There are multiple ways in which one can manage traffic or balance load in Azure.
Azure Load balancer work at layer 4 of the OSI model, i.e. at the transport layer. This means it just directs the incoming traffic to destination IPs and does not have access to request data.
A load balancer has the following main components
- Frontend IP configuration
- Backen Pool (for example VMs)
- Health Probes
- Load Balancing rules
The application gateway in Azure works at layer 7, which is the Application layer in the OSI model. This means the API gateway can access request data and form rules on that. For example, we can set rules that /images pattern is getting redirected to a backend, whereas /videos pattern to another. Additional one can have features like SSL termination, and WAF (Web Application Firewall, that will protect from threats like SQL injection attack, Cross Site Scripting or XSS attack, etc.) implemented.
Application gateway core components
- Frontend IP (public or private)
- Listeners (listens to traffic and route based on rules)
- Request Routing Rule (when adding rule, you need to define listener and backend pool)
- Backend pool
While talking about application gateway, it is important to mention Azure Front Door, which can work at the global level. From Azure “While both Front Door and Application Gateway are layer 7 (HTTP/HTTPS) load balancers, the primary difference is that Front Door is a non-regional service whereas Application Gateway is a regional service. While Front Door can load balance between your different scale units/clusters/stamp units across regions, Application Gateway allows you to load balance between your VMs/containers etc. that is within the scale unit.”
The traffic manager distributes traffic at the DNS level, hence it is used for managing traffic at the global region level. For example, you might want to send traffic originating from Europe to hit Europe servers whereas traffic from North America to hit North America servers. While resolving the DNS, the traffic manager will choose the backend endpoint based on the rules set. An important thing to note here is that actual traffic never passes through the traffic manager, as was the case with the Load balancer or Application gateway, because the traffic manager is only responsible for providing back the endpoint, and after that client directly interacts with the endpoint.
Following routing methods are allowed