Azure Load balancer provides the distribution of Virtual Machine traffic to run your application smoothly in the production environment. All virtual machines connected to the backend of the Load balancer decide the traffic according to load on the per VM. Load balancer ensures the high availability of your application and its own fully managed service An Azure load balancer is used to distribute traffic loads to backend virtual machines or virtual machine scale sets, by defining your own load balancing rules you can use a load balancer in a more flexible way.
Feature of Azure Load Balancer The followings are the most important features of Azure load balancer.
Network Load balancer: Azure load balancing uses IP addresses, source port, destination IP, Destination port, and Networking Protocol of connection.
Internal and public load balancer: Azure Load balancer supports Internal Load balancing where you can balance the traffic of an internal virtual network or traffic within a virtual network. Public load balancer used for balancing the internet traffic to virtual machines. it provides an outbound connection to virtual machines.
Routing: Load balancer works on the Network load balancing technique so it supports the routing using source/ Destination (IP & Port), and protocol. it works on a general routing protocol to support the traffic.
Works at Layer 4 OSI Model: it works on the Transport layer of the OSI model. it supports TCP and UDP connection process.
Health probes as TCP/IP: health probe is a very useful feature of Azure load Balancer. whenever any Virtual machine gets stop or errored then the health probe generates the alert and stops sending traffic to a particular Virtual machine which saves the loss of data and time.
Port Forwarding: Port forwarding supports the connection using IP addressing and Port of services. Azure load balancer support port forwarding so users can access applications with associated IP address and Ports.
Compare Load Balancers - Basic and Standard
Backend Pool Size
The backend pool is the set of machines/services that are being load balanced for scale and high availability. The Basic tier is limited to 100 instances but the Standard tier can scale out to 1000 instances (matching a virtual machine scale set).
Endpoints Endpoints are the machines/services that make up a backend pool. The Basic tier is quite restrictive. A load balancer is restricted to a single availability set, virtual machine scale set, or a single machine. The Standard tier can span any virtual machine in a single virtual network, including blends of scale sets, availability sets, and machines.
Availability Zones The architecture feature that will drive a lot of customers to the Standard tier is availability zones, where you can scale a service out across up to 3 zones (sets of data centers) in a single region for a 99.99 percent service level agreement (SLA). A Standard tier public IP address can scale out to the availability zones using the Standard tier load balancer. The Basic tier load balancer is restricted to non-availability zone deployments.
Diagnostics The Basic tier offers some diagnostics through Log Analytics (paid for per GB of monitoring data) but the Standard tier offers much more data through Azure Monitor. This appears to be the focus now for operational monitoring and alerting.
HA Ports In the scenario of network virtualization appliances, the Basic tier normally provides a active/passive solution with virtual firewalls. HA Ports, a feature of the Standard tier, enables virtual firewalls to become active/active and this provides the ability to scale out for high traffic deployments.
Secure By Default The Basic tier relies on network security groups (NSGs) or virtual appliances to secure virtual machines. The Standard tier is secure by default and requires a network security group to explicitly permit traffic through a public IP address.
Multiple Frontends The Standard tier supports having multiple frontend IP addresses for inbound and outbound traffic. However, the Basic tier only supports multiple frontends for inbound traffic.
Management Operations This addresses something that annoys me with the load balancer, not to mention the web application gateway! Creating a new rule or making a configuration change is slow! With the Basic tier, it can take 60+ seconds for a configuration to save. Most operations will complete in under 30 seconds with the Standard tier.
Service-Level Agreement The SLA of the Basic load balancer is implied in the virtual machine SLA. That depends on how you deploy virtual machines. The Standard tier has its own SLA, which is 99.99 percent (matching the highest virtual machine SLA).
What is Azure Front Door?
Microsoft Azure Front Door (AFD) is a service that offers a single global entry point for customers accessing web apps, APIs, content, and cloud services. We can configure Azure front door service in two ways,
Configure a backend pool for each website
Create one backend pool and direct all website traffic to a single backend pool.
