AZ-305 – Microsoft Azure Solutions Architect Expert- Design a Networking Strategy Part 4

8. Overview of Azure Load Balancing Services

So let’s talk about how traffic is distributed in terms of load balancing services within Azure. So there are four main load balancing services that we’ll talk about. There is the standard load balancer which as the name implies, is the one that you would go to when you’re needing a load balancer. Application Gateway has some additional functionality and more capability and those are at the local regional level.

At the global level you have the Front Door service and you have traffic manager and both of them have completely different capabilities when it comes to distributing traffic globally. So let’s start with the load balancer. So the load balancer service is the most basic of it where it’s what’s called a layer for load balancer. It works at the network level. It doesn’t understand http https at all, doesn’t understand domain names, doesn’t understand paths in the URL.

The level four load balancer works at IP port and protocol, protocol being TCP or UDP. So those are the things that a load balancer service can handle. Now, Microsoft provides a basic load balancer for free and it’s not very featureful and they don’t even recommend you use the basic load balancer in a production setting. For that they have what’s called the standard load balancer. The standard load balancer has got an SLA, whereas the basic load balancer does not. And it also does cost money for a standard load balancer and you pay per rule.

So if you have one load balancing rule or it’s 2. 5 cents per hour, if you have two four, you’re just basically paying per rule. To create the load balancer is pretty straightforward. You’re just going to choose the group subscription, give it a name as usual. Region. Now, load balancers can either be public load balancers or internal load balancers. Internal load balancers effectively operate on private IP addresses and cannot be accessible from outside. Whereas a public load balancer would have a public IP address that the public would be using to access your services that are hidden behind it. Here’s where you choose the standard versus basic.

Now notice that the standard SKU does support fancy things such as Availability Zones. If I switch over to the basic Skew, the Availability Zone basically disappears. And then the ability to run the load balancer you see here, it actually allows me to run it regionally, which of course is going to be in a region or run as a global load balancer which is deployed to a region. Now I’ll pull in this page, you can see here that global versus regional is a thing. So when we’re talking about front door and traffic Manager, we’ll talk about that in a second. These operate at a global level. This is where traffic from around the world can come into the service and then will get distributed to the closest region to the user.

You’ll notice that Application Gateway is listed as a regional only load balancer. So typically you might have a front door service that points to an application gateway and the web servers are behind the application gateway. Now, surprisingly, Azure load balancer is also listed as global load balancer. And you can see here that it’s not designed specifically, it’s a level four load balancer. So it’s not designed specifically to work on Http type traffic. And so that’s why it’s listed as being not great for Http because it just doesn’t handle it any differently as it would handle non Http traffic. All right, so yeah, basically you do get the choice in the load balancer specifically whether you want to run at the regional level or the global level. And this is where again, you can make it in a no zone or make it zone redundant or across specific zones. Now, if we go to the application gateway that’s right there next to it, the application gateway, this is also considered an enterprise load balancer. You are going to pay for it. Now, you do have the choice of what are called SKUs and so you’re going to basically pay for standard application gateway. The WAF stands for Web Application Firewall.

And a web application firewall has the ability to basically filter malicious traffic that is coming in. So someone’s going to try a cross site scripting attack, SQL injection, any of these sort of standard internet hacking methods for websites, the web application firewall should be able to handle it. There’s a sort of an enlist of the known industry standard hacking ways. So this is not as fancy or sophisticated as an actual firewall or some of these advanced threat protections and other firewall devices, but this does basically make sure people can’t take advantage of your website if it’s not properly configured, for instance. So again, with application gateway, give it a name, choose a region. You can see this application gateway supports scaling, which the load balancer does not. So you might want to not turn on scaling unless you really know that you need it, but you can basically have it grow to the number of instances of application gateway based on the traffic.

It also supports the Http two protocol, but it’s disabled by default. Now they’re all again very similar except when you get to the because this is a layer seven load balancer. You have the ability to configure rules such as the domain name matching or parts of the path so that images get sent to one server and videos get sent to another and the rest of the traffic gets sent to a third server. So you can do load balancing based on a path of the URL. Now, the last two that we’ll talk about are Traffic Manager. I’ve always found Traffic Manager to be really cool because it’s really a hack of the domain name system, the global domain name system. The idea is that your user, let’s say you’ve got a user somewhere halfway around the world from you, let’s say they’re in Australia in my case. Well, the domain name system, the user is going to go and look up your domain www. example. com. You can direct that user to a different IP address as you would to a North American user.

And so you can set up your applications around the world in three or four or five regions and everyone going to the same domain gets directed to different servers. This, I believe, would be how Google works. Or Facebook. It’s the same domain name no matter what country you’re in. But the servers are basically geographically dispersed and not everyone that goes to Facebook. com is being sent to the United States to get that traffic served. And so it’s a very similar set up to a lot of these big brands, even Microsoft. com. Front Door is also relatively new and it basically is an application gateway that runs at the global level. It also supports Web application firewall, so there is a security element, it also supports a CDN, so there’s a caching element and basically it’s another high availability service that operates at a global level and then you can then distribute the traffic to the specific region that you want to.

And so again you could think of it as a global service that then can direct them to the right region for them depending on what they’re trying to do. So Front Door service really sort of can do it all. Obviously there’s a price to that as well compared to load balancer. Very simple application gateway, a bit more complicated but also very straightforward. Traffic Manager is an eight hack of the DNS system and Front Door sort of has a hodgepodge of things operating at a global level that’s all in terms of load balancing services in Azure.

• Category: Uncategorized