Apr 18 2024 01:57 AM
Hello,
I'd appreciate help with setting up Azure Load Balancer with one FreeBSD VM in the backend pool for authoritative DNS.
I'm using dedicated VNET called VNET-PRIVATE-DMZ which is peered with Azure Local Network Gateway so I can access Azure resources via IPSec tunnel. The default gateway for VNET-PRIVATE-DMZ is the VPN gateway -- everything is working fine and I can access FreeBSD VM from on-premise.
The FreeBSD box has NSD installed, it's up and running and I can query it from the on-premise network. The Network Security Group assigned to the interface has a rule allowing 53/TCP from any.
$ ifconfig
hn0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
options=7eef07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWFILTER,NV,VLAN_HWTSO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,HWRXTSTMP,MEXTPG,TXTLS4,TXTLS6,VXLAN_HWCSUM,VXLAN_HWTSO>
ether 00:22:48:ca:4d:69
inet 10.94.0.6 netmask 0xfffffe00 broadcast 10.94.1.255
media: Ethernet 100GBase-CR4 <full-duplex,rxpause,txpause>
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
$ sockstat -4 | grep 53
nsd nsd 801 6 udp4 *:53 *:*
nsd nsd 801 7 tcp4 *:53 *:*
The Azure NLB has a public IP assigned in the Frontend configuration and the backend pool consists of my FreeBSD VM. There is one health probe configured over 53/TCP, and one load balancing rule for the same 53/TCP.
The issue is that I can't seem to access 53/TCP over frontend public IP. I run tcpdump on FreeBSD box and I see nothing coming. It's almost like the Load Balancer doesn't know how to reach FreeBSD, but the health probe is all green.
Any tips would be greatly appreciated.
Apr 21 2024 06:23 AM
Apr 22 2024 03:21 PM