Azure load balancing services – Configuring Load Balancing
Azure load balancing services
Azure offers several services for load balancing. Microsoft views these services as being separated by web-type workloads (HTTP(S)-type traffic) and by global and regional delivery.
Regional services
Regional services are designed to distribute traffic within Azure virtual networks (VNets) and services within a single region. Typically, these would be used for virtual machines (VMs) and containers.
Global services
Global services are designed to distribute traffic across different regions. This can also be used to extend services beyond the Azure cloud into other clouds or on-premises environments. They also include features for better system performance on a global scale by creating distributed workloads that can cater to specific regional requirements. Typically, these would be used for global web services that require local regional services and HA.
Load balancer service options
Azure provides two load balancer services catered to traffic that is not HTTP(S)-related, meaning that they are not intended for web-related workloads. These are frequently used to distribute traffic between VMs:
- Azure Load Balancer (regional service)
- Traffic Manager (global service)
In addition to the preceding services, there are currently two services that can be deployed to cater to web-based traffic, being HTTP(S) traffic, and are delivered as Layer 7 load balancers. These are Azure Application Gateway and Azure Front Door.
Top Tip
As of the time of writing, Azure has a cross-region load balancer in preview; you can read more about the service here: https://docs.microsoft. com/en-us/azure/load-balancer/cross-region-overview.
These services offer Secure Sockets Layer (SSL) offloading, path-based load balancing, and session affinity configuration settings. You can also choose to enable the web application firewall feature, which scans the traffic received by your applications and assesses this for anomalous behavior, particularly focused on web applications. The two services that can be used for web-based load balancing are as follows:
- Application Gateway (regional service)
- Azure Front Door (global service)
Next, we will discuss the features available in Application Gateway and Front Door, and also understand their purposes.
SSL offloading
SSL is the technology that enables encrypted communication between your browser and web application service. This has now been replaced by a newtechnology called Transport Layer Security (TLS). One of the benefits of both Application Gateway andAzure Front Door is that they provide SSL offloading or TLS termination that effectively transfers the decryption function to the load balancing service implemented. This provides several benefits to your application infrastructure, namely better performance and utilization of your backend services. This termination functionality also enables the load balancer to interrogate the traffic to provide more intelligent management features such as routing and header management.