" storeLocation="LocalMachine" storeName="CA" />

    </Certificates>

    </WebRole>

    <WebRole name="Role2" vmsize="Small">

    <Sites>

     <Site name="Web">

      <Bindings>

       <Binding name="httpIn" endpointName="httpIn" />

      </Bindings>

     </Site>

    </Sites>

    <Endpoints>

     <InputEndpoint name="httpIn" protocol="http" port="8080" loadBalancer="APIILB" />

    </Endpoints>

    <Imports>

     <Import moduleName="Diagnostics" />

     <Import moduleName="RemoteAccess" />

    </Imports>

    </WebRole>

    Of course the VNET is wokign and well configured, can you help me?

Skip to main content