Here’s a step-by-step guide to implement an Azure Application Gateway, including selecting a routing method.
Prerequisites
Before starting, ensure you have:
Azure Subscription: Access to an active Azure subscription.
Resource Group: A logical container for your resources.
Virtual Network (VNet): Set up a VNet with two subnets:
Application Gateway Subnet: Reserved for the gateway.
Backend Subnet: Where backend servers (e.g., VMs or App Services) reside.
SSL Certificate (Optional): For HTTPS listeners.
Create an Azure Application Gateway
a. Navigate to the Azure Portal
Go to the Azure Portal.
Search for "Application Gateway" in the search bar and click Create.
b. Basic Configuration
Subscription: Select your subscription.
Resource Group: Use an existing one or create a new one.
Name: Provide a unique name for the Application Gateway.
Region: Choose the same region as your backend resources.
Tier: Select the appropriate tier:
Standard_v2: For high-performance and autoscaling.
WAF_v2: Adds Web Application Firewall capabilities.
Autoscaling: Enable autoscaling or set instance count.
c. Frontend Configuration
Choose the Frontend IP type:
Public IP: For internet-facing applications.
Private IP: For internal-only traffic within the VNet.
Assign a new or existing Public IP address.
Configure Routing and Backend
a. Backend Pool
Add a Backend Pool by providing the following:
Target Type: Select VMs, App Services, IP addresses, or FQDNs.
Backend Targets: Add the specific resources (e.g., VM IPs or App Service names).
Save the backend pool.
b. HTTP Settings
Configure HTTP settings to define how the gateway communicates with backends:
Protocol: Choose HTTP or HTTPS.
Port: Use the backend service's listening port (e.g., 80 or 443).
Cookie-Based Affinity: Enable if you want session persistence.
Custom Probe (Optional): Use health probes to monitor backend health.
c. Listener
Add a listener to define how the gateway receives client traffic:
Listener Name: Unique name for the listener.
Frontend IP: Select the frontend IP configured earlier.
Protocol: Choose HTTP or HTTPS.
SSL Certificate (if HTTPS): Upload a PFX certificate file.
d. Routing Rules
Select the routing method
Basic Routing: All traffic goes to a single backend pool.
Path-Based Routing: Direct traffic based on URL paths (e.g.,
/images→ Pool A,/api→ Pool B).Multi-Site Routing: Route based on domain names (e.g.,
app1.contoso.comandapp2.contoso.com).
Create a rule
Associate the listener with a backend pool and HTTP settings.
Add specific path mappings or domains if using advanced routing.
Configure Additional Features
a. Enable WAF (Optional)
If using the WAF_v2 tier, configure the Web Application Firewall:
Select Detection or Prevention Mode.
Add custom or default WAF rules (e.g., OWASP CRS).
b. HTTP to HTTPS Redirection
Add a separate listener for HTTP.
Configure a redirect rule to forward HTTP traffic to the HTTPS listener.
c. SSL Termination
SSL traffic terminates at the Application Gateway, decrypting traffic before forwarding it to backend servers.
To maintain encryption, configure HTTPS communication with backend servers.
Review and Create
Review all configurations.
Click Create to deploy the Application Gateway. Deployment typically takes a few minutes.
Test and Monitor
a. Access the Application
Use the Application Gateway's public IP or DNS name to access the application.
Verify that traffic is routed correctly.
b. Monitor Performance
Use Azure Monitor and Logs to track:
Request count.
Latency.
Backend health status.
Set up alerts for specific metrics (e.g., high response times or unhealthy backends).
Routing Example
Scenario: Path-Based Routing
URL
/images→ Backend Pool A (handles image requests).URL
/api→ Backend Pool B (API services).
Steps:
In Routing Rules, choose Path-Based Routing.
Add path mappings:
/images/*→ Pool A./api/*→ Pool B.
Save and deploy.
Summary
Let me know if you need commands for deployment via Azure CLI, or ARM templates for automation.
Leave a Reply