6.2. Load Balancers and Application Gateways
In the vast array of Azure networking services, Load Balancers and Application Gateways stand out as pivotal components for ensuring high availability, scalability, and security of applications. These services intelligently distribute network or application traffic across a number of servers or services, optimizing resource use, maximizing throughput, minimizing response time, and avoiding overload of any single resource.
Azure Load Balancer
Understanding Azure Load Balancer:
Azure Load Balancer operates at layer 4 (Transport Layer) of the OSI model, which means it’s concerned with the delivery of messages with no regard to the content of those messages. It is designed to handle high volume of network traffic in a systematic way.
Features of Azure Load Balancer:
● Load Balancing Algorithms: It supports various algorithms including round-robin, which distributes traffic evenly, and hash-based distribution, which directs traffic based on a specific data portion such as the IP address.
● Health Probes: The Load Balancer monitors the health of resources and only sends requests to healthy instances.
● Port Forwarding: It enables port forwarding, allowing the setup of NAT rules for VMs inside a virtual network.
● High Availability: Ensures that applications can handle failures of a server instance by rerouting traffic to operational instances.
● Scalability: Automatically scales with increasing traffic, ensuring that application performance remains stable.
Types of Azure Load Balancer:
- Public Load Balancer: It is used to distribute internet traffic to the VMs.
- Internal (Private) Load Balancer: It is used within a VNet to distribute traffic inside a private network.
Deployment Scenarios:
● Load Balancing for VMs: For VMs hosting a website or application, the load balancer can distribute incoming traffic across all VMs.
● NAT for VMs: When VMs in a virtual network need outbound connections, Load Balancer can provide outbound connections by translating private IP addresses to public IP addresses.
● SQL Always On: Load Balancer can distribute traffic to multiple SQL servers configured for high availability.
Azure Application Gateway
Understanding Azure Application Gateway:
Features of Azure Application Gateway:
● SSL Termination: It can handle SSL termination at the gateway, offloading the expensive SSL decryption tasks from the web servers.
● Cookie-Based Session Affinity: This feature is useful when you want to keep a user session on the same server.
● Web Application Firewall (WAF): The WAF provides centralized protection of your web applications from common exploits and vulnerabilities.
● URL-Based Routing: Routes traffic to backend pool based on URL paths of the request.
● Redirection: Supports redirection of traffic, which is helpful in scenarios such as HTTP to HTTPS redirection.
Benefits of Azure Application Gateway:
● Enhanced Security: With built-in WAF, Application Gateway provides an additional security layer.
● Application Layer Load Balancing: It allows for more complex routing decisions based on HTTP request details.
● SSL Offloading: Reduces load from backend servers, thus improving performance.
● Session Affinity: Keeps a user connected to the same server for the duration of their session.
Deployment Scenarios:
● Multi-site Hosting: Different domains or subdomains can be hosted behind a single Application Gateway.
● URL Path-Based Routing: Distribute traffic based on URL paths across multiple backend pools.
● Secure Sockets Layer (SSL) Offloading: Offloading SSL decryption from Azure VMs.
● Web Application Firewall: Protect web apps from common web vulnerabilities.
Comparison: Load Balancer vs Application Gateway
● Layer of Operation: Load Balancer operates at Layer 4, making decisions based on IP address and port. Application Gateway operates at Layer 7, allowing for decisions based on URL paths, cookies, and other HTTP headers.
● Usage: Load Balancer is suitable for scenarios where simple load balancing is required, without the need for HTTP-specific features. Application Gateway is used when you need advanced routing, load balancing, and security features for your HTTP/HTTPS traffic.