Friday, May 10, 2024

 This is a continuation of articles on IaC shortcomings and resolutions. One of the pitfalls of IaC modernization is the copy-and-paste mindset when it comes to transferring existing rules from one resource type to another.  Take the case of dedicated deployment for resources like Azure Front End and Azure Application Gateway. The default traffic corresponds to the “/*” rule and clients expecting to get a response from a zonal resource such as a virtual machine scale set might expect it to come from a specific instance in a given region and zone regardless of whether the resource is switched from Azure Application Gateway to Azure Front Door without nesting one behind the other and as a drop-in replacement between clients and hosted applications. Yet, the resources differ from one another in how the default traffic is handled.

1. Azure Application Gateway:

o Azure Application Gateway is a layer 7 load balancer that provides application-level routing and load balancing services.

o By default, when traffic is sent to the root path ("/") of the domain, Azure Application Gateway uses the "default backend pool" to handle the request.

o The default backend pool can be configured to point to a specific backend pool or virtual machine scale set. It acts as a fallback when no specific path-based routing rules match the request.

o If you have defined any path-based routing rules for other paths, they will take precedence over the default backend pool when matching requests.

2. Azure Front Door:

o Azure Front Door is a global, scalable entry point for web applications that provides path-based routing, SSL offloading, and other features.

o When traffic is sent to the root path ("/") of the domain, Azure Front Door uses the "default routing rule" to handle the request.

o The default routing rule in Azure Front Door allows you to define a set of backend pools and associated routing conditions for requests that don't match any specific path-based routing rules.

o You can configure the default routing rule to redirect or route traffic to a specific backend pool, providing flexibility in handling default requests.

In summary, both Azure Application Gateway and Azure Front Door offer path-based routing capabilities, but they handle default traffic sent to the root path differently. Azure Application Gateway uses a default backend pool as a fallback, while Azure Front Door uses a default routing rule to handle such requests.

Now let us consider the case where two application gateways, one for each region is placed as backend to a global Azure Front Door. Furthermore, let us say each application gateway routes to different backend pool members for “/images/” and “/videos” respectively. If the traffic always went to the same application gateway, there would be predictability in who answers either route but the default routing rule of “/*” in the FrontDoor means either application gateway could be targeted and the response might come unexpectedly from another region. In this case, the proper configuration would make distinct routes to each application gateway and these routes can have route path qualifiers for images and videos. In fact, it might even be better to consolidate all images behind one application gateway and all videos behind the other if the latency differences can be tolerated. In this way, the resolution to the target becomes predictable.


No comments:

Post a Comment