Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. It supports Layer 7 load balancing (HTTP/S) and offers features like SSL termination, cookie-based session affinity, round-robin load distribution, and more. Understanding its core concepts is crucial for effective deployment and management.
This configuration defines the virtual IP address that Application Gateway uses to receive incoming traffic. It can be a public IP address for internet-facing applications or a private IP address for internal applications.
Application Gateway supports both public and private frontend IP configurations. You can have one or more public IP addresses, or one or more private IP addresses, or a combination of both.
These are the ports on the frontend IP configuration that Application Gateway listens on for incoming traffic. The most common ports are 80 (HTTP) and 443 (HTTPS).
A listener is a combination of a frontend IP address, port, and protocol that Application Gateway listens on. Each listener is associated with a specific rule and directs traffic to backend pools based on the request.
A backend pool is a set of virtual machines, virtual machine scale sets, virtual machine extensions, or on-premises servers that host your application. Application Gateway distributes incoming traffic to the servers in the backend pool.
HTTP settings define how Application Gateway forwards traffic to the backend pool. This includes details like the backend protocol (HTTP or HTTPS), port, and whether to use cookie-based session affinity or connection draining.
Rules combine listeners, backend pools, and HTTP settings to define how traffic is routed. There are two types of rules:
/images/* might go to one backend pool, while requests to /api/* go to another.Health probes are used to monitor the health of the backend servers. Application Gateway periodically sends probe requests to the backend servers and marks servers as unhealthy if they don't respond within a specified timeout or return an unhealthy status code. This ensures that traffic is only sent to healthy servers.
Application Gateway WAF provides centralized protection of your web applications from common exploits and vulnerabilities such as SQL injection, cross-site scripting, and other OWASP top 10 threats. It can be configured in detection or prevention mode.
Application Gateway can be configured to automatically scale its capacity based on incoming traffic. This ensures that your application remains responsive during peak loads and reduces costs during periods of low traffic.
When a backend server is being updated or removed, connection draining ensures that existing connections are not terminated abruptly. Application Gateway waits for these connections to complete before removing the server from the backend pool.
Application Gateway can be configured to provide end-to-end SSL encryption. In this scenario, Application Gateway decrypts the SSL traffic, performs inspection, and then re-encrypts the traffic before sending it to the backend servers. This requires proper SSL certificate configuration on the backend servers.
Consider an e-commerce application where:
/products are handled by a backend pool of product servers./cart are handled by a backend pool of cart management servers./api are handled by a backend pool of API services.Application Gateway's path-based routing rule allows you to direct each of these types of requests to the appropriate backend pool based on the URL path, effectively segmenting your application's backend infrastructure.
For more detailed configuration and deployment guides, please refer to the official Azure Application Gateway documentation.