Application Gateways

Application Gateways are managed services that enable you to manage traffic to your web applications. They offer features such as load balancing, Web Application Firewall (WAF), SSL termination, and more.

What is an Application Gateway?

An Application Gateway is a load balancer that enables you to manage traffic to your web applications. It operates at Layer 7 (HTTP/HTTPS) and can route requests based on various criteria, including path-based routing, host-based routing, and header-based routing. It's a crucial component for building scalable, highly available, and secure web architectures.

Key Features

  • Load Balancing: Distributes incoming application traffic across multiple backend servers.
  • SSL Termination: Handles the decryption of SSL/TLS traffic at the gateway, offloading this CPU-intensive task from your backend servers.
  • Web Application Firewall (WAF): Protects your web applications from common web exploits and vulnerabilities such as SQL injection, cross-site scripting, and more.
  • Path-Based Routing: Routes traffic to different backend pools based on the URL path of the request. For example, /images/* could be routed to one set of servers, while /api/* is routed to another.
  • Host-Based Routing: Routes traffic to different backend pools based on the host name in the request header. This is useful for hosting multiple websites on the same IP address.
  • Cookie-Based Session Affinity: Ensures that requests from a particular client are consistently sent to the same backend server.
  • Health Probes: Continuously monitors the health of backend instances and removes unhealthy instances from rotation.
  • Autoscaling: Automatically adjusts the capacity of the gateway based on traffic load.

Use Cases

  • Securing web applications with a WAF.
  • Implementing SSL offloading for improved performance.
  • Deploying microservices with path-based routing.
  • Hosting multiple domains on a single IP address.
  • Ensuring high availability and scalability of web applications.

Getting Started

To get started with Application Gateways, you typically need to define the following:

  • A frontend IP configuration (public or private).
  • One or more listeners to accept incoming traffic (e.g., HTTP on port 80, HTTPS on port 443).
  • Backend HTTP settings, which define how requests are forwarded to backend servers.
  • Backend pools, which contain the IP addresses or FQDNs of your backend servers.
  • Health probes to monitor backend server health.
  • Rules to define the routing logic.

Example Configuration Snippet (Conceptual)


{
  "name": "myAppGateway",
  "location": "East US",
  "properties": {
    "sku": {
      "name": "Standard_WAF",
      "tier": "Standard_v2"
    },
    "enableHttp2": true,
    "frontendIPConfigurations": [
      {
        "name": "frontendPublicIP",
        "properties": {
          "publicIPAddress": {
            "id": "/subscriptions/.../providers/Microsoft.Network/publicIPAddresses/myPublicIP"
          }
        }
      }
    ],
    "backendAddressPools": [
      {
        "name": "myBackendPool",
        "properties": {
          "backendIPConfigurations": [],
          "backendAddresses": [
            {
              "ipAddress": "10.0.0.4"
            },
            {
              "ipAddress": "10.0.0.5"
            }
          ]
        }
      }
    ],
    "httpListeners": [
      {
        "name": "httpListener",
        "properties": {
          "frontendIPConfiguration": {
            "id": "/subscriptions/.../providers/Microsoft.Network/applicationGateways/myAppGateway/frontendIPConfigurations/frontendPublicIP"
          },
          "frontendPort": {
            "id": "/subscriptions/.../providers/Microsoft.Network/applicationGateways/myAppGateway/frontendPorts/port80"
          },
          "protocol": "Http"
        }
      }
    ],
    "requestRoutingRules": [
      {
        "name": "basicRule",
        "properties": {
          "ruleType": "Basic",
          "httpListener": {
            "id": "/subscriptions/.../providers/Microsoft.Network/applicationGateways/myAppGateway/httpListeners/httpListener"
          },
          "backendAddressPool": {
            "id": "/subscriptions/.../providers/Microsoft.Network/applicationGateways/myAppGateway/backendAddressPools/myBackendPool"
          },
          "backendHttpSettings": {
            "id": "/subscriptions/.../providers/Microsoft.Network/applicationGateways/myAppGateway/backendHttpSettingsCollection/appGatewayBackendHttpSettings"
          }
        }
      }
    ],
    "backendHttpSettingsCollection": [
      {
        "name": "appGatewayBackendHttpSettings",
        "properties": {
          "port": 80,
          "protocol": "Http",
          "cookieBasedAffinity": "Disabled",
          "requestTimeout": 20
        }
      }
    ]
  }
}

Resources

For more detailed information and tutorials, please refer to the official documentation: