Azure application gateway

The Azure load balancer helps us to enable solutions at the infrastructure level. However, there are times when advanced services and features are required from the load balancer itself. These advance services include SSL termination, sticky sessions, advanced security, and more. Azure application gateway are built on top of Azure load balancers to provide these additional features. The Azure application gateway is a level 7 load balancer that works with the application and session payload in a TCP OSI stack. Application gateways have more information compared to the Azure load balancer to make decisions on request routing and load balancing between servers. Application gateways are managed by Azure and are highly available.

An application gateway sits in between the users and VMs, as shown in the following diagram:

Application gateways are internally implemented using VMs. The internet information service (IIS) is installed and configured with Application Request Routing (ARR) on these VMs. These gateways can be installed on multiple VMs, providing high availability for the gateways themselves. Although not visible, Azure load balancers distribute loads among multiple application gateway servers. Creating an application gateway requires an internal or public IP address and that is used by users to send requests to it. This public IP or internal IP is provided by the Azure load balancer working at the transport level (TCP/UDP) and having all incoming network traffic being load balanced to the application gateway worker instances. The application gateway then routes the HTTP/HTTPS traffic based on its configuration, whether it's a VM, cloud service, or internal or external IP address.

An application gateway is similar to an Azure load balancer from a configuration perspective, with additional constructs and features. It provides a frontend IP, protocol, certificate, and port configuration, backend pool, port, session affinity, and protocol configuration.