Using Front Door for routing to single region APIs

Question

Hi,

I have deployed some services (APIs) using Container apps in one Azure region. I want to do path based routing between these services. One option is to use Application Gateway. But we already have a running instance of Azure Front Door for other purposes. Although we don't need any caching/CDN feature for these services, will it be a good option of leverage Front Door.

My understanding is that both are routers/load balancers. Application GW is regional but Front Door is global, hence deployed on edges. Front door provide other features like caching too. Is it fine from architecture, performance and costing perspective to use front door in our case i.e. routing within a region. Will there be any specific cost implications.

Thanks

Answer 1

Hi RajivBansal-2486,

Thanks for reaching out to Microsoft Q&A.

Here are some differences based on their actions:

• Front Door can perform path-based load balancing only at the global level but if one wants to load balance traffic even further within their virtual network (VNET) then they should use Application Gateway.
• Front Door doesn't work at a VM/container level, so it cannot do Connection Draining. However, Application Gateway allows you to do Connection Draining.
• Front Door and Application Gateway both support session affinity. While Front Door can direct subsequent traffic from a user session to the same cluster or backend in a given region, Application Gateway can direct affinitize the traffic to the same server within the cluster.
• For Load balancers and Application gateway, Health probes are used to check the backend health and take the servers out of rotation when they are unhealthy. However, in AFD, heath probes are not only used for tracking the health of the backend and taking the unhealthy servers out of rotation but also to route the traffic to the server based on latency, priority and weights.

Azure Front Door

Azure Front Door is a modern, cloud-based CDN (Content Delivery Network) and edge platform that provides fast, secure, and scalable delivery of web applications and APIs. It's designed to accelerate global reach, improve performance, and enhance security for modern web applications.

Best use cases:

• Modern web applications (SPAs, MEAN stack, etc.) that require global reach and fast performance.
• Applications with high traffic volumes, requiring caching and content delivery.
• APIs that require secure, scalable, and fast delivery.

Application Gateway

Application Gateway is a fully managed, layer 7 load balancer that provides application delivery, security, and analytics. It's designed to provide advanced traffic management, security, and insights for applications.

Best use cases:

• Enterprise applications hosted on VMs, requiring advanced traffic management and security.
• Applications with complex routing requirements, such as URL-based routing or cookie-based session affinity.
• Applications that require detailed analytics and insights into traffic and performance.

Key differences

• Architecture: Front Door is edge-based, while Application Gateway is virtual machine-based.
• Load balancing: Front Door provides anycast-based load balancing, while Application Gateway provides layer 7 load balancing.
• Use cases: Front Door is ideal for modern web applications and APIs, while Application Gateway is better suited for enterprise applications and complex traffic management scenarios.Here is the ref blog that points the differences in WAF features/offerings in AFD, APPGW and CDN. Here are some differences based on their actions:
  • Front Door can perform path-based load balancing only at the global level but if one wants to load balance traffic even further within their virtual network (VNET) then they should use Application Gateway.
  • Front Door doesn't work at a VM/container level, so it cannot do Connection Draining. However, Application Gateway allows you to do Connection Draining.
  • Front Door and Application Gateway both support session affinity. While Front Door can direct subsequent traffic from a user session to the same cluster or backend in a given region, Application Gateway can direct affinitize the traffic to the same server within the cluster.
  • For Load balancers and Application gateway, Health probes are used to check the backend health and take the servers out of rotation when they are unhealthy. However, in AFD, heath probes are not only used for tracking the health of the backend and taking the unhealthy servers out of rotation but also to route the traffic to the server based on latency, priority and weights.
  Azure Front Door Azure Front Door is a modern, cloud-based CDN (Content Delivery Network) and edge platform that provides fast, secure, and scalable delivery of web applications and APIs. It's designed to accelerate global reach, improve performance, and enhance security for modern web applications. Best use cases:
  • Modern web applications (SPAs, MEAN stack, etc.) that require global reach and fast performance.
  • Applications with high traffic volumes, requiring caching and content delivery.
  • APIs that require secure, scalable, and fast delivery.
  Application Gateway Application Gateway is a fully managed, layer 7 load balancer that provides application delivery, security, and analytics. It's designed to provide advanced traffic management, security, and insights for applications. Best use cases:
  • Enterprise applications hosted on VMs, requiring advanced traffic management and security.
  • Applications with complex routing requirements, such as URL-based routing or cookie-based session affinity.
  • Applications that require detailed analytics and insights into traffic and performance.
  Key differences
  • Architecture: Front Door is edge-based, while Application Gateway is virtual machine-based.
  • Load balancing: Front Door provides anycast-based load balancing, while Application Gateway provides layer 7 load balancing.
  • Use cases: Front Door is ideal for modern web applications and APIs, while Application Gateway is better suited for enterprise applications and complex traffic management scenarios.

Given your requirements, if you dont need global reach and additional features of FD, it might be more efficient to use Azure application gateway for path based routing within a region. In terms of cost, Front door for routing within a region may introduce additional costs, hence application gateway is more cost effective

Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.