Load Balancers are nothing new to the IT world. Basically, it distributes workloads across multiple computing resources. However, Azure has evolved to provide multiple load-balancing solutions such as Azure Application Gateway, Azure Front Door, Azure Load Balancer, and Azure Traffic Manager. You have the option to pick the right solution according to the requirements.

In this post, I will briefly introduce each of these load-balancing services and support you in picking and choosing the right solution that matches your needs.

Key decision makers

When you are selecting the right solution, there are many factors you need to consider. Following are the main decisions Microsoft has specified to support this decision.

Traffic type

To start, it's crucial to understand your application thoroughly. Determine if it's a web application and what type of traffic it handles. For HTTPS/HTTP traffic, consider a Layer 7 supported load balancing solution. If it involves non-HTTP traffic, explore load balancing solutions tailored for non-web workloads. Additionally, identify whether the application needs to be accessed publicly from the internet. If so, additional security measures like a web application firewall and DDoS protection may be necessary.

Global vs. regional:

Azure Front Door and Azure Traffic Manager are global solutions. They distribute traffic across regional backends, clouds, or hybrid on-premises services—also, these services route end-user traffic to the closest available backend.

Regional load balancers distribute traffic within virtual networks across virtual machines (VMs) or service endpoints within a region. It does not expand from the region that it deployed. Systems that load balance between VMs, containers, or clusters within a region in a virtual network. Azure Application Gateway and Azure Load Balancer are regional load balancers.

PAAS, AKS, IaaS?

If your application is a Platform as a Service (PaaS) offering, you do not need to handle virtual machines (VMs) or networking resources. PaaS solutions typically require a global and HTTP/HTTPS-compatible approach. Azure Kubernetes Service (AKS) facilitates the deployment and management of containerized applications, allowing for global or regional traffic flow. On the other hand, Infrastructure as a Service (IaaS) involves provisioning the necessary VMs and associated network and storage components. In this scenario, internal load balancing is typically implemented within the virtual network.

Cost, Availability, and service limits

It would help if you considered the pricing of each solution, the cost of the service itself, and the operations cost for managing a solution built on that service. You can use the Azure pricing calculator for that. Also, make sure the availability of the load balancing service matches your needs.

Following a flowchart guides you through key decisions to choose the right solution.

Using Azure portals "Help me Choose" questionnaire.

1. Login to Azure Portal and type load balancers in the search
2. Select Load balancing – help me choose
   
   
   
3. You can answer the questions according to your requirements.
   
   
   
   
   
   
   
   
   
   
   

Introduction to Load Balancing services provided by Azure.

Azure Application Gateway

Azure Application Gateway operates at the application layer (Layer 7) and manages HTTP and HTTPS traffic. It has the capability for SSL termination at the gateway, allowing unencrypted traffic to flow to the backend servers. This feature reduces the encryption and decryption overhead, benefiting web servers. Application Gateway supports various backend resources, including VMs, VM scale sets, App Servers, IP addresses, AKS, and URLs. However, it is confined to a specific region and offers zone redundancy within that region. In practical terms, Azure Application Gateway becomes a suitable choice if you have a public-facing application with HTTP and require Web Application Firewall (WAF) functionality.

Azure Front Door

If you're expanding your application to multiple regions and it operates at the web-based Layer 7 using HTTP/HTTPS, a great solution is Azure Front Door. Azure Front Door acts as a Layer 7 global load balancer, delivering your content through Microsoft's extensive global edge network, featuring numerous global and local points of presence (PoPs) strategically distributed worldwide, near enterprise and consumer end users. It offers similar features to App Gateway, including URL redirect, URL rewrite, SSL offloading, and additional capabilities like anycast network, split TCP connections, and custom domains.

Azure Traffic Manager

Azure Traffic Manager serves as a DNS-based load-balancing solution. It acts as an intermediary between your custom domain's DNS and multiple public endpoints, allowing you to direct traffic to these endpoints using various traffic routing methods. The available DNS routing methods include performance-based, weighted, priority-based, geographic, and subnet-based routing. Additionally, the Traffic Manager monitors the health of each endpoint, which can be internet-facing Azure-hosted services or external to the Azure environment.

Azure Load Balancer

Azure Load Balancer operates at Layer 4, handling TCP and UDP traffic. It performs fundamental load-balancing tasks by directing incoming traffic from its front end to backend pool instances through configured load-balancing rules and health probes. These backend pool instances can consist of Azure Virtual Machines or Virtual Machine Scale Sets.

There are two versions of Azure Load Balancer: Standard, which is a paid version, and Basic, which is a free version. You can deploy it as either a Private or Public Load Balancer. In the case of a Private Load Balancer, it uses an internal IP address for the front end, allowing you to balance traffic within a virtual network. On the other hand, a Public Load Balancer has a public endpoint for the front end, enabling you to balance internet traffic to your VMs.

I hope this post is helpful.