Azure for Architects
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Load balancing

Azure provides two constructs to provision load balancers. It provides a level 4 load balancer that works at the transport layer within the TCP OSI stack, and a level 7 load balancer that works at the application and session level.

Although both application gateways and load balancers provide the basic features of balancing the load, they serve different purposes. There are use cases in which it makes more sense to deploy the application gateway compared to the load balancer.

The application gateway provides the following features that are not available in the Azure load balancers:

  • Web application firewall: This is an additional firewall on top of the operating system firewall and has the capability to peek into incoming messages. This helps in identifying and preventing common web-based attacks such, as SQL injection, cross-site scripting attacks, and session hijacks.
  • Cookie-based session affinity: Load balancers distribute incoming traffic to service instances that are healthy and relatively free. A request can be served by any service instance. There are applications that need advance features in which all subsequent requests following the first request should be processed by the same service instance. This is known as cookie-based session affinity. The application gateway provides cookie-based session affinity to keep a user session on the same service instance using cookies.
  • Secure Sockets Layer (SSL) offload: The encryption and decryption of request and response data is performed by SSL and is generally a costly operation. Web servers should ideally be spending resources on processing and serving requests, rather than encryption and decryption of traffic. SSL offload helps in transferring this cryptography process from the web server to the load balancer, thereby providing more resources to web servers serving users. The request from the user is encrypted, but gets decrypted at the application gateway instead of the web server. The request from the application gateway to the web server is unencrypted.
  • End-to-end SSL: While SSL offload is a nice feature for a certain application, there are certain mission-critical secure applications that need complete SSL encryption and decryption even if traffic passes through load balancers. An application gateway can be configured for an end-to-end SSL cryptography as well.
  • URL-based content routing: Application gateways are also useful for redirecting the traffic to different servers based on the URL content of incoming requests. This helps in hosting multiple services alongside other applications.
上一章目录下一章