Skip to content

Note

文件更新時間: 20230720

How To: Traffic Load Balancing in Azure

關於 Traffic Load Balancing 常見 9 種解決方案組合

  1. 單獨用 Azure Load Balancer
  2. 單獨用 Front Door
  3. 單獨用 Application Gateway
  4. 單獨用 Traffic Manager
  5. Multi-Tenant SaaS on Azure = 前面用 Azure Front Door 後面接 Application Gateway
  6. Multi-region N-tier application = 前面接 Traffic Manager 後面接 Load Balancer
  7. Multi-tier web application built for HA/DR = 前面接 Traffic Manager 後面接 Load Balancer
  8. Multi-region load balancing = 前面接 Traffic Manager 後面接 Application Gateway
  9. Zero-Trust network for Web Applications = 前面接 Application Gateway 後面接 Azure Firewall

Decision tree for load balancing in Azure

基於 Decision tree for load balancing in Azure

關於服務能力和區域 Regional / Global

基於 Global versus regional

Layer Regional Global
DNS Azure Traffic Manager Azure Traffic Manager
L7 (HTTP, HTTPS) Azure Application Gateway Azure Front Door
L4 (TCP) Azure Load Balancer Azure Cross-region (Global) Load Balancer

關於服務 Inbound 路線: Private Network / Public Network

Componets Private Network Public Network
Azure Front Door ⛔ ✅
Azure Traffic Manager ⛔ ✅
Azure Application Gateway ✅ ✅
Azure Load Balancer ✅ ✅
Azure Cross-region (Global) Load Balancer ⛔ ✅

Service Comparison

Features Azure Application Gateway Azure Front Door Azure Load Balancer Azure Traffic Manager
Supported protocols HTTP, HTTPS, HTTP/2 HTTP, HTTPS, HTTP/2 TCP, UDP Any (DNS Based)
Private Load Balancing (1) ✅ ⛔ ✅ ⛔
Global load balancing (2) ⛔ ✅ ✅ ✅
Routing Policies Round robin Latency, priority, round robin, weighted round robin Hash Based Geographical, latency, weighted, priority, subnet, multi-value
Supported environments Azure, non-Azure cloud, on prem Azure, non-Azure cloud, on prem Within Azure Azure, non-Azure cloud, on prem
Connection draining (3) ✅ ⛔ ⛔ ⛔
Session affinity (4) ✅ ✅ ✅ ⛔
Host and path based load balancing (5) ✅ ✅ ⛔ ⛔
TLS offloading (6) ✅ ✅ ⛔ ⛔
Site acceleration (7) ⛔ ✅ ⛔ ⛔
Security Web Application Firewall (WAF), Network Security Group (NSG) Web Application Firewall (WAF) Network Security Group (NSG) ⛔
Caching and compression (8) ⛔ ✅ ⛔ ⛔
1. Used where private IPs are needed at the frontend only.
2. Traffic distribution across multiple regional deployments or use it to improve application uptime with regional redundancy.
3. Gracefully remove backend pool members during planned service updates.
4. Useful when you want to keep a user session on the same server.
5. Application-layer processing to route requests to the endpoints being load balanced
6. TLS termination at the load balancing service, data will flow unencrypted to the backend servers
7. Dynamic site acceleration (DSA).
8. Caching of content and dynamic compression on the edge.

關於 Azure Load Balancer 排列組合

Features Basic Standard Gateway
Network Public / Private Public / Private Private
Tier Regional Regional / Global Regional

結論: 一般狀況就是選 Azure Load Balancer (Standard/Regional) 就對了

已知 Azure PaaS 採用方案

  • Azure Red Hat OpenShift

    • 預設使用 Azure Load Balancer (Standard/Regional)
  • Azure Kubernetes Service

    • 預設使用 Azure Load Balancer (Standard/Regional)
    • Ingress 使用 Azure Application Gateway Ingress Controller (+ Web Application Firewall)
  • NVA,例如 F5 BIG-IP / Check Point CloudGuard / Citrix ADC / Fortinet FortiGate / Trend Micro Cloud One

  • 使用 Azure Load Balancer (Gateway)