Share via

ACI not supported by Azure Load Balancer in the backend Pool

Kasyap Velavarthipati 55 Reputation points
2025-07-28T09:12:42.81+00:00

Can someone provide me the official confirmation whether Azure Standard Load Balancer supports HTTP path-based health probes to backend Azure Container Instances attached by IP, given that ACI uses managed NAT. Health probes fail despite the container responding correctly to direct HTTP calls.

Backend Pool Configuration -

IP - Azure Container Instance Private IP

Load Balancer Rule Configuration -

Front End IP Address - PrivateIP

Port - 6000

Backend Port - 6000

Protocol - TCP

Idle Timeout - 4min (Default)

Session Persistence - No (Default)

Health Probe Configuration -

Protocol - TCP

Port - 5180

Interval - 5sec (Default)

Even Tried by changing the Health Probe configuration to HTTP probe by giving the health check endpoint path, even after that the request is not being redirected to Azure Container Instance in the backendPool. Can someone please guide me if I am missing something here?

Azure Load Balancer
Azure Load Balancer
An Azure service that delivers high availability and network performance to applications.
Accepted answer
  1. Suwarna S Kale 3,951 Reputation points
    2025-07-29T02:03:54.93+00:00

    Hello Kasyap Velavarthipati,

    Thank you for posting your question in the Microsoft Q&A forum. 

    Azure Standard Load Balancer (SLB) does not support HTTP path-based health probes when the backend pool consists of Azure Container Instances (ACI) attached by private IP. This is due to ACI’s use of managed NAT, which prevents the SLB’s HTTP probe from reaching the container’s health endpoint directly. 

    There can be some key Reasons for Health Probe Failures you need to verify: 

    1. Managed NAT in ACI: ACI uses NAT for inbound traffic, which interferes with the SLB’s ability to perform HTTP health checks. 
    2. TCP Probes Work, HTTP Probes Fail: While TCP probes (port checks) may succeed, HTTP probes fail because the SLB cannot route the probe request to the correct container path. 
    3. No Direct IP-to-Container Mapping: The SLB sends probes to the ACI’s private IP, but ACI’s NAT does not forward HTTP probes to the container’s internal endpoint. 

    Some recommendations to resolve as below: 

    • Use TCP Health Probes (instead of HTTP) if a simple port check is sufficient. 
    • Deploy an Intermediate Service (e.g., API Management, Application Gateway)
    • Azure Application Gateway supports path-based routing and HTTP health probes with ACI. 
    • Azure API Management can also route traffic while performing health checks. 
    • Consider Azure Kubernetes Service (AKS): If dynamic scaling is needed, AKS integrates better with SLB’s HTTP probes. 

    If the above answer helped, please do not forget to "Accept Answer" as this may help other community members to refer the info if facing a similar issue. Your contribution to the Microsoft Q&A community is highly appreciated. 

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.