Share via

How can I preserve or use the Azure Internal Load Balancer frontend IP for outbound or return traffic from its backend VMs ?

$@chin 325 Reputation points
2025-11-30T18:54:51.7866667+00:00

My network path looks like this:

On-prem ➜ Azure Secure Hub (vWAN + Azure Firewall) ➜ Internal Load Balancer ➜ Azure VMs

Is it possible for the backend VMs’ return traffic to use the ILB frontend IP instead of their individual NIC IPs? If yes, how? If not, what is the correct approach?

can i use Floating IP (DSR) ?

If I enable Floating IP (DSR) on an Internal Load Balancer, will all traffic from the backend VMs automatically pass through the ILB ?

Or is only the traffic for the specific ports defined in the ILB rules affected ?

For example, if I configure ILB rules for ports 33008 and 80 with Floating IP enabled, will outbound traffic on a different port (such as 28001) also flow through the ILB, or will it bypass the load balancer ?

is it feasible ?

Azure Load Balancer
Azure Load Balancer
An Azure service that delivers high availability and network performance to applications.
0 comments
Answer accepted by question author
  1. Praveen Bandaru 9,250 Reputation points Microsoft External Staff Moderator
    2025-12-01T06:02:50.9466667+00:00

    Hello $@chin

    The backend VMs can have their return traffic use the Azure Internal Load Balancer (ILB) frontend IP instead of their own NIC IPs by enabling the Floating IP setting. This setup lets the load balancer send return traffic to clients using the frontend IP address, not the individual VM’s IP.

    To implement this, turn on the Floating IP option in the load balancing rule for the ILB.

    Also, make sure the backend VMs are set up correctly, including having the necessary firewall rules to allow traffic on the required ports.

    For example, if load balancing rules are configured for ports like 33008 and 80, outbound traffic on those ports will go through the ILB. Traffic on other ports, such as 28001, will bypass the ILB unless outbound rules cover them.

    Verify that backend VM traffic uses the ILB for the specified ports, while traffic on other ports may not. For environments with multiple ports, check that ILB rules are set up properly for effective traffic management.

    Hope the above answer helps!

    Please let us know do you have any further queries. Please do not forget to “up-vote” wherever the information provided helps you, this can be beneficial to other community members. 

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2025-11-30T18:55:00.8+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    Yes, it is possible for the backend VMs’ return traffic to use the Azure Internal Load Balancer (ILB) frontend IP instead of their individual NIC IPs by utilizing the Floating IP configuration. This configuration allows the load balancer to send return traffic back to the client using the frontend IP address rather than the individual VM's IP address.

    To achieve this, you need to enable the Floating IP configuration on the load balancing rule associated with the ILB. This configuration is often referred to as Direct Server Return (DSR), which allows the return traffic from the backend VMs to appear as if it is coming from the ILB frontend IP.

    Additionally, ensure that the backend VMs are properly configured to handle this setup, including any necessary firewall rules to allow traffic on the required ports.

    For detailed steps on configuring Floating IP and any specific requirements for your VMs, refer to the Azure documentation on Floating IP configuration.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.