published: 8th of April 2023
Azure Application Gateway is a Layer 7 load balancing service for HTTP/S and HTTP2 traffic.
Application Gateways have the following characteristics.
v2 App Gateways have the same features as v1 App Gateways with some additional functionality.
|HTTP/S/2||Support for HTTP, HTTPS and HTTP2 traffic.|
|URL path based routing||Route to a backend pool based on a URL path such as /images/* or /videos/*.|
|Multi-site hosting||Host multiple web application frontends on a single App Gateway.|
|Web Application Firewall (WAF)||Pre-defined rules to protect web applications from common exploits and malicious attacks.|
|TLS termination and End-to-End encryption||TLS traffic can be terminated on the frontend (Termination) and optionally continue through to the backend host (End-to-End). Note: App Gateway proxies the TLS connection and does not pass it directly through to the backend host.|
|Session affinity||Utilizes a cookie for session stickyness to a Backend server for a flow.|
|Connection draining||Allows for graceful removal of backend pool members.|
|Custom error pages||Use custom error pages instead of displaying default error pages.|
|Websockets||Enabled by default and cannot be disabled.|
|Static/Dynamic VIP frontend||Static or Dynamic VIP address.|
|Public/Private VIP frontent||Support either private and/or public addressing for the frontend|
|v1 features||With some differences.|
|Autoscaling||Dynamically scale in/out to meet traffic demands.|
|Zone redundancy||Can span multiple Availability Zones (AZs).|
|AKS Ingress Controller||Can be used as an Ingress for Azure Kubernetes Service (AKS) clusters.|
|Azure Key Vault integration||Can access TLS certificates stored in Azure Key Vault without having to load them on the App Gateway.|
|Rewrite HTTP headers URL||Add, remove, or update HTTP request and response headers.|
|Rewrite URL||Rewrite URLs, query string parameters and host name.|
|Web Application Firewall (WAF)||Custom rules to protect web applications from common exploits and malicious attacks.|
|Static VIP frontend||Static VIP address that does not change. Note: There is no option to have a dynmaic IP address.|
|Public/Private VIP frontent||Private only frontend VIP is currently in preview.|
Listeners determine which traffic is load balanced using the following parameters.
There are 2 types of Listeners: Basic and Multi-Site.
Basic listeners have the following characteristics.
Multi-Site listeners have the following characteristics.
Rules determine how to Route traffic to a Backend and have the following characteristics.
Health Probes are used to monitor Backend health at the application layer and have the following characteristics.
The following diagrams show a command Application Gateway deployment architecture.
The following points summarize the above diagram.
Application Gateways have the following considerations.