Note
文件更新時間: 20230720
How To: Traffic Load Balancing in Azure
關於 Traffic Load Balancing 常見 9 種解決方案組合
- 單獨用 Azure Load Balancer
- 單獨用 Front Door
- 單獨用 Application Gateway
- 單獨用 Traffic Manager
- Multi-Tenant SaaS on Azure = 前面用 Azure Front Door 後面接 Application Gateway
- Multi-region N-tier application = 前面接 Traffic Manager 後面接 Load Balancer
- Multi-tier web application built for HA/DR = 前面接 Traffic Manager 後面接 Load Balancer
- Multi-region load balancing = 前面接 Traffic Manager 後面接 Application Gateway
- Zero-Trust network for Web Applications = 前面接 Application Gateway 後面接 Azure Firewall
Decision tree for load balancing in Azure
基於 Decision tree for load balancing in Azure
關於服務能力和區域 Regional / Global
Layer | Regional | Global |
---|---|---|
DNS | Azure Traffic Manager | Azure Traffic Manager |
L7 (HTTP, HTTPS) | Azure Application Gateway | Azure Front Door |
L4 (TCP) | Azure Load Balancer | Azure Cross-region (Global) Load Balancer |
關於服務 Inbound 路線: Private Network / Public Network
Componets | Private Network | Public Network |
---|---|---|
Azure Front Door | ||
Azure Traffic Manager | ||
Azure Application Gateway | ||
Azure Load Balancer | ||
Azure Cross-region (Global) Load Balancer |
Service Comparison
Features | Azure Application Gateway | Azure Front Door | Azure Load Balancer | Azure Traffic Manager |
---|---|---|---|---|
Supported protocols | HTTP, HTTPS, HTTP/2 | HTTP, HTTPS, HTTP/2 | TCP, UDP | Any (DNS Based) |
Private Load Balancing (1) | ||||
Global load balancing (2) | ||||
Routing Policies | Round robin | Latency, priority, round robin, weighted round robin | Hash Based | Geographical, latency, weighted, priority, subnet, multi-value |
Supported environments | Azure, non-Azure cloud, on prem | Azure, non-Azure cloud, on prem | Within Azure | Azure, non-Azure cloud, on prem |
Connection draining (3) | ||||
Session affinity (4) | ||||
Host and path based load balancing (5) | ||||
TLS offloading (6) | ||||
Site acceleration (7) | ||||
Security | Web Application Firewall (WAF), Network Security Group (NSG) | Web Application Firewall (WAF) | Network Security Group (NSG) | |
Caching and compression (8) |
1. Used where private IPs are needed at the frontend only.
2. Traffic distribution across multiple regional deployments or use it to improve application uptime with regional redundancy.
3. Gracefully remove backend pool members during planned service updates.
4. Useful when you want to keep a user session on the same server.
5. Application-layer processing to route requests to the endpoints being load balanced
6. TLS termination at the load balancing service, data will flow unencrypted to the backend servers
7. Dynamic site acceleration (DSA).
8. Caching of content and dynamic compression on the edge.
關於 Azure Load Balancer 排列組合
Features | Basic | Standard | Gateway |
---|---|---|---|
Network | Public / Private | Public / Private | Private |
Tier | Regional | Regional / Global | Regional |
結論: 一般狀況就是選 Azure Load Balancer (Standard/Regional) 就對了
已知 Azure PaaS 採用方案
-
Azure Red Hat OpenShift
- 預設使用 Azure Load Balancer (Standard/Regional)
-
Azure Kubernetes Service
- 預設使用 Azure Load Balancer (Standard/Regional)
- Ingress 使用 Azure Application Gateway Ingress Controller (+ Web Application Firewall)
-
NVA,例如 F5 BIG-IP / Check Point CloudGuard / Citrix ADC / Fortinet FortiGate / Trend Micro Cloud One
-
使用 Azure Load Balancer (Gateway)