Azure Front Door
Ankit Ranjan (DevOps Engineer)
Actively Seeking Azure DevOps/Cloud Role | DevOps Engineer | Automating & Reducing Developer Toil | Modernising IAC like Jam on the Bread | Microsoft Certified: Azure Admin Associate | Certified Terraform Associate |
Suppose you have a web application hosted on two virtual machines in different Azure regions: (Asia Pacific South India) and (Asia Pacific West India). You need to ensure that users can access the application even if a virtual machine becomes unavailable or there is an outage in one of the regions.
Azure Front Door can serve as the entry point for your web application. By configuring routing rules, you can direct incoming traffic to either the (Asia Pacific South India) or (Asia Pacific West India) virtual machines based on the user's location and the current health status of the virtual machines.
For instance, if a user is in Bangalore, Azure Front Door will route the request to the virtual machine in (Asia Pacific South India). If that virtual machine becomes unavailable, Azure Front Door will redirect the traffic accordingly.
Azure Front Door (AFD), as we will refer to it from now on, operates at Layer 7 using the anycast protocol with split TCP and the Microsoft global network. It offers features like SSL offloading, URL redirection, URL rewriting, and cookie-based session affinity, and it can be integrated with a Web Application Firewall. AFD is a global service, whereas Azure Application Gateway is a regional service.
AFD is available in two versions: Standard and Premium.
Let’s understand more about how Azure Front Door (AFD) works. AFD utilizes Microsoft’s global edge network with globally distributed points of presence (PoPs), both global and local. You can find the locations at this URL: Azure Front Door POP locations by region | Microsoft Learn.
Imagine having a web application in the (Asia Pacific West India) region, a second instance in the (Asia Pacific South India) region, and even a third instance on-premises. AFD assigns an anycast IP address across its various PoPs. When a user requests your application, the request is first directed to an Azure Front Door endpoint, one of the strategically placed PoPs worldwide. The endpoint then performs several tasks:
Determining the best endpoint for resolution: AFD considers several factors to identify the optimal endpoint for a request, including the user's location, the health of the backend servers, and the current system load.
Routing rules: Once the best endpoint is determined, AFD applies the routing rules you have configured to handle the request. A Front Door routing rule configuration consists of a "left-hand side" and a "right-hand side. The endpoint then performs several tasks:
Determining the best endpoint for resolution: AFD considers several factors to identify the optimal endpoint for a request, including the user's location, the health of the backend servers, and the current system load.
领英推荐
Routing rules: Once the best endpoint is determined, AFD applies the routing rules you have configured to handle the request. A Front Door routing rule configuration consists of a "left-hand side" and a "right-hand side.e." AFD matches the incoming request to the left-hand side of the route, and the right-hand side defines how Front Door processes the request.
Sending the request to the backend: After applying the routing rules, AFD directs the request to the appropriate backend server. The Front Door environment regularly sends synthetic HTTP/HTTPS requests to each configured backend. These probe responses help Front Door determine the optimal backend resources for routing client requests.
Caching content: AFD checks if the content is already cached at the nearest Azure CDN edge server. If the content is cached, it is directly returned to the user. If not, AFD forwards the request to the origin server, caches the response, and then returns it to the user.
Securing the request: AFD can be integrated with a Web Application Firewall (WAF) to protect your application.
Collecting metrics: AFD collects metrics about the request and response, including response time, status codes, and other relevant data.
In the diagram above, Azure Front Door is deployed regionally, distributing incoming traffic across multiple backend pools—such as web servers or Azure services—based on configurable routing rules and intelligent traffic management algorithms.
"In our upcoming post, we'll explore the fundamental functionalities of Azure Network Security.
Microsoft Azure Microsoft Azure DevOps Microsoft Learn