Understanding Azure Application Gateway Basics

Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. It provides Layer 7 load balancing capabilities and allows you to route traffic based on different request attributes such as the URL path or host headers. This makes it a powerful tool for distributing application traffic and enhancing application availability and scalability.

What is Application Gateway?

Application Gateway acts as a reverse proxy, receiving incoming HTTP(S) requests and distributing them to backend pools of servers. It offers features like:

  • Layer 7 Load Balancing: Directs traffic based on application-level information.
  • SSL/TLS Termination: Decrypts SSL/TLS traffic at the gateway, offloading this task from your backend servers.
  • Cookie-based Session Affinity: Ensures that requests from a specific client are always directed to the same backend server.
  • Web Application Firewall (WAF): Protects your web applications from common web vulnerabilities.
  • URL-based Content Routing: Routes requests to different backend pools based on the URL path (e.g., /images/* to image servers, /api/* to API servers).
  • Host-based Routing: Routes requests to different backend pools based on the host header in the request (e.g., blog.example.com and shop.example.com).

Key Components of Application Gateway

An Application Gateway instance consists of several core components:

  • Frontend IP Configuration: The IP address(es) clients use to connect to the gateway. This can be public, private, or both.
  • Listener: A combination of frontend IP, port, and protocol (HTTP or HTTPS) that listens for incoming requests.
  • Backend Pool: A group of backend servers that will receive traffic from the Application Gateway. These can be virtual machines, virtual machine scale sets, or app services.
  • HTTP Settings: Define how Application Gateway forwards requests to the backend pool, including port, protocol, and cookie-based affinity.
  • Routing Rules: Link listeners to backend pools and HTTP settings, defining how requests are routed.

Application Gateway Architecture Overview

Diagram showing Azure Application Gateway architecture

A simplified representation of how Application Gateway handles incoming traffic.

Use Cases

Application Gateway is ideal for scenarios such as:

  • Load balancing traffic across multiple instances of a web application.
  • Providing SSL/TLS termination for your web applications.
  • Implementing URL-based routing for microservices or segmented applications.
  • Protecting your web applications with a WAF.
  • Enabling autoscaling for your web applications.

Getting Started

To get started with Azure Application Gateway, you typically follow these steps:

  1. Create an Application Gateway instance in the Azure portal, Azure CLI, or PowerShell.
  2. Configure frontend IP addresses (public or private).
  3. Define listeners for your web applications (e.g., HTTP on port 80, HTTPS on port 443).
  4. Set up backend pools containing your web servers or application services.
  5. Configure HTTP settings to define how traffic is forwarded.
  6. Create routing rules to connect listeners to backend pools and HTTP settings.
  7. If using HTTPS, configure SSL certificates for your listeners.

For detailed configuration guides, please refer to the Configuration section.

Example of a Simple Routing Rule

Consider a rule that forwards all HTTP traffic on port 80 to a backend pool named myWebAppPool using HTTP settings named httpSettingsDefault.


// Conceptual representation of a routing rule
{
  "name": "BasicRule",
  "listener": {
    "frontendIP": "publicIPAddress",
    "port": 80,
    "protocol": "Http"
  },
  "backendPool": "myWebAppPool",
  "httpSettings": "httpSettingsDefault"
}

Application Gateway is a versatile service that plays a crucial role in modern cloud application architectures on Azure, providing enhanced security, reliability, and performance for your web applications.