Azure Front Door offers a service that also works at the application layer (Layer 7). It is an Application Delivery Network (ADN) as a service, and it offers various load balancing capabilities for your applications.
Both Azure Front Door and Azure Application Gateway are Layer 7 (HTTP/HTTPS) load balancers. The difference between the two is that Front Door is a global service, whereas Application Gateway is a regional service. This means that Front Door can load balance between different scale units across multiple regions. Application Gateway is designed to load balance between other VMs/containers located inside the same scale unit.
Azure Front Door offers the following features and capabilities:
- Accelerates application performance: End users can quickly connect to the nearest Front Door Point of Presence (POP) using the split TCP-based anycast protocol. It then uses Microsoft’s global network to connect the application to the backend.
- Smart health probes: Front Door increases application availability with smart health probes. These probes will monitor the backends for both availability and latency and provide instant automatic failover when a backend goes down. This way, you can run planned maintenance operations on your applications without any downtime. Traffic is redirected to alternative backends during maintenance.
- URL path-based routing: This allows you to route traffic to backend pools based on the request’s URL paths.
- Multiple-site hosting allows you to configure more than one web application on the same Front Door configuration. This allows a more efficient topology for deployments. Azure Front Door can be configured to route a single web application to its backend pool or route multiple web applications to the same backend pool.
- Session affinity: Azure Front Door offers managed cookies, keeping a user session on the same backend application. This feature is suitable in scenarios where the session state is saved locally on the backend for a user session.
- Custom domains and certificate management: If you want your domain name to be visible in the Front Door URL, a custom domain is necessary. This can be useful for branding purposes. Also, HTTPS for custom domain names is supported and can be done by uploading your SSL certificate or implementing Front Door-managed certificates.
- SSL termination: Front Door offers SSL termination, which speeds up the decryption process and reduces the processing burden on backend servers. Front Door supports both HTTP and HTTPS connectivity between Front Door environments and your backends. Thus, you can also set up end-to-end SSL encryption if this is required.
- URL redirection: To ensure that all the communication between the users and the application occurs over an encrypted path, web applications are expected to redirect any HTTP traffic to HTTPS automatically. Azure Front Door offers the functionality to redirect HTTP traffic to HTTPS. It also allows you to redirect traffic to a different hostname, redirect traffic to a different path, or redirect traffic to a new query string in the URL.
- Azure DDoS Protection Basic protects application-layer security: The Front Door platform also allows you to create rate-limiting rules to battle malicious bot traffic and configures custom web application firewall rules for access control. This can protect your HTTP/HTTPS workload from exploitation based on client IP addresses, HTTP parameters, and the country code.
- URL rewrite: You can configure an optional custom forwarding path to support URL rewrite in Front Door. This path can be used when the request is made from the frontend to the backend. You can configure host headers when forwarding this request.
- Protocol support – IPv6 and HTTP/2 traffic: Front Door natively offers end-to-end IPv6 connectivity and the HTTP/2 protocol. The HTTP/2 protocol enables full-duplex communication between application backends and a client over a long-running TCP connection.
Many load balancing options can perform similar roles, so we will look at how to differentiate between them in the next section.
Leave a Reply