Azure Load Balancing - Options
Azure load-balancing services
-
Azure Front Door is an application delivery network that provides global load balancing and site acceleration service for web applications. It offers Layer 7 capabilities for your application like SSL offload, path-based routing, fast failover, and caching to improve performance and high availability of your applications.
-
Traffic Manager is a DNS-based traffic load balancer that enables you to distribute traffic optimally to services across global Azure regions, while providing high availability and responsiveness. Because Traffic Manager is a DNS-based load-balancing service, it load balances only at the domain level. For that reason, it can't fail over as quickly as Azure Front Door, because of common challenges around DNS caching and systems not honoring DNS TTLs.
-
Application Gateway provides application delivery controller as a service, offering various Layer 7 load-balancing capabilities and web application firewall functionality. Use it to transition from public network space into your web servers hosted in private network space within a region.
-
Load Balancer is a high-performance, ultra-low-latency Layer 4 load-balancing service (inbound and outbound) for all UDP and TCP protocols. It's built to handle millions of requests per second while ensuring your solution is highly available. Load Balancer is zone redundant, ensuring high availability across availability zones. It supports both a regional deployment topology and a cross-region topology.
| Service | Global / Regional | Recommended traffic | Layer 4 | Layer 7 | DNS Based | Route users to the closest region | Fast Failover | ultra-low-latency | SSL offload | path-based routing | Firewall | Cache |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Azure Front Door | Global | HTTP(S) | Y | Y | Y | Y | Y | |||||
| Azure Traffic Manager | Global | Non-HTTP(S) | Y | Y | ||||||||
| Azure Application Gateway | Regional | HTTP(S) | Y | Y | Y | |||||||
| Azure Load Balancer | Regional or Global | Non-HTTP(S) | Y | Y | Y |
| Feature | Azure API Management | Azure Front Door | Azure Traffic Manager | Azure Application Gateway | Azure Load Balancer |
|---|---|---|---|---|---|
| Primary Purpose | API gateway for managing and securing APIs | Global load balancing and web application acceleration | DNS-based global traffic distribution | Layer 7 load balancing and web application firewall (WAF) | Layer 4 load balancing |
| Layer of Operation | Layer 7 (Application) | Layer 7 (Application) | DNS-based (does not operate at OSI layers) | Layer 7 (Application) | Layer 4 (Transport) |
| Traffic Routing | API routing and management | URL-based routing, path-based, session affinity | DNS-based routing, geo-routing, performance routing | URL/path-based routing, session affinity | TCP/UDP-based load balancing |
| Load Balancing Type | N/A (Manages APIs, not load balancing) | Global load balancing (multi-region) | Global load balancing based on DNS | Regional load balancing | Regional load balancing |
| Global/Regional | Global | Global | Global | Regional | Regional |
| Auto-scaling | N/A (For API management, not scaling) | Yes (automatically scales out globally) | No (relies on endpoint services for scaling) | Yes (scales based on traffic) | Yes (supports VM autoscaling) |
| SSL Termination | Yes (for API traffic) | Yes | No | Yes (supports SSL offloading) | No (SSL handled by backends) |
| Web Application Firewall (WAF) | Yes (can integrate with WAF) | Yes (WAF at edge for protection) | No | Yes (built-in WAF) | No |
| Content Caching | Yes (for API responses) | Yes (supports CDN integration, caching at edge) | No | No | No |
| Health Probes | N/A (monitors API health and analytics) | Yes (health checks for backend services) | Yes (monitors health of endpoints) | Yes (monitors backend health) | Yes (monitors backend health) |
| Session Persistence | N/A | Yes (session affinity via cookies) | No (DNS routing only) | Yes (cookie-based session affinity) | Yes (supports session stickiness) |
| Protocol Support | HTTP, HTTPS, WebSocket, gRPC | HTTP, HTTPS, HTTP/2, WebSocket | Any protocol (since it operates at DNS level) | HTTP, HTTPS, WebSocket | TCP, UDP |
| DDoS Protection | No (can be integrated with Azure DDoS) | Yes (integrated DDoS protection) | No (DNS layer does not offer DDoS protection) | No (can be integrated with Azure DDoS) | No (integrated with Azure DDoS for protection) |
| API Rate Limiting/Throttling | Yes (built-in support) | No | No | No | No |
| Custom Domain Support | Yes | Yes | Yes | Yes | Yes |
| Geolocation Routing | No | Yes | Yes | No | No |
| Path-based Routing | Yes | Yes | No | Yes | No |
| Integration with Other Azure Services | Strong integration with Azure AD, Logic Apps, Event Grid | Strong integration with Azure CDN, WAF | Integrates with Azure VMs, App Services, Cloud Services | Strong integration with Azure App Services, WAF | Integrates with Azure VMs, App Services |
| Multi-Region Failover | No (API management only, doesn't distribute traffic) | Yes (handles failover between regions) | Yes (DNS-based failover between regions) | No (regional load balancing only) | No (regional load balancing only) |
| Best For | Managing, securing, and analyzing APIs | Global web applications requiring low latency and high availability | Global traffic distribution across Azure regions | Web applications needing advanced Layer 7 routing and WAF | Internal or external Layer 4 load balancing across VMs |
Summary of Use Cases:
- Azure API Management: Best for managing, securing, and monitoring APIs, with features like throttling, caching, and API versioning.
- Azure Front Door: Ideal for global web applications requiring low latency, load balancing, and web application firewall protection at the edge.
- Azure Traffic Manager: Used for DNS-based global traffic distribution with routing based on priority, geography, or performance.
- Azure Application Gateway: Best for regional web application load balancing with Layer 7 features like URL-based routing and built-in WAF.
- Azure Load Balancer: Suitable for Layer 4 (TCP/UDP) load balancing of virtual machines and internal traffic in a single region.
Decision tree
References
- https://learn.microsoft.com/en-us/azure/architecture/guide/technology-choices/load-balancing-overview