AzureAzure Load BalancerNetworking

`azurerm_lb` cost estimation

Layer-4 (TCP/UDP) load balancer. Standard SKU at $0.025/hour + $0.005 per processed GB. Basic SKU is free but deprecated for production (retiring 2025). Outbound rules and inbound NAT count toward the rule limit.

Azure Load Balancer is the layer-4 (TCP/UDP) load balancing service. The azurerm_lb resource defines the LB; rules, probes, and pools are separate resources. Pricing depends on SKU.

Basic SKU: Free. Deprecated. Retiring September 2025. New deployments should use Standard.

Standard SKU pricing: - $0.025/hour per LB ($18.25/month for an LB running 24/7) - $0.005 per GB of data processed - First 5 rules included; $0.01/rule-hour beyond that (rules include load balancing rules, outbound rules, and inbound NAT rules)

A typical production LB with 10 rules and 1 TB/month processed: - LB hours: $18.25 - Rules above 5: 5 × $0.01 × 730 = $36.50 - Data processed: 1000 GB × $0.005 = $5 - Total: $59.75/month

Standard LB Gateway SKU (newer): adds layer-7 inspection. $0.36/hour base + $0.008/capacity-unit-hour. Closer to Application Gateway in capability but at Layer-4 simplicity.

Common gotchas: - Outbound traffic from VMs behind a Standard LB without outbound rules silently uses Azure's default outbound (deprecating). Configure explicit outbound rules. - Each outbound rule with 'allocated outbound ports' consumes a rule slot. - Cross-region load balancing requires Traffic Manager or Front Door, separately billed.

c3x estimates Azure LB based on sku, sku_tier, expected rule count, and (via c3x-usage.yml) data processed volume.

Terraform example

A minimal but realistic configuration that C3X can estimate.

resource "azurerm_lb" "main" {
  name                = "prod-lb"
  resource_group_name = azurerm_resource_group.main.name
  location            = azurerm_resource_group.main.location
  sku                 = "Standard"

  frontend_ip_configuration {
    name                 = "PublicIP"
    public_ip_address_id = azurerm_public_ip.lb.id
  }
}

resource "azurerm_lb_backend_address_pool" "main" {
  loadbalancer_id = azurerm_lb.main.id
  name            = "BackendPool"
}

resource "azurerm_lb_rule" "http" {
  loadbalancer_id                = azurerm_lb.main.id
  name                           = "HTTPRule"
  protocol                       = "Tcp"
  frontend_port                  = 80
  backend_port                   = 80
  frontend_ip_configuration_name = "PublicIP"
  backend_address_pool_ids       = [azurerm_lb_backend_address_pool.main.id]
}

Pricing dimensions

What you actually pay for when you provision azurerm_lb.

Dimension	Unit	What's being charged
Load balancer hours	per hour	Hourly cost of the Standard SKU load balancer. Basic SKU is free but retiring. $0.025/hour Standard, $0.36/hour Gateway
Rules beyond 5	per rule-hour	Each LB rule, outbound rule, or inbound NAT rule beyond the first 5 included. $0.01/rule-hour
Data processed	per GB	Inbound + outbound data through the LB. Significant for high-throughput workloads. $0.005/GB
Public IP address	per hour	Public IP attached to the LB frontend. Billed separately as a Standard Public IP. $0.005/hour ($3.65/month)

Optimization tips

Common ways to reduce azurerm_lb cost without changing the workload.

Consolidate rules where possible

$7.30/month per consolidated rule

Each rule beyond 5 adds $0.01/hour ($7.30/month). Using port ranges instead of per-port rules can reduce count. Audit existing rules and remove any unused.

Use internal LBs without public IP

$3.65/month per IP

Internal LBs (no frontend public IP) skip the Public IP cost ($3.65/month per IP). For backend-to-backend traffic, use internal LB; reserve public LBs for actual ingress points.

Consider Application Gateway for HTTP

For pure HTTP/HTTPS workloads, Application Gateway has built-in WAF, TLS termination, URL routing. LB + separate WAF + separate TLS is often more expensive than AppGW. Compare based on rule complexity.

Migrate off Basic before September 2025

Basic SKU is retiring. Free now, but unsupported soon. Migrate to Standard for ongoing support, zone-redundancy, and better SLA. Plan capacity (Standard costs $18.25/month base) before migration.

FAQ

Is Standard LB really worth the cost over Basic?

Basic is retiring September 2025, so the choice is being forced. Standard provides 99.99% SLA (vs 99.95% Basic), zone-redundant frontend IPs, and supports up to 1000 backend instances (vs 300 Basic). For new deployments, only use Standard.

What counts as a 'rule' for billing?

Load balancing rules (TCP/UDP forwarding), outbound rules (egress NAT), and inbound NAT rules (per-port port-forwarding). Health probes don't count. The first 5 rules across all types are included; beyond 5, each rule bills $0.01/hour.

Does the LB charge for traffic between VMs in the same vnet?

Internal LB traffic within a vnet doesn't incur LB data processing fees beyond the $0.005/GB rate. Cross-region traffic via the LB does incur this rate plus inter-region transfer.

How does pricing compare to Azure Application Gateway?

LB is cheaper per-hour but limited to L4 (TCP/UDP). Application Gateway is L7 (HTTP/HTTPS) with WAF, TLS, routing, etc. AppGW starts at ~$0.10/hour. For HTTP workloads needing L7 features, AppGW is often more cost-effective than LB+separate WAF.