Share via

Upgrading Basic Loadbalancers with VMs with and without PIP

Mario Linge 0 Reputation points
2025-09-24T23:30:39.8533333+00:00

Until end of September, we got the direction to upgrade from basic to standard load balancer. However, when I do the test with a validation, it always says that it cannot create outbound rules when some of the VMs don't have a public IP.

What are the principles when something like this doesn't work, and what is the way out of it? To my research, I was supposed to create a NAT gateway, but also this didn't work because it wouldn't take the subnet used by the VMs.

So, how can we unstuck the situation?

Azure Load Balancer
Azure Load Balancer
An Azure service that delivers high availability and network performance to applications.
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Priya ranjan Jena 2,295 Reputation points Microsoft External Staff Moderator
    2025-09-25T06:31:34.23+00:00

    Hi Mario Linge,

    Thank you for reaching out to the Microsoft Q&A forum

    We understand the problem that you are not able to validate the standard load balancer test, it cannot create outbound rules when some of the VMs don't have a public IP.

    Because when converting to a Standard Load Balancer, all backend pool members need to have outbound rules set up, especially if any of them lack Public IPs. Standard Load Balancers require outbound connectivity to be explicitly defined, and when you have VMs without Public IPs, it creates complications

    If your VMs don’t have public IPs, Azure cannot perform SNAT (Source Network Address Translation) via outbound rules.

    NAT Gateway Consideration: It's important to note that NAT Gateways require that the attached subnet has no basic SKU network resources. If you still have Basic Load Balancers or basic Public IPs tied to that subnet, the NAT Gateway won’t be able to operate correctly.

    All Public IPs associated with a Load Balancer must be of the same SKU. This means if you have mixed SKUs (Basic and Standard), you'll need to unify them before moving forward with the upgrade. Moreover, Standard Load Balancers block outbound traffic by default, so specific outbound rules must be created, or you can use NAT Gateway as an alternative approach once you've migrated away from Basic resources.

    So you can try some of the below fixes including NAT gateway

    • Convert All Public IPs: Ensure that all Public IPs associated with your backend VMs are converted to Standard SKU and that their allocation is set to static.
    • Create Outbound Rules: After confirming the Public IP configurations, you can create outbound rules for the Standard Load Balancer.
    • Remove Basic Resources: You may need to clear out any remaining Basic resources before you can successfully implement a NAT Gateway.

    Please find the reference link for NAT gateway troubleshooting:

    https://docs.azure.cn/en-us/nat-gateway/troubleshoot-nat

    If you find this comment helpful, please “up-vote” for the information provided , this can be beneficial to community members.

    Kindly let us know if you have any additional questions.

    Thanks

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.