Skip to content

azGateways

Jump to bottom
Kam Lagan edited this page Nov 2, 2021 · 1 revision

What are some different gateways?

Load balancer

  • pretty dumb
  • works at TCP/UDP level
  • passes data on but never looks at it
  • used to load balance on the transport layer (layer 4 eg: 192.168.0.1:8080 -> backend pool 1)
  • NAT for public access
  • preserves source IP and details
  • acts more like a switch by not interacting with the payloads
  • test health with health probes and pull bad nodes out of cycle

Traffic Manager

  • load balancer at a global level
  • layer 4 (IP, ports etc)
  • evenly distributes the load
  • routes but does not interact with the data passing through (so no termination or handoff)
  • load balances virtual machines
  • can route over microsoft network

Application Gateway

  • used to load balance on the application layer (layer 7 eg: /api/videos -> backend pool 1, /web/images/ -> backend pool 2).
  • single point of contact acting like a reverse proxy routing traffic to back end pools
  • single point of contact (ip address) can host 100 domain names and route requests based on domain name
  • global version of an application gateway
  • application gateway can not work cross region as it resides in a vnet
    • layer 7 (http)
    • (supports) TLS termination but supports end to end tls (?)
    • web application firewall capability
    • protects against OWASP vulnerabilities
    • load balancing capability
    • vnet integration
    • logging
    • supports handoff and termination
    • no support for authentication which must be managed by backend pool
    • promotes availability
    • supports scalability/elasticity
    • route over microsoft network

API Gateway

  • azure doesn't have a dedicated one - it is wrapped up in APIM
  • secure and scale APIs
  • orchestrator between requests and backend services (map/reduce)

Azure specific gateways

API Management Service

  • layer 7
  • three parts
    • api gateway
    • admin portal
    • developer portal
  • NO load balancing
  • self - hosted gateways allow local transport routing - but requires agents installed on backend
  • modify requests
  • modify responses
  • routing to backend
  • quota management (rate limiting)
  • caching
  • validate jwt
  • authn and authz
  • black/white list IPs

Front door/application gateway (application layer 7)

  • intelligent
  • works at HTTP/HTTPS level
  • can hand off ssl and make routing decisions based on data

Azure Front Door vs Azure Traffic Manager

  • Front Door is to Traffic Manager what Application Gateway is to Load Balancer
  • both are layer 7

What is DNS routing

  • doesn't see the traffic
  • works with DNS requests from the client to redirect traffic
  • helps client determine which IP address to resolve to based on rules

Examples of software api gateways: nginx, HAProxy, Ocelot (.net core native)

Link 1
Link 2
Link 3
Link 4
Link 5
Link 6
Link 7
Link 8

My Learning

Clone this wiki locally