Share via

Azure Load Balancer Set traffic priority for VM1

Syed Tahir | Hosting Controller 5 Reputation points
2025-06-03T10:20:27.7633333+00:00

We have two Windows VMs running in same region with private IPs. These VMs running a web application one front-end (Port 443) and another back-end (Port 8080) having multiple clients.

We have configured Azure Load Balancer with public IP and configure the pool and rules etc for above web application ports.

The problem occur because Azure LB resolved one application from VM1 and another web application from VM2. We want that both web applications should be accessed from VM1 or VM2. Why we can not set priority in the condition in Load balancer setting. This is a very basic requirement which is missing in Azure :(

Azure Traffic Manager is not suitable for us because we have both VMs in same region so please do not suggest it.

Kindly propose a suitable workaround. Thank you

Azure Load Balancer
Azure Load Balancer
An Azure service that delivers high availability and network performance to applications.
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marcin Policht 53,675 Reputation points MVP Volunteer Moderator
    2025-06-03T11:25:21.03+00:00

    You're correct — Azure Load Balancer (Standard or Basic) distributes traffic using a hash-based distribution algorithm and does not support affinity between ports or custom priority settings, which is why your scenario — ensuring both front-end (443) and back-end (8080) connections go to the same VM — fails. This limitation can break stateful or tightly-coupled front-end/back-end setups hosted across ports.

    Option 1: Use Application Gateway with URL Path or host-based routing

    Use Azure Application Gateway instead of Azure Load Balancer

    • Supports Layer 7 routing logic.
    • You can route based on hostname, path, or port.
    • Has support for cookie-based session affinity (sticky sessions).
    • Can also use custom health probes.

    Implementation:

    • Use App Gateway with a single listener on port 443.
    • Add both VMs to the same backend pool.
    • Route requests based on URL path:
      • /api/* → port 8080 on the same VM
      • Everything else → port 443

    Even better if your front-end app can route to back-end via relative path (e.g., /api) instead of using different ports.

    Option 2: Reverse Proxy on Each VM (e.g., Nginx/IIS/Apache)

    Set up a reverse proxy like Nginx or IIS on each VM to expose only port 443, and internally route to port 8080 on localhost. This simplifies client access.

    1. VM1 and VM2 accept 443 (frontend) and forwards /api to localhost:8080.
    2. Load balancer now only needs to forward 443, with session affinity (source IP) enabled to ensure same VM is used for all requests.

    This leaves Azure LB handling 443 only and you ensure front-end + back-end logic per VM internally.

    Option 3: Use Load Balancer with Source IP Affinity

    Enable "Client IP" session persistence in your load balancing rules. While it does not guarantee port affinity across multiple rules, it increases the likelihood that a client will hit the same backend for 443 and 8080 (because both rules hash from client IP). Note this is not 100% reliable — so it's not recommended if app is sensitive to split-backend behavior.

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

    0 comments
  2. VIVEK DWIVEDI 185 Reputation points Microsoft Employee
    2025-06-03T13:53:14.1533333+00:00

    Hi @Marcin Policht,

    Could you please confirm below information.
    You have an LB with A Frontend IP and a backend pool with 2 VM (running on port 8080).
    Both are running same or different application?
    User's image

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.