Azure Application Gateway
Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. It provides features such as round-robin application delivery, cookie-based session affinity, URL path-based routing, host-based routing, and SSL termination.
Key Features
- Layer 7 Load Balancing: Operates at the application layer (HTTP/HTTPS), allowing for intelligent traffic distribution based on request attributes.
- SSL Termination: Offloads SSL/TLS decryption from your web servers, simplifying certificate management and reducing server load.
- Web Application Firewall (WAF): Protects your web applications from common web vulnerabilities and exploits, such as SQL injection and cross-site scripting (XSS).
- URL Path-Based Routing: Routes traffic to different backend pools based on the URL path requested by the client.
- Multiple Site Hosting: Allows you to host multiple web applications on the same instance of Application Gateway.
- Session Affinity: Ensures that requests from a particular client are consistently directed to the same backend server.
- Autoscaling: Automatically scales the capacity of Application Gateway to meet fluctuating traffic demands.
- Redirection: Supports HTTP to HTTPS redirection, as well as redirection to other URLs.
How it Works
Application Gateway acts as a reverse proxy. Incoming client requests are first received by the Application Gateway. Based on the configured rules, it then forwards the request to the appropriate backend server in the backend pool. The response from the backend server is sent back through the Application Gateway to the client.
Note: Application Gateway is a Layer 7 load balancer, whereas Azure Load Balancer is a Layer 4 load balancer. Choose the service that best fits your application's needs.
Common Use Cases
- Load balancing HTTP/HTTPS traffic to web servers.
- Providing SSL termination for web applications.
- Implementing URL-based routing for microservices architectures.
- Protecting web applications with a Web Application Firewall.
- Managing traffic for multiple websites on a single IP address.
Configuration Example (Basic)
Here's a simplified conceptual example of how you might configure Application Gateway rules for URL path-based routing:
# Example Azure CLI commands (conceptual)
# Create a public IP address
az network public-ip create --name myAppGatewayPublicIP --resource-group myResourceGroup --location westus --allocation-method Static
# Create a virtual network and subnet
az network vnet create --name myVNet --resource-group myResourceGroup --location westus --address-prefix 10.0.0.0/16
az network vnet subnet create --name myAppGatewaySubnet --resource-group myResourceGroup --vnet-name myVNet --address-prefix 10.0.0.0/24
# Create the Application Gateway
az network application-gateway create \
--name myAppGateway \
--resource-group myResourceGroup \
--location westus \
--sku Standard_v2 \
--public-ip-address myAppGatewayPublicIP \
--vnet-name myVNet \
--subnet myAppGatewaySubnet \
--frontend-port 80 \
--http-settings-cookie-based-affinity Enabled \
--private-ip-address 10.0.0.5
# Define backend pools (e.g., for /images/* and /api/*)
az network application-gateway backend-pool create \
--gateway-name myAppGateway \
--name imagesBackendPool \
--resource-group myResourceGroup \
--servers vm1.example.com vm2.example.com
az network application-gateway backend-pool create \
--gateway-name myAppGateway \
--name apiBackendPool \
--resource-group myResourceGroup \
--servers api1.example.com api2.example.com
# Define routing rules
az network application-gateway http-route create \
--gateway-name myAppGateway \
--name imagesRoute \
--resource-group myResourceGroup \
--frontend-port 80 \
--backend-pool imagesBackendPool \
--path "/images/*"
az network application-gateway http-route create \
--gateway-name myAppGateway \
--name apiRoute \
--resource-group myResourceGroup \
--frontend-port 80 \
--backend-pool apiBackendPool \
--path "/api/*"