Azure Application Gateway

Azure Application Gateway

We have 4 Load Balancers in Azure Load Balancers family and all are Software appliances. Because in azure we don’t have any hardware appliances till we come to the actual Azure Hybrid cloud.

  1. Internal Load Balancer
  2. Public Load Balancer
  3. Application gateway
  4. Traffic Manager

What is Application gateway?

Application Gateway is type of load Balancer (web traffic). That enables you to manage traffic of your web application. In Azure Normal Load balancer operate at Transport Layer (OSI layer 4) using TCP and UDP protocol.  Application gateway operate at Application layer (OSI Layer 7) Load balancing. This is also called as Application Delivery Controller (ADC) as a Service. Application gateway is optimized for Hypertext Transfer Protocol ( HTTP , HTTP’s) workload.

Just FYI, there are total 7 OSI layers.

In this article we will discuss on core components of Azure Application gateway:

Above is simple diagram of Azure Application gateway to understand easily. 

SSL Offloading

SSL is Secure Socket Layer, whenever you send any message / data packets its in encrypted format (SSL).  Now next service / application to understand this data first it need to unencrypt (Decrypt) it. This process of encryption and unencryption cost lots if you want to do it externally with some tools or any other way. So to save this decryption / unencryption cost you can use Application Gateway.  

Backend pool

Backend pool is collection of actual services like virtual machine, VM scale sets, Public IP, FQDN etc. which is going to server actual request. You need to specify IP address of this VM or VMSS in backend pool list.

Custom Health Probe

Heath Probes are basically check health status of backend pool VM / VMSS instances. In Application Gateway Health Probe configuration and Health Probe status determines which instance will receive request. You can use health probe to detect failure of backend application. Its always request to IP address of health probe and expect some response. If it didn’t get any response then that instance will be taken out of rotation while passing request. 

Rules

Rules are basically defines what type of traffic need to be handle by application gateway. This rule determines what should be happen when application gateway get hits. Here we just configure for http and https protocol. You can also select IP version (IPV4 or IPV6).

Listeners

Listeners are where you are customizing frontend of Application Gateway for different types of web traffic. Its logical entity which add checks on Incoming requests by using Ports, Protocol , IP address , host , domain , subdomain. There are default listeners by choosing http / https protocols.  There are two types of listeners Basic and Multi-Site listeners.

Autoscaling

Under V2 SKU (Standard_V2 and WAF_v2 SKU) Application Gateway and Web Application Firewall (WAF) supports Autoscaling and Zone redundancy. In Autoscaling features SKU can be scale up or scale down based on traffic. Here user don’t need to set instance count or deployment size. This is true elasticity. In this SKU application gateway can be operated with both sides Autoscaling Enable or without Autoscaling.

Zone Redundancy

New V2 SKU (Standard_V2 and WAF_v2 SKU) Application Gateway and Web Application Firewall (WAF) supports Zone Redundancy. with this features Application gateway or WAF can be span multiple availability zones. You don’t need to deploy application gateway in different zones.

Static VIP

With Standard_v2 or WAF_v2 SKU Application Gateway supports static VIP type. This static VIP gives assurances that it will be same all over the lifetime of Application gateway. In case of dynamic its change every time. But in this case it will be same.

Multiple Site Hosting  

 This feature of Application Gateway to help you to host multiple web application with single Application gateway instance. With multiple site hosting each request will get redirect to its own backend pool.  For example, if you have configured Application gateway correctly its serving traffic for abcd.com and xyz.com from two server pools called abcdserverpool and xyzserverpool

So, if you configure App gateway correctly then, request for abcd.com will get redirect to abcdserverpool and request for xyz.com will get redirected to xyzserverpool.

Custom Error Pages

Application Gateway allows you to display or redirect to some custom error page instead of default error page. As you know in production it’s not good practice to show default error page to end user so Application gateway provides functionality to add custom error pages and messages as per requirement.

This is possible using rewriting HTTP headers with application gateway. It supports capability to remove , update or add HTTP response / request headers while request and response packets move between backend-pool and client.

URL Based Routing

This is very good functionality for routing your request as per URL contents. You can route your URL based on URL path you requested. For example your requested URL is http://myportal.com/payment/*   then it routed to student related server pool and http://myportal.com/product/* it routed . One of the scenarios is to route requests for different content types to different backend server pools.