The higher-level load balancer is called Application Gateway, and it has some special abilities that set it apart from the regular load balancer. After watching this video, you can decide if you need basic Load Balancer or need to upgrade to a more advanced Application Gateway.
- [Instructor] The Azure Load Bouncer is what is called a layer four load bouncer. Layer four from the OSI model, if you recall, is the transport layer. So this load bouncer only understands IP addresses, ports, and networking at that level. It does not understand what an internet URL is. Basic load bouncers are free in Azure. If you need a more intelligent load bouncer that operates at layer seven, this would be an application gateway. Application gateways have a cost, but the benefit is that you can do some more complex rules. You can actually look at the domain name being used and make routing decisions based on that or you can look at the URL path and make decisions off of that or even recognize an attempt at SQL injection attack and block it right in the application gateway using a web application firewall. A load bouncer cannot do any of these things. Application gateways also have this option for a web application firewall. The WAF is a more sophisticated form of firewall. This web application firewall can detect common attacks such as cross site scripting and SQL injection and stop these requests from even making it to the server. No more Bobby Tables problems. Now that Bobby Tables comic by XKCD remains as one of my favorite that Russell Monroe ever created. The web application firewall follows a set of published internet standards called the Open Web Application Security Project or OWASP, which lists out the common attacks and how to detect them. The application gateway also comes with the ability to monitor its work using Azure Monitor. You can pull various reports and set alerts based on events that you want to track. It also integrates with the Azure Security Center for security monitoring. Load bouncers and application gateways are devices that you can find in Azure Marketplace and add them to your virtual network. For hopefully obvious reasons, the servers behind a load bouncer must be in the same region as the load bouncer itself. You cannot use a load bouncer or an application gateway to bounce traffic between different regions. If you need to do that, you need a traffic manager.
- Azure network basics
- Network fundamentals
- Virtual networks and subnets
- Network peering
- VPN gateway
- Virtual private networks
- Load balancing and Application Gateway
- Azure Traffic Manager
- Azure Front Door
- Virtual network service endpoints
- Virtual network traffic routing