Azure Load Balancer, Application Gateway, Traffic Manager & Front door differences

Post by: syed hussain in All Microsoft Azure Reference Architecture

Summary

This post is a quick summary comparing the three resources; Azure Load Balancer, Application Gateway and Traffic manager.

Azure Load Balancer

Azure Load Balancer operates at layer 4 of the Open Systems Interconnection (OSI) model. It’s the single point of contact for clients. Load balancer distributes inbound flows that arrive at the load balancer’s front end to backend pool instances. These flows are according to configured load-balancing rules and health probes. The backend pool instances can be Azure Virtual Machines or instances in a virtual machine scale set.

public load balancer can provide outbound connections for virtual machines (VMs) inside your virtual network. These connections are accomplished by translating their private IP addresses to public IP addresses. Public Load Balancers are used to load balance internet traffic to your VMs.

An internal (or private) load balancer is used where private IPs are needed at the frontend only. Internal load balancers are used to load balance traffic inside a virtual network. A load balancer frontend can be accessed from an on-premises network in a hybrid scenario.

The following features are available to Azure Load Balancer:

  • Load balance VM within a specific availability zone.
  • Load balance VMs with multiple availability sets.
  • Configure port forwarding in Load Balancer.
  • Load balance multiple IP configurations.
  • Cross-region load balancing support.
  • Gateway load balancing support.
  • NAT gateway for public Load Balancers.
  • NAT gateway for internal Load Balancers.
  • Health and traffic monitoring.
  • Floating IP Support.

Azure Application Gateway

Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. Traditional load balancers operate at the transport layer (OSI layer 4 – TCP and UDP) and route traffic based on source IP address and port, to a destination IP address and port.

Application Gateway can make routing decisions based on additional attributes of an HTTP request, for example URI path or host headers. For example, you can route traffic based on the incoming URL. So if /images is in the incoming URL, you can route traffic to a specific set of servers (known as a pool) configured for images. If /video is in the URL, that traffic is routed to another pool that’s optimized for videos.

This type of routing is known as application layer (OSI layer 7) load balancing. Azure Application Gateway can do URL-based routing and more.

The following features are available to Azure Application Gateway:

  • Autoscaling.
  • Zone Redundancy.
  • Static VIP.
  • Header Rewrite.
  • Key Vault Integration.
  • Mutual Authentication.
  • Azure Kubernetes Service Ingress Controller.
  • Route by URL (/images, /videos can be routed to different service endpoints).
  • Redirect web traffic.
  • Monitor Service health.
  • Support for WebSockets.
  • Route traffic based on rules.
  • Region Based service Only.

Azure Traffic Manager

Azure Traffic Manager is a DNS-based traffic load balancer. The service allows network traffic to be distributed across Azure regions.

The following features are available to Azure Traffic Manager:

  • Azure Traffic Manager provides health monitoring.
  • Route traffic based on low-latency requirements.
  • Route traffic based on geographic location of endpoints.
  • Distribute traffic to a set of endpoints.
  • Route traffic to a priority endpoint.
  • Control traffic with weighted endpoints.
  • Route traffic based on users subnet.
  • Alias records for Traffic manager.
  • Plan Disaster recovery using Azure DNS and Traffic Manager.
  • Monitor Real User Measurement to Azure Traffic Manager.

Azure Front Door

Azure Front Door is a global, scalable entry-point that uses the Microsoft global edge network to create fast, secure, and widely scalable web applications. 

Front Door works at Layer 7 (HTTP/HTTPS layer) using anycast protocol with split TCP and Microsoft’s global network to improve global connectivity. Based on your routing method you can ensure that Front Door will route your client requests to the fastest and most available application backend. An application backend is any Internet-facing service hosted inside or outside of Azure. Front Door provides a range of traffic-routing methods and backend health monitoring options to suit different application needs and automatic failover scenarios. Similar to Traffic Manager, Front Door is resilient to failures, including failures to an entire Azure region.

The following features are available to Azure Front Door:

  • Caching.
  • Session affinity.
  • Traffic acceleration.
  • Routing.
  • Backend pools.
  • Health probes.
  • Robust rules engine.
  • Wildcard domain.
  • URL rewrite.
  • URL redirect.
  • Load-balancing with Azure Application delivery.
  • Security Policies.
  • Geo-filtering
  • Rate limits.
  • IP Restriction.
  • Firewall.
  • Non-Region bases service.
  • Does not work at VM/container level, therefore no connection draining.
Tags: application gateway azure load balancer front door traffic manager
19 Feb 2022
0