Azure Application Gateway Flashcards
What is Azure Application Gateway?
It is a layer seven load balancer, as in a load balancer for balancing HTTP, HTTPS, WebSocket, and HTTP/2 traffic.
Explain Azure Application Gateway in the context of its deployment architecture?
- It is deployed only in a region\n2. It can be deployed across a region or a single zone.
What is its SLA availability?
99.99% for two or more VMs in two or more availability zones
What is the approach to DR?
It’s a regional service, so there is no MS-provided DR.
Can you have a private internal IP on a VNET?
Yes, 100%, this is supported.
Can you terminate SSL and TLS with the Azure App Gateway?
Yes, both TLS and SSL termination are supported.
Scenario: I have an on-prem application that is a web server on 443
presenting a web interface for users; I am adding a second instance of the web server in Azure for high availability. I also currently have an express router between on-prem and Azure.
Question: How can I load-balance between them using a layer seven load balancer?
Use the Azure Application Gateway; this enables load-balancing between on-prem and Azure web apps. As described, an express route is required to enable traffic from the load balancer to reach the on-prem web app instance.
Can I use the Azure App Gateway to send traffic to a public endpoint?
Yes
Can I use the Azure App Gateway to send traffic to a private endpoint on-prem?
Yes, provided you have a VPN or ExpressRoute to enable the backend traffic to reach the on-prem private endpoint.
Can I use the Azure App Gateway to send traffic to a private endpoint on-prem without a VPN or express route?
You could expose the on-prem endpoint using the Azure Relay so that the Azure App Gateway can send the traffic using the Azure Relay.
Can I use the Azure App Gateway as a cross-regional load balancer?
No, it’s a regional load balancer.
Is the App Gateway deployed automatically as a zone-redundant load balancer?
No, you get to deploy the load balancer at either a Single-Zone or Zone-Redundant configuration.
Do you need to set the scale using the load balancer at deployment time?
No, the Azure App Gateway will automatically scale as required.
I require a virtual IP to always be static for layer seven load balancing. What option do I have
and can you explain it?
Does the Application Gateway support session affinity?
Yes, you can use cookie-based session affinity.
How does cookie-based session affinity work?
Azure Application Gateway adds several headers to forwarded requests: x-forwarded-for, x-forwarded-port, x-forwarded-proto, x-original-host, x-original-url, and x-appgw-trace-id. You can configure header and URL modifications using Rewrite HTTP headers, URL, or path-override settings.
Does the Application Gateway support WebSockets?
Application Gateway provides native support for the WebSocket and HTTP/2 protocols. There’s no user-configurable setting to enable or disable WebSocket support selectively.
I require the ability for connection draining with a layer seven load balancer; what options do I have?
The Azure Application Gateway supports connection draining.
What is connection draining?
Connection draining helps you achieve graceful removal of backend pool members during planned service updates or problems with backend health. This setting is enabled via the Backend Setting and is applied to all backend pool members during rule creation. Once enabled, the application gateway ensures all deregistering instances of a backend pool don’t receive any new requests while allowing existing requests to be completed within a configured time limit.
Does the Azure Application Gateway support custom error pages?
Application Gateway allows you to create custom error pages instead of displaying default error pages. You can use your branding and layout using a custom error page.
Can I use the Azure App Gateway to send traffic to another internet-based endpoint?
Yes, 100%; you can configure an IP on the internet as a backend endpoint.
I have a virtual machine in a VNET and want to access the Azure Application Gateway API securely without going over the Internet. How can I achieve this?
Use a private link with Azure App Gateway.
I require an Azure Kubernetes Service (AKS) Ingress controller; what is the best service?
Azure Application Gateway with its Ingress controller is a suitable option.
I require a layer seven service that can rewrite headers; what are my options?
Azure Application Gateway has the capability to rewrite HTTP headers.