Load balancing

Azure provides two constructs to provision load balancers. It provides a level-4 load balancer that works at the transport layer within TCP OSI stack and a level-7 load balancer that works at application and session level.

Although both application gateways and load balancer provide basic features of balancing the load, they serve different purposes. There are use cases in which application gateway makes more sense to deploy compared to load balancer.

Application gateway provides the following features that are not available in the Azure load balancers:

• Web application firewall: This is an additional firewall on top of operating system firewall and has the capability to peek into incoming messages. This help in identifying and protecting from common web-based attacks such as SQL injection, cross-site scripting attacks, and session hijacks.
• Cookie-based session affinity: Load balancers distribute incoming traffic to services instances that are healthy and relatively free. A request can be served by any service instance. There are applications that need advance features in which all subsequent requests following the first request should be processed by same service instance. This is known as cookie-based session affinity. Application gateway provides cookie-based session affinity to keep a user session on the same service instance using cookies.
• Secure Sockets Layer (SSL) offload: Encryption and decryption of request and response data are performed by SSL and is generally a costly operation. Web servers should ideally be spending its resources on processing and serving requests rather than encryption and decryption of traffic. SSL offload helps in transferring this cryptography process from the web server to load balancer thereby providing more resources to web servers serving users. The request from the user is encrypted but gets decrypted at application gateway instead of the web server. The request from application gateway to web server is unencrypted.
• End to end SSL: While SSL offload is a nice feature for a certain application, there are certain mission-critical secure applications that need complete SSL encryption and decryption even if traffic passes through load balancers. Application gateway can be configured for an end to end SSL cryptography as well.
• URL-based content routing: Application gateway are also useful to redirect the traffic to different servers based on the URL content of incoming requests. This helps in hosting multiple services alongside other applications.