Speakers: Daniel Grickholm & Amit Srivastava
I arrived late to this session after talking to some product group people in the expo hall.
Application Gateway Demo
We see the number of instances dynamically increase and cool down – I think there was an app on Kubernetes in the background.
Application Gateway
Application gateway ingress controller for AKS v2.
- Attach WAG to AKS clusters.
- Load balance from the Internet to pods
- Supports features of K8s ingress resource – TLS, multisite and path-based
Demo: we see a K8s containers app published via the WAG. The backend pool is shown – IPs of containers. Deleting the app in K8s removes the backend pool registration from the WAG (this fails in the demo).
Web Application Firewall
Demo – WAF
App behind a firewall with no exclusion parameters. Backend pool is a simple PHP application. Second firewall is using the same backend VM as a backend pool – a scan exclusion is set up to ignore any field which matches a “comments” string. The second one allows a comment post, the other one does not.
Get performance closer to the customer. Runs in edge sites, not the azure data centers.
Once you hit an edge site via front door, you are on the Azure WAN.
ADN = application delivery network
Big focus on SLA HA and performance. Built for Office.
5 years old and mature.
Can work in conjunction with WAG, even if there is some overlap, e.g. SSL termination.
What will be in the next demo:
Has an app for USA in Central US. Another for UK deployed in UK South. Shows the front door creation – Name/resource group, Configuration screen during creation is a bit different for Azure. Create a global CName and session affinity in fron end hosts. Create backends – app service, gateways, etc. You can set up host headers for custom domains, priority, port translation, priority for failover, weight for load balancing. You can add health probes to the backend pools, to a URL path, HTTP/S, and set the interval. Finally you create a routing rule; this maps frontend hosts to backend pools. You can set if it should be HTTP and/or HTTPS.
Skips to one he created earlier. When he browses the two apps that are in it, he is sent to the closest instance – in central US. You can set up rules to block certain countries.
You can implement rate limiting and policies for fairness.
You can implement URL rewrites to map to a different path on the web servers.
This is like traffic manager + WAG combined at the edges of the Azure WAN.
Front Door load balances between regions. WAG load balances inside the region – that’s why they work together.