Azure Front Door

Question 1

What is Azure Front Door?

Answer 1

It is a L7 global load balancer using anycast to present the same IP in many global location and providing a IP that is the same in all location and connections and routing traffic over the Microsoft global backbone network

Question 2

How is Azure Front Door improving performance?

Answer 2

• Providing connectivity over the Microsoft global backbone network compared to over the internet
• Providing the ability to use split TCP, this is where the connection to the endpoint is the short trip but the connection from endpoint to backends always kept open.

Question 3

Can is used Azure Front Door with L4

Answer 3

No it is only a L7 service

Question 4

Is front door highly available and scalable?

Answer 4

Yes

Question 5

What is the difference between Azure Front Door and Azure Application Gateway?

Answer 5

While both Front Door and Application Gateway are layer 7 (HTTP/HTTPS) load balancers, the primary difference is that Front Door is a global service whereas Application Gateway is a regional service. While Front Door can load balance between your different scale units/clusters/stamp units across regions, Application Gateway allows you to load balance between your VMs/containers etc. that is within the scale unit.

Question 6

When should we deploy an Application Gateway behind Front Door?

Answer 6

Front Door can perform path-based load balancing only at the global level but if one wants to load balance traffic even further within their virtual network (VNET) then they should use Application Gateway.
Since Front Door doesn’t work at a VM/container level, so it cannot do Connection Draining. However, Application Gateway allows you to do Connection Draining.
With an Application Gateway behind Front Door, one can achieve 100% TLS/SSL offload and route only HTTP requests within their virtual network (VNET).
Front Door and Application Gateway both support session affinity. While Front Door can direct subsequent traffic from a user session to the same cluster or backend in a given region, Application Gateway can direct affinitize the traffic to the same server within the cluster.

Question 7

Can we deploy Azure Load Balancer behind Front Door?

Answer 7

Azure Front Door needs a public VIP or a publicly available DNS name to route the traffic to. Deploying an Azure Load Balancer behind Front Door is a common use case.

Question 8

What protocols does Azure Front Door support?

Answer 8

Azure Front Door supports HTTP, HTTPS and HTTP/2

Question 9

What resources are supported today as part of backend pool?

Answer 9

Any public IP or a publicly resolvable DNS hostname

Question 10

What are the 3 logical constructs for Azure Front Door?

Answer 10

• Frontends
• Backends
• Routing rules

Question 11

Have do I ensure request are repeatedly send to same blackened?

Answer 11

Session affinity

Question 12

I am using Azure Front Door, how can I block traffic from a bad actor?

Answer 12

You can enables Firewall and implement a firewall policy.

Question 13

What is front door designer?

Answer 13

It is the GUI tool in front door to enable the design of,

• Frontend
• Backend
• Routing rules

Question 14

When you want to block traffic from bad actor what do you need to add the FD?

Answer 14

Firewall policy