Configure Backend Pools

Backend pools are a fundamental component of Azure Application Gateway. They define the group of servers that Application Gateway forwards incoming traffic to. This document guides you through understanding and configuring backend pools for your Application Gateway deployment.

Note: A backend pool can consist of virtual machine scale sets, virtual machines, app services, or any other internet-facing or internal IP addresses and FQDNs.

What are Backend Pools?

A backend pool is a collection of resources, such as virtual machines or application gateways, that Application Gateway routes traffic to. When Application Gateway receives a request, it uses the configured routing rules to select a backend pool and then forwards the request to one of the healthy targets within that pool.

Key aspects of backend pools:

Targets: The actual servers or services that will process the requests.
Load Balancing: Application Gateway distributes traffic across the targets in a backend pool using round-robin by default.
Health Probes: Application Gateway continuously monitors the health of targets within a backend pool to ensure traffic is only sent to healthy instances.

Creating Backend Pools

Using the Azure Portal

Navigate to your Application Gateway instance in the Azure portal.
In the left-hand menu, under Settings, select Backend pools.
Click Add to create a new backend pool.
Provide a name for your backend pool.
For Target type, choose the type of backend you are configuring (e.g., IP addresses, Virtual Machines, App Services).
Add the IP addresses, FQDNs, or select the resources that will serve as your backend targets.
Configure associated health probes (or use the default if applicable).
Click Add to save the backend pool.

Using Azure PowerShell

You can use the Add-AzApplicationGatewayBackendAddressPool cmdlet to create backend pools.


$gateway = Get-AzApplicationGateway -Name "myAppGateway" -ResourceGroupName "myResourceGroup"
$nic = Get-AzNetworkInterface -Name "myVMNic" -ResourceGroupName "myResourceGroup"
$vm = Get-AzVM -Name "myVM" -ResourceGroupName "myResourceGroup"
$frontendIP = Get-AzApplicationGatewayFrontendIPConfig -ApplicationGateway $gateway -Name "myFrontendIP"

# Example: Add a backend pool with IP addresses
Add-AzApplicationGatewayBackendAddressPool -ApplicationGateway $gateway -Name "myBackendPool" -BackendIPAddresses "10.0.0.4","10.0.0.5"

# Example: Add a backend pool with a Virtual Machine
Add-AzApplicationGatewayBackendAddressPool -ApplicationGateway $gateway -Name "myVMBackendPool" -BackendFqdns $vm.GetNetworkInterfaceIDs()[$vm.PrimaryNetworkInterface.Id].IpConfigurations[0].PrivateIPAddress

Set-AzApplicationGateway -ApplicationGateway $gateway

Using Azure CLI

Use the az network application-gateway backend-pool create command.


az network application-gateway backend-pool create \
    --resource-group myResourceGroup \
    --gateway-name myAppGateway \
    --name myBackendPool \
    --backend-addresses "10.0.0.4" "10.0.0.5"

Tip: For App Services, it's recommended to use FQDNs for backend targets.

Managing Backend Pools

Once created, you can manage your backend pools to add or remove targets, update configurations, or delete the pool altogether.

Adding or Removing Targets

You can modify existing backend pools through the Azure portal, PowerShell, or CLI. For example, to add a new IP address to an existing backend pool:


$gateway = Get-AzApplicationGateway -Name "myAppGateway" -ResourceGroupName "myResourceGroup"
$backendPool = Get-AzApplicationGatewayBackendAddressPool -ApplicationGateway $gateway -Name "myBackendPool"

$backendPool.BackendAddresses.Add("10.0.0.6")
Set-AzApplicationGateway -ApplicationGateway $gateway

Deleting a Backend Pool

You can delete a backend pool if it's no longer needed. Ensure that no routing rules are pointing to the pool before deleting.


Remove-AzApplicationGatewayBackendAddressPool -ApplicationGateway $gateway -Name "myBackendPool"
Set-AzApplicationGateway -ApplicationGateway $gateway

Important: Deleting a backend pool that is in use by a routing rule will result in errors. Remove the association from the routing rule first.

Backend Health

Application Gateway provides detailed insights into the health of your backend targets. This is crucial for ensuring high availability and performance.

You can view backend health in the Azure portal by navigating to your Application Gateway, then selecting Backend health under Monitoring.

Azure Application Gateway Backend Health Overview

Example of Azure Application Gateway Backend Health View.

The backend health view shows:

The status of each backend pool.
The status of individual backend targets within each pool (Healthy, Unhealthy, Unknown).
Details about any health probe failures.

Understanding and troubleshooting backend health issues is vital for maintaining a robust application delivery system.