Azure Load Balancer & Application Gateway

“Welcome back. Today we cover two core load balancing services in Azure — Azure Load Balancer for Layer 4 TCP/UDP traffic distribution, and Application Gateway for Layer 7 HTTP/HTTPS intelligent routing with a built-in Web Application Firewall. Every production web application needs one of these. Understanding when to use which is essential for Azure architects.”

“The OSI model layer tells you what the load balancer understands about the traffic. Layer 4 load balancers see IP addresses and ports — they distribute TCP and UDP connections without understanding the content. This makes them extremely fast and able to handle any protocol. Layer 7 load balancers understand HTTP — they can route based on URL path, host header, query parameters, and cookies. They can terminate SSL, rewrite headers, and block malicious HTTP requests. Choose Layer 4 for non-HTTP workloads or internal VM-to-VM load balancing; choose Layer 7 for internet-facing web applications.”

“Azure Load Balancer is Azure's Layer 4 network load balancer. Always use the Standard SKU for production — it supports Availability Zones for zone-redundant frontends, has a 99.99% SLA, and is required for Azure Firewall integration. Configure a health probe to check backend health — HTTP probes are more reliable than TCP because they verify the application is responding, not just the port is open. Load balancing rules distribute traffic from the frontend IP to the backend pool. NAT rules let you reach individual VMs in the pool on different ports for administration.”

“Application Gateway is Azure's Layer 7 application delivery controller. The v2 SKU includes a Web Application Firewall with OWASP Core Rule Set protection, blocking SQL injection, XSS, and hundreds of other attacks. SSL termination at the gateway decrypts HTTPS traffic and sends plain HTTP to backends, simplifying certificate management — one certificate at the gateway instead of on every VM. Path-based routing lets you send different URL paths to different backend pools — a microservices pattern where one Application Gateway handles routing for all services.”

“The Web Application Firewall in Application Gateway is your first line of defense for public web applications. Start in Detection mode to understand what traffic your WAF would block — review logs before switching to Prevention mode to avoid blocking legitimate traffic. OWASP Core Rule Set includes hundreds of rules covering OWASP Top 10 vulnerabilities. Add custom rules for your specific requirements — block traffic from countries you don't operate in, rate limit suspicious IPs, or block requests with specific headers. Route WAF logs to Log Analytics and create alerts for attack patterns.”

“For true high availability, every component in your architecture needs redundancy. Configure zone-redundant Load Balancer frontends — a single frontend IP distributed across all availability zones. Spread backend VMs across availability zones so a zone failure removes only a fraction of capacity. Application Gateway v2 is zone-redundant by default with autoscaling. For global multi-region applications, Azure Front Door provides global Layer 7 load balancing with integrated CDN and WAF — routing users to the nearest healthy region.”

“Azure has four load balancing services — each for a different scope. Load Balancer for Layer 4, internal or public, single region. Application Gateway for Layer 7 web applications in a single region with WAF. Azure Front Door for global multi-region Layer 7 with CDN and global WAF. Traffic Manager for DNS-based global routing. Production architectures often stack these: Front Door at the global edge routing to Application Gateways in each region, which route to Load Balancers fronting backend VMs. The layers complement each other.”

“Load balancing is fundamental to any production Azure architecture. Every VM workload and web application should be behind a load balancer or Application Gateway. Next episode we cover Azure Backup and Site Recovery — protecting your data and enabling rapid recovery when failures happen.”