How to choose the right Azure Application load balancer for your use case?

Posted on by No Comments ↓

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.

This post is for the audience who are looking to choose the Application Load Balancer on Azure depending on the web application's needs and use case. There is a specific tool "Load Balancing Options - help me choose" on Azure Portal that Azure offers, that makes the decision-making easier for Azure customers to choose the right load balancing solution per their needs or use case. In this post, I will walk through the less familiar but useful solution that will accelerate and help with the crucial decision-making process easier for customers in choosing the right load balancer for your application's needs.

 

You can decide the choice of load balancer based on the type of web application behind the Application Load balancer if it is regional or global and also based on the type of internet-facing traffic if it is HTTPS only or non-HTTPS traffic. It's easier with this simpler tool that Azure offers us to help make this choice of decision.

 

Below is a screenshot of the tool that can be searched among search resources on Azure Portal. Also, I will walk through a demo for the decision tree to help with the right choice of the application load balancer on Azure Portal.

 

Aarthi795_MSFT_0-1674661780123.png

First, it will ask us about the choice of traffic for the application load balancing if  HTTP/HTTPS is used by the application or if the traffic will be a non-Layer 7, non-HTTP/HTTPS traffic, etc. I will choose "HTTP/HTTPS" with a yes, as I wanted to choose the right application/Layer 7 load balancer, here for us in this walkthrough.

 

Aarthi795_MSFT_0-1674662042371.png

It will lead you to the next question which will ask us about the nature of our application and if it is public-facing or not. I will choose a "yes" here as well as I assume my application is public-facing here, in this demo.

 

Aarthi795_MSFT_1-1674662264712.png

 

The next question that it leads us so forth will be about the regional load balancing needs or global. Let us see the question where it lets us define the nature of load balancing for our web application. I will choose a "Yes" here for this question as it asks me if my application is deployed in one or more regions. 

 

Aarthi795_MSFT_0-1674662613468.png

 

 

Now, as we have mentioned that our application is deployed in different regions, it asks us about performance needs for the application and I choose a "yes" here as well, as I believe that my application demands performance acceleration needed for the users.

 

Aarthi795_MSFT_0-1674662797623.png

The next question helps me drill down to the requirement needed for requests coming through to my application, like if SSL offloading is needed. I choose a "Yes" here as well as I want SSL offloading.

 

Aarthi795_MSFT_0-1674663217998.png

Finally, with this easy and simple decision tree that Azure offers me, I am able to narrow it down to the best choice to use a combination of regional and global application load balancers for high availability, performance, and resilience depending upon the nature of the web application behind it and performance needs for it. So I will choose to use a combination of Azure Front Door and Azure Application Gateway here based on the performance needs for a choice of Azure Front Door as it has strong caching capabilities for performance acceleration for global users, and also a regional load balancer for my applications with SSL offloading needed for regionally spread applications, so I can design it with Azure Front Door in the front with a backend of an Azure Application Gateway. And the backends for Azure Application Gateway will be the Azure VMs hosting web applications, scoped in different VNETs/regions. 

 

Azure Front Door -> Azure Application Gateway -> Backends/ web applications in East, West, and Central US

 

Aarthi795_MSFT_0-1674663529223.png

Tips for using the "Load balancing Options" Tool: 

We can even start over the process using the "Start over" button of the flow chart or decision tree if we want to run it again for any other extra requirement or use case as it might arise for security, high availability needs, and cost consideration.

 

Also, we can use the "Previous" button whenever we want to revisit a previously filled question that the decision tree offers if we want to change it or might have entered the answer wrongly earlier.

 

Choosing between Global and regional application load balancing solutions:  (Azure Front Door vs Azure Application Gateway)

 

Global: If you have a global-facing web application that you want to place behind an application load balancer to take advantage of WAF/Web Application Firewall and URL routing, and path routing functionalities, and you have users across the world trying to access the web application with strong caching needs, your choice of load balancer would be Azure Front Door.

 

Regional: If you have a regional web application spread across a single region contained within an Azure VNET, the choice of application load balancer here is Azure Application Gateway.

 

 

How to choose the right application load balancer based on our use case:

 

Azure Front Door as a choice for Application load balancing:

You can choose Azure Front Door when you have:

  • Need for the internet-facing global application load balancing.
  • Need for End-to-End SSL for your globally accessed web application and for CDN-like functionalities.
  • Strong caching needs and performance, compression needs
  • WAF needs - To allow or deny certain traffic and rate-limiting for preventing DDoS attacks.
  • Global users are being served with the application behind an application Load balancer.
  • Custom Domains and wildcard domains. CNAME-based domain name validation. 
  • Redirect and rewrite functionalities, URLs, and path routing.

For more information on Azure Front Door as a load-balancing solution, please refer to this article.

 

For additional information on various SKU choices available with Azure Front Door please check the following article for choosing the right SKU:

 

Azure Front Door features and Tier Comparison:

https://learn.microsoft.com/en-us/azure/frontdoor/standard-premium/tier-comparison#feature-comparison-between-tiers

 

Azure Traffic Manager as a choice for load balancing:

  • When you need DNS-based load balancing, for high availability or failover reasons/scenarios, like based on the DNS name you want to load balance between geographically distributed applications, for example between applications in the East US and West US with similar DNS names.
  • When we do not have any WAF needs.

For more information on Azure Traffic Manager as a load-balancing solution, please refer to this article.

 

Azure Application Gateway as a choice for application load balancing:

  • For regional application load balancing needs.
  • For having the application load balancer (Azure Application Gateway) scoped within an Azure VNET.
  • Custom domains and wildcard domains. IP-based domain name validation. 
  • End-to-End SSL offload, URL-based routing, multiple site hosting.
  • Rewrite rules, URL redirection, and path rules.
  • Static frontend public IP for hosting the application behind a load balancer
  • WAF for application security. (For eg. the choice of SKU would be WAF V2)
  • Autoscaling and zone redundancy. (Choice of SKU: Standard v2/ WAF V2)

For more information on Azure Application Gateway as a load-balancing solution, please refer to this article.

 

For additional information on different SKUs and versions of application gateway available please check this article

 

Scenarios where layer 7 or Application load balancing is not needed:

 

If we do not have any Layer 7/ Application load balancing needs, and also do not need end-to-end TLS termination for an application on an Azure VM, you can choose an Internal or external Load balancer that operates at Layer 4 of the OSI layer. The internal load balancer is the choice when we do not want to have the Layer 4 Azure Load balancer public-facing, and want it to be private or internal for load balancing between applications running on Azure VMs. An external Load Balancer can be used for Layer 4 load balancing between applications running on Azure VMs, which can have a front-end Public IP, which will be the Public IP of an external Azure Load balancer.

 

Something to read if you are interested in learning more about this load balancing options tool with an easy tutorial:

For more information on using the "Load Balancing Options - help me choose" Tool on Azure Portal, here is a detailed guide that helps us walk through the steps to make this choice and use it.

Reference: Load-balancing options - Azure Architecture Center | Microsoft Learn

 

I hope this post was useful and might have helped with a better and simplified view of understanding the reasoning behind choosing the right load balancer decision for your web applications on Azure.

 

Happy Learning!

 

FastTrack for Azure:  Move to Azure efficiently with customized guidance from Azure engineering. FastTrack for Azure – Benefits, and FAQ | Microsoft Azure 

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.