💡 Learn more: Azure Front Door Service (opens new window)
📺 Watch the video : How to get started with Azure Front Door (opens new window).
# Getting Started with Azure Front Door
In this post we'll get started with the Azure Front Door Service (opens new window). This is a new networking service that acts as a load balancer and an application firewall.
So what can you do with Azure Front Door? Amongst other things, you can use it to:
- Route users to the most performant application
- Ensure users get routed to a working application (so fail over to a working endpoint when one fails)
- Protect your application against DDoS attacks
- Route users based on URL (https://contoso.com/product goes to one website and https://contoso.com/jobs goes to another)
- Filter traffic to your application based on country
- Rewrite URLs
My first thought when Azure Front Door was released was "How is this different from Azure Traffic Manager (opens new window)?". As you might know, Azure Traffic Manager is also a kind of load balancer service that provides similar capabilities. Azure Front Door is different from Azure Traffic Manager through. Here are the main reasons why:
- Azure Front Door provides TLS protocol termination (SSL offload), and Azure Traffic Manager does not
- Azure Front Door provides application layer processing, and Azure Traffic Manager does not. This means that Azure Front Door can do things like URL rewriting and that it provides a Web Application Firewall (WAF) that protects you against common web attacks
# Improving performance and availability with Azure Front Door
Let's get started. I'll show you a simple example of how to create a new Azure Front Door instance and how to use that, to route to the most performant application and increase the availability of the solution.
# 1. Create Web Apps in different regions
First, I've created two Azure App Service Web Apps and deployed a simple website to them. The Web Apps are in different geographical regions. One in West Europe and one in West US. The website in the Web Apps shows a message that says "This app is in West US" in the US Web App and "This app is in West Europe" for the Web App in Europe.
(Two Web Apps in the Azure portal)
# 2. Create a new Azure Front Door instance
Next, I've created a new Azure Front Door instance in the Azure portal. This is pretty straightforward. Just like with any service that you create, you click the "Create a resource" button (the green plus sign on the left of the portal) and search for Azure Front Door and click create.
Now, you go through a designer experience that asks you to put in the frontend URL, that users will use.
The designer also asks you to create a backend pool. This represents the resources that handle the requests. in this case, these are the two Web Apps. But you have the choice to add any resource that can handle HTTP traffic, inside and outside of Azure.
(Different options for adding resources to the backend pool)
The backend pool contains both Web Apps and looks like the image below:
Finally, you can create routing rules that determine how traffic is routed to the backend pool. you could for instance, have multiple backend pools and route traffic that has a URL that contains \mobile to a backend pool that contains an app specifically for mobile platforms. Once you've created one or more rules, you are done and the Azure Front Door can be deployed.
(Azure Front Door designer)
# 3. Testing the route for performance
By default, Azure Front Door routes users to the most performant node in the backend. So when I navigate to the frontend URL, Azure Front Door routes me to the Web App in West US.
(The frontend URL routes to the West US Web App)
This makes sense, because I'm located in West US and the Web App in West US is the most performant to me, because it is the closest to me and has the lowest latency.
# 4. Testing improved availability
Another cool thing that Azure front Door can do is improve the availability of your application. Let's test that out.
By default, when I go to the Azure Front Door frontend URL (https://azuretipsandtricks.azurefd.net), I get routed to the West US Web App, because I am in the US.
Let's stop the West US Web App to see what happens. You can do that very easily from the Azure portal. In the dashboard, you can right-click the context menu of the Web App and perform all sorts of actions, including stopping it.
(Stop the West US Web App from the Azure portal dashboard)
Now, the backend pool only has one working node in it; the Web App in West Europe. So, when I navigate to https://azuretipsandtricks.azurefd.net/, I now get routed to the West Europe Web App.
(The frontend routes to the West Europe Web App)
This didn't work instantly though. The first few times that I refreshed the browser after stopping the Web App, I was still routed to the West US Web App and got an error that said that it was stopped. I was only routed to the West Europe Web App after a while. This is because Azure Front Door only pings the endpoints in the backend pool periodically to see if they are working. You can speed this process up by adjusting the health probes for the backend pool.
As you can see, Azure Front Door is a very powerful service. You can easily configure it using the designer in the Azure portal and also by using PowerShell. And it can do a lot more on top of increasing performance and availability. Go and try it out!