Core Concepts of Azure Application Gateway

Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. It offers various Layer 7 load balancing features. Understanding these core concepts is crucial for effectively configuring and managing your Application Gateway.

What is Application Gateway?

Application Gateway provides Layer 7 (HTTP/S) load balancing, unlike Layer 4 load balancers that operate at the transport layer. This allows for more sophisticated traffic management based on request attributes such as the URL path, hostname, and HTTP headers.

Key Components and Features

Frontend IP Configuration

This is the IP address (public or private) that clients connect to when accessing your application. You can have a single frontend IP or multiple IPs.

Listeners

A listener is a combination of a frontend IP address, port, and protocol (HTTP or HTTPS). It listens for incoming traffic. You configure rules to determine how traffic is routed based on the listener.

Backend Pools

A backend pool contains the servers or virtual machines that host your web applications. Application Gateway distributes incoming traffic to the healthy members of the backend pool.

HTTP Settings (Backend Settings)

HTTP settings define how Application Gateway forwards requests to the backend pool. This includes parameters like the backend port, protocol (HTTP or HTTPS), cookie-based affinity, connection draining, and host name settings.

Rules

Rules define the logic for routing requests. There are two types of rules:

Basic: Simple host-based routing.
Path-based: Routes requests based on URL paths to different backend pools.

Health Probes

Application Gateway uses health probes to monitor the health of backend servers. If a server is unhealthy, Application Gateway stops sending traffic to it. You can configure custom health probes to check specific endpoints and expected responses.

SSL Termination and End-to-End SSL Encryption

Application Gateway can terminate SSL/TLS connections at the gateway, offloading the encryption/decryption burden from your backend servers. It also supports end-to-end SSL encryption, ensuring that traffic remains encrypted all the way from the client to the backend server.

Web Application Firewall (WAF)

The integrated WAF feature protects your web applications from common web vulnerabilities and exploits, such as SQL injection and cross-site scripting (XSS).

Redirection

You can configure redirection rules to redirect HTTP requests to HTTPS or to a different URL. This is useful for enforcing secure connections.

URL Rewrite

URL rewrite allows you to modify the URL of incoming requests before they are forwarded to the backend. This can be used for various purposes, such as mapping different URL structures to a common backend endpoint.

Session Affinity (Sticky Sessions)

Cookie-based session affinity ensures that requests from a particular client are always sent to the same backend server. This is important for applications that maintain session state on individual servers.

Note: Understanding the interplay between listeners, rules, backend pools, and HTTP settings is key to designing a robust and scalable application delivery solution with Application Gateway.

← Previous: Overview Next: Architecture →