Pick a load balancer: Azure Front Door vs. Application Gateway
Every cloud infrastructure requires a solid network architecture and Azure has two load balancers that can improve network performance. Discover where each one will fit the best.
To get the most from a cloud computing architecture, it's imperative to underpin your infrastructure with the right networking management tools.
Microsoft Azure includes an array of load balancing and network management tools, chief among them are Azure Front Door and Azure Application Gateway. Both tools essentially perform the same task but each is suited to a different purpose. And in some cases, they can be used simultaneously.
What is Azure Front Door?
Azure Front Door is a single global entry point which uses an edge network to create scalable web applications. The fully managed service can be configured as a load balancer for an application that runs on Azure. It operates at Open Systems Interconnection Layer 7, also known as the application layer. This means it manages network traffic related to application content.
Some features that improve performance and reliability include the following:
- split TCP-based Anycast protocol for accelerated performance;
- back-end resource health probe monitoring;
- URL path-based routing;
- Secure Sockets Layer (SSL) offloading and certificate management;
- integrated Web Application Firewall (WAF); and
- end-to-end IPv6 connectivity and HTTP/2 protocol native support.
What is Azure Application Gateway?
Azure Application Gateway is a web traffic load balancer, also Layer 7, that manages application content traffic. Its setup process is similar to Azure Front Door. Users can create an Application Gateway, as well as a Front Door, using Azure Portal, PowerShell, Azure CLI and ARM templates. It also shares some features with Azure Front Door, such as session affinity and WAF integration.
Some if its features to manage traffic include the following:
- SSL/TLS termination
- zone redundancy
- static VIP
- URL-based routing
- multiple-site hosting
- WebSocket and HTTP/2 traffic native support
What are the differences?
While Front Door and Application Gateway can both manage Layer 7 traffic, Front Door is a global load balancer while Application Gateway is a regional load balancer. This means that Front Door is better suited in the following situations:
- You use multiple regions within your cloud.
- Your priority is to route traffic to the most efficient endpoint.
Meanwhile, Application Gateway is better suited for those who want more granular control over how traffic is balanced within the same region. You can write rules that govern exactly how Application Gateway distributes traffic within a regional application environment. This is ideal if you need to load balance between individual virtual machines, for example.
Can you use Front Door and Application Gateway together?
Sometimes it makes sense to run Front Door and Application Gateway at the same time. You can use Front Door as a global load balancer to interface with all application traffic that enters your cloud. From there, Front Door directs the traffic to different regions, at which point Application Gateway takes over to provide fine-tuned load balancing within each region.
But just because you can use both services simultaneously doesn't always mean you should. For a simple app that runs across multiple regions and doesn't require complex routing based on low-level rules, Front Door is likely all you need.