Open in app

Sign in

Write

Sign in

Azure App Gateway and Load Balancer

An overview

Vivek Kumar
Globant
6 min readSep 13, 2023

--

Photo by Etienne Girardet on Unsplash

Azure Cloud offers several services related to load balancing. Today we are going to focus on two services known as Application Gateway and Load Balancer. These services have a critical role. They ensure cloud-based applications remain accessible and manage rising traffic. They distribute incoming traffic among multiple instances of an app. This improves app performance, scalability, and reliability. It’s vital to grasp the distinctions between an Application Gateway and a Load Balancer. They differ in operation and offerings. This blog delves into their unique features, architecture, and use cases. This exploration enhances our comprehension of their functions. It also guides selecting the appropriate one based on app requirements.

Azure Application Gateway

Application Gateway, a layer seven load balancer, plays a crucial role in managing and routing HTTP/HTTPS traffic within the Azure ecosystem. It excels in directing this traffic to specific backend pools based on the URL path or the host header, supplying an elevated level of control and flexibility. The gateway offers an array of useful features, including SSL offloading, which enables the decryption of SSL traffic before it reaches the backend servers. Additionally, it supports cookie-based session affinity and URL-based routing, allowing for precise traffic management. The following diagram depicts the usage of an Application Level Gateway:

Application Gateway (Source: Microsoft)

The working architecture of Application Gateway consists of the following key components:

  • Frontend IP: This is the public IP address clients use to connect to the application.
  • Backend pools: These are groups of servers that the Application Gateway directs traffic to.
  • Rules: These rules are based on the URL path or host header and decide the backend pool for directing traffic.
  • Health probes: Regularly checking the backend servers' health ensures that only healthy instances of the application receive traffic. The monitoring behavior operates by issuing an HTTP GET request to the IP addresses or fully qualified domain names (FQDN) set in the backend pool.
  • SSL certificates: Used for SSL termination, these certificates play a vital role in decrypting SSL traffic and optimizing the handling of backend servers.

Features

Application Gateway provides several features, including:

  • URL-based routing and host header-based routing: Allows for granular traffic management by directing requests to specific backend pools based on URL paths or host headers.
  • SSL offloading: Offloads the resource-intensive SSL decryption process from the backend servers, improving their performance and scalability.
  • Session affinity: Ensures that the next requests from a client are consistently routed to the same backend instance, enhancing the user experience, and maintaining the session state.
  • Built-in web application firewall: Offers a built-in web application firewall to protect against common web vulnerabilities and enhance the security of the application.
  • Autoscaling capabilities: Supports autoscaling, automatically adjusting resources to handle varying traffic loads and ensuring optimal performance and availability.

These features of Application Gateway contribute to improved traffic management, enhanced security, and efficient use of resources for applications in the cloud.

Limitations

However, there are a few limitations to using Application Gateway, including:

  • Limited protocol support: As a layer seven load balancer, Application Gateway primarily focuses on HTTP/HTTPS traffic and does not supply extensive support for other protocols. This limitation can be restrictive for applications that rely on different protocols for their operation.
  • Rate Limiting Complexity: Configuring rate limiting within Application Gateway can present complexities, and the configuration might not offer the desired straightforwardness.
  • Limited Customization: While it does provide a degree of routing customization, Application Gateway’s potential for handling intricate routing and redirection scenarios could be constrained when compared to more advanced alternatives.

Let us consider an example that illustrates the suitability of an Application Gateway. Imagine an e-commerce website with different microservices responsible for various aspects of the application, such as managing the shopping cart or handling the product catalog. SSL is used for all traffic on the website to ensure secure transactions. In such a scenario, Application Gateway proves to be an excellent choice. It can efficiently route traffic to the right microservice based on the URL path, ensuring that the shopping cart requests go to the designated microservice and the catalog requests to the correct one. Moreover, Application Gateway can handle SSL termination, relieving the backend servers from the resource-intensive SSL decryption process.

Azure Load Balancer

Load Balancer, a layer four load balancer offered by Azure, plays a critical role in efficiently managing TCP/UDP traffic within the cloud environment. Unlike Application Gateway, Load Balancer works at a lower level and does not offer the same level of granular routing capabilities. Instead, it uses a load-balancing algorithm to distribute incoming traffic to backend pools. Just like the application gateway, ALB uses robust health probes that actively watch the status of backend servers, ensuring that only healthy instances of the application receive traffic. The following diagram depicts the usage of a Load Balancer:

Load Balancer (Source: Microsoft)

The architecture of the Load Balancer includes the following key components:

  • Frontend IP: It serves as the public IP address that clients use to set up connections with the application.
  • Backend pools: These are groups of servers to which the Load Balancer efficiently distributes incoming traffic.
  • Load balancing rules: These rules decide how the traffic is divided among the backend servers, optimizing performance and resource utilization.
  • Health probes: Continuous monitoring of the health of the backend servers ensures that only operational instances receive traffic. This enhances the high availability and reliability of the application.

Features

Load Balancer offers several features, including:

  • Protocol support: The Load Balancer supports both TCP and UDP protocols, allowing for versatility in handling several types of traffic.
  • Health probes: The inclusion of health probes enables efficient monitoring and management of backend server health. This promotes stability and minimizes downtime by directing traffic only to healthy instances.
  • Autoscaling: Load Balancer supports autoscaling capabilities, allowing it to adjust resources to manage fluctuating traffic loads dynamically. This ensures the best performance and scalability for the application.

Limitations

However, Load Balancer does have some limitations to consider:

  • Limited routing options: Load Balancer offers fewer routing options as compared to Application Gateway, which might restrict its suitability for applications with complex routing requirements.
  • Lack of SSL offloading: The Load Balancer does not have SSL offloading capabilities. This means that SSL traffic decryption is performed directly on the backend servers, potentially adding extra processing load to them. This could be a limitation where end-to-end encryption is not required.

To illustrate the use case for Load Balancer, consider a gaming platform that relies on UDP traffic for real-time gameplay. In this scenario, Load Balancer can be configured to employ a specific load-balancing algorithm, such as “least connections,” to distribute traffic among the gaming servers efficiently. This ensures balanced gameplay experiences across all servers and prevents any single server from becoming overloaded.

Conclusions

In conclusion, when routing HTTP/HTTPS traffic and requiring SSL termination, Application Gateway appears to be the best choice. Its advanced routing features and ability to manage complex scenarios provide the necessary capabilities for such requirements.

On the other hand, if your focus is on basic TCP/UDP traffic routing without specific routing rules and cost-effectiveness, Load Balancer turns out to be a suitable solution. While it may lack the advanced routing functionalities of Application Gateway, it compensates by offering health probes to ensure the availability of healthy application instances.

The decision between Application Gateway and Load Balancer hinges upon your specific needs and the complexity of your application architecture. By carefully assessing the features and capabilities of each choice, you can make an informed decision that aligns with your requirements and perfects the performance and scalability of your application. Below are the key differences that may help you to choose the suitable service for your needs:

Table — Feature comparison between Application Gateway and Load Balancer

I hope this article is useful in helping you understand the main differences between Azure’s Application Level Gateway and Load Balancer so that you can choose the more suitable option for your next project.

References

Azure Application Gateway
Azure Load Balancer
Application Gateway
Load Balancer
Cloudops

--

--

Vivek Kumar
Globant

Written by Vivek Kumar

4 Followers

Harmonizing DevOps and cloud 🎵 | Orchestrating digital symphonies 🎶 | Automating with a touch of magic ✨

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams