Azure Application Gateway: Networking Configuration

Azure Application Gateway is a managed web traffic load balancer that enables you to manage traffic to your web applications. It allows you to route end-user traffic to specific backend resources.

Key Networking Concepts

1. Frontend IP Configuration

This defines the IP address(es) that Application Gateway will listen on for incoming traffic. You can configure it with a public IP address, a private IP address, or both.

• Public IP Address: Allows external clients to access your applications.
• Private IP Address: Enables internal clients within your virtual network to access applications.

2. Listener

A listener is a logical component that checks for incoming requests. It inspects requests based on the listener's IP address, port, and protocol. You must associate a listener with a frontend IP configuration.

• Protocol: Supports HTTP and HTTPS. For HTTPS, you'll need to configure SSL certificates.
• Port: Commonly 80 for HTTP and 443 for HTTPS.
• Host Name: Can be used for multi-site hosting, allowing a single Application Gateway to host multiple web applications.

3. Backend Pool

The backend pool contains the virtual machines, virtual machine scale sets, web apps, or any other Azure resource that hosts your application's services.

• You can add individual instances or groups of instances to a backend pool.
• Application Gateway distributes incoming traffic to these backend targets.

4. HTTP Settings

HTTP settings define how Application Gateway forwards requests to the backend targets. They include protocol, port, cookie-based affinity, connection draining, and health probe settings.

• Protocol: HTTP or HTTPS.
• Port: The port on the backend server that Application Gateway should connect to.
• Cookie-based Affinity: Enables sticky sessions, ensuring requests from the same client go to the same backend server.
• Connection Draining: Allows graceful shutdown of backend instances by completing existing requests before removing the instance from service.

5. Health Probes

Health probes are essential for monitoring the health of your backend servers. Application Gateway periodically probes the backend servers to determine their availability and health status.

• Probe Interval: How often to perform the probe.
• Timeout: How long to wait for a response.
• Unhealthy Threshold: The number of consecutive failed probes before marking a backend server as unhealthy.
• Protocol: HTTP or HTTPS.
• Host: The host header to use for the probe.
• Path: The URI path to probe.

Routing Rules

Routing rules tie together the listener, backend pool, and HTTP settings to define how requests are processed. Application Gateway supports two types of routing rules:

• Basic: Simple routing where all requests to a listener are forwarded to a single backend pool with specific HTTP settings.
• Multi-site: Allows you to host multiple web applications on a single Application Gateway instance, using host-based routing to direct traffic to the correct backend pool.

Example Configuration Snippet (Conceptual)

        <!-- This is a conceptual example, actual configuration is done via Azure portal, CLI, or ARM templates -->
        {
          "frontendIPConfigurations": [
            {
              "name": "publicFrontend",
              "properties": {
                "publicIPAddress": {
                  "id": "/subscriptions/.../resourceGroups/.../providers/Microsoft.Network/publicIPAddresses/my-public-ip"
                }
              }
            }
          ],
          "listeners": [
            {
              "name": "httpListener",
              "properties": {
                "frontendIPConfiguration": {
                  "id": "/subscriptions/.../resourceGroups/.../providers/Microsoft.Network/applicationGateways/.../frontendIPConfigurations/publicFrontend"
                },
                "frontendPort": {
                  "id": "/subscriptions/.../resourceGroups/.../providers/Microsoft.Network/applicationGateways/.../frontendPorts/port80"
                },
                "protocol": "Http"
              }
            }
          ],
          "backendAddressPools": [
            {
              "name": "appBackendPool",
              "properties": {
                "backendIPConfigurations": [],
                "backendAddresses": [
                  {
                    "ipAddress": "10.0.0.4"
                  },
                  {
                    "ipAddress": "10.0.0.5"
                  }
                ]
              }
            }
          ],
          "httpSettings": [
            {
              "name": "appHTTPsSettings",
              "properties": {
                "protocol": "Http",
                "port": 80,
                "cookieBasedAffinity": "Disabled",
                "requestTimeout": 20,
                "probe": {
                  "id": "/subscriptions/.../resourceGroups/.../providers/Microsoft.Network/applicationGateways/.../httpProbes/appProbe"
                }
              }
            }
          ],
          "requestRoutingRules": [
            {
              "name": "rule1",
              "properties": {
                "listener": {
                  "id": "/subscriptions/.../resourceGroups/.../providers/Microsoft.Network/applicationGateways/.../listeners/httpListener"
                },
                "backendAddressPool": {
                  "id": "/subscriptions/.../resourceGroups/.../providers/Microsoft.Network/applicationGateways/.../backendAddressPools/appBackendPool"
                },
                "httpSettings": {
                  "id": "/subscriptions/.../resourceGroups/.../providers/Microsoft.Network/applicationGateways/.../httpSettings/appHTTPsSettings"
                }
              }
            }
          ]
        }
        

Next Steps

Explore the following resources for deeper insights:

• Create an Application Gateway with the Azure portal
• Overview of Application Gateway
• URL-based content routing