It offers services over Web applications, VM, APIs’, Cloud services, Data. Also, it provides a global infrastructure for building, managing, and provide security. It’s a kind of a global load balancer.
Feature of Azure Front Door
Microsoft Azure provides Azure front door in two ways, first, Azure front door which having normal functions, and another one, Azure front door standard/Premium (in preview) which has integration with DevOps, support analytics, and a high level of security.
It supports a Modern Content delivery network with built-in security features.
Syntactic HTTP/HTTPS requests in form of GET, HEAD
Sticky Session Supported
It can be implemented with a web application firewall (WAF).
Azure DDOS protection support enables security and protection from cyber-attacks.
Azure Front Door: Pros & Cons
Pros:
Azure Front Door is a global service not tied to any specific Azure region.
It provides support for the host, path, and query string redirection as well as part of URL redirection.
Routes for your Front Door are not ordered and a specific route is selected based on the best match.
Cons:
Azure Front Door doesn’t support static or dedicated frontend anycast IPs.
Azure Front Door and Azure CDN can’t be configured together because both services utilize the same Azure edge sites when responding to requests.
Currently, Azure Front Door defenders can only be used with Azure Cloud but there should be provision to use them with multiple cloud vendors.
What is Azure Application Gateway?
Azure Application Gateway provides an Azure load balancer on the transport level for applying Routing Rules for supporting load balancing and traffic management. It supports secure socket layer termination security which makes a more secure way of load balancing and also supports HTTP-based load balancing and creates sessions on the basis of cookies.
Features of Azure Application Gateway:
Web traffic load balancer: The application gateway enables the WebSocket and HTTPS protocols which enable full-duplex communication between client and server using TCP connection.
Routing with URI path and Host headers: it allows you to set traffic between backend pools on the basis of URLs. it differentiates the traffic by URL and host headers names.
Security: it supports a web application firewall that enables traffic filtering and protection with the Zone redundancy feature.
Sticky Session Supported: it supports the traffic which is based on cookies. when you are using a web server then re-login to the server then the application gateway diverts the traffic to the same server as per the cookies for better connection and faster delivery of services.
Azure Application Gateway: Pros & Cons
Pros:
HTTP, HTTPS, HTTP/2, and WebSocket support
Traffic between backend pools can be set on the basis of URLs with Azure Application Gateway
It supports the traffic which is based on cookies.
Cons:
Application Gateway resource can not be renamed. A new resource with a different name has to be created every time.
Email protocols support such as SMTP, IMAP, and POP3 is not available.
The configuration is particular right now and needs to be more flexible.
What is the difference between Azure Front Door and Azure Application Gateway?
Application Gateway:
Azure Application Gateway is a web traffic load balancer enabling users to manage traffic on their web applications
They can make routing decisions based on additional attributes of an HTTP request, for example, URI path or host headers.
Application Gateway can be used with Web Application Firewall (WAF) for a scalable and secure way to manage traffic to your web applications.
Azure Front Door:
Azure Front Door is a global, scalable entry-point using the Microsoft global edge network to create fast, secure, and widely scalable web applications.
With Front Door, you can transform your global consumer and enterprise applications into robust, high-performing personalized modern applications with content that reach a global audience through Azure
It works at Layer 7 (HTTP/HTTPS layer)
Can you use Front Door and Application Gateway together? Many a time it makes sense to run Front Door and Application Gateway at the same time. Front Door can be used as a global load balancer to interface with all application traffic entering the cloud. Azure Front Door directs the traffic from there to different regions, and then from there, the Application Gateway takes over to provide fine-tuned load balancing within each region. But it is not necessary to use both services simultaneously even if we can. For a simple app that runs across multiple regions and doesn’t require complex routing based on low-level rules, Front Door is the most likely and feasible option.