Application Gateway Concepts
Understanding the core concepts behind Azure Application Gateway is crucial for designing and managing robust, scalable, and secure web applications.
What is Azure Application Gateway?
Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. It is a Layer 7 (HTTP/S) load balancer that allows you to route traffic based on different attributes of an HTTP request, such as the URL path or host headers.
Key Features:
- Layer 7 Load Balancing: Routes traffic based on HTTP requests.
- SSL Termination: Offloads SSL decryption, simplifying backend server configuration and improving performance.
- Web Application Firewall (WAF): Provides protection against common web vulnerabilities.
- Cookie-Based Session Affinity: Directs requests from the same user to the same backend server.
- URL Path-Based Routing: Routes requests to different backend pools based on the URL path.
- Host-Based Routing: Routes requests to different backend pools based on the host header.
- Health Probes: Monitors the health of backend servers and only routes traffic to healthy instances.
- Autoscaling: Automatically scales capacity based on traffic load.
- Integration with Azure Services: Works seamlessly with other Azure services like Virtual Machine Scale Sets and App Services.
Core Components of Application Gateway
Listeners
A listener is where the Application Gateway listens for incoming traffic. It is the combination of a frontend IP address, port, and protocol (HTTP or HTTPS).
- Frontend IP Configuration: Can be public or private.
- Port: Typically 80 for HTTP and 443 for HTTPS.
- Protocol: HTTP or HTTPS.
- Certificate: Required for HTTPS listeners for SSL termination.
Backend Pools
A backend pool contains the servers that will receive the traffic routed by the Application Gateway. These can be virtual machines, virtual machine scale sets, or App Services.
- Target Types: IP addresses, FQDNs, or App Service instances.
- Maximum Size: Application Gateway v1 supports up to 1000 backend members. Application Gateway v2 supports up to 2000 backend members.
HTTP Settings
HTTP settings define how the Application Gateway forwards requests to the backend pool. They include details like the backend port, protocol, and cookie-based affinity.
- Backend Port: The port on which the backend servers listen for traffic.
- Backend Protocol: HTTP or HTTPS.
- Cookie-Based Affinity: Enables or disables session affinity.
- Connection Draining: Gracefully removes backend servers from service.
- Custom Health Probes: Allows defining specific health probe configurations.
Rules
Rules define how traffic is routed from the listener to the backend pool. There are two types of rules:
- Basic Rule: Routes traffic from a listener to a specific backend pool using a default HTTP setting.
- Path-based Rule: Routes traffic based on the URL path. It allows associating different backend pools and HTTP settings with different URL paths.
Example of a path-based rule:
listener: listener_for_app1
IF path is /images/*
THEN route to backend_pool_images
WITH http_settings_for_images
listener: listener_for_app1
IF path is /api/*
THEN route to backend_pool_api
WITH http_settings_for_api
listener: listener_for_app1
ELSE (default)
THEN route to backend_pool_default
WITH http_settings_default
Health Probes
Health probes are essential for ensuring that traffic is only sent to healthy backend servers. Application Gateway sends probes to the backend servers and marks them as unhealthy if they don't respond within a specified time.
- Probe Protocol: HTTP or HTTPS.
- Probe Interval: Time between probes (in seconds).
- Probe Timeout: Time to wait for a response (in seconds).
- Unhealthy Threshold: Number of consecutive failed probes before marking a server as unhealthy.
- Host: The host header to send in the probe request.
- Path: The specific URI path to probe on the backend server.
Application Gateway v1 vs. v2
Application Gateway v2 offers significant improvements over v1, including:
- Autoscaling and Zone Redundancy: Enhanced scalability and high availability.
- Static VIP: The frontend public IP address remains static without manual configuration.
- Multi-Site Hosting: Supports up to 100 websites with a single Application Gateway instance.
- Redirection and Rewrite: Enhanced capabilities for HTTP header and URL rewriting and redirection.
- WAF Improvements: More advanced WAF features and rule management.
It is recommended to use Application Gateway v2 for new deployments due to its advanced features and improved performance.
Next Steps: Explore configuring Application Gateway for your specific scenarios, including setting up WAF, SSL termination, and URL-based routing.