![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 23%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
956 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 4%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
Hello, @anil kumar !
When would I use Azure Application Gateway and Azure Load Balancer together?
The simple answer is that Azure Load Balancer does Layer 4 load-balancing while Azure Application Gateway does Layer 7 load-balancing.
What this means in practice is that Azure Load Balancer routes requests to the backend at the TCP level without looking at the payload of the request. Routing decisions are made based on the destination IP/port and backend availability in a quasi round-robin fashion.
Azure Application Gateway on the other hand, is aware of the contents of the requests and can make decisions based on things like HTTP headers and path or the request (eg /main vs /health). It also provides WAF functionality.
As an example, if I only have 1 external IP address but need requests for www.mydomain.com/myapp to go to backend 1 and requests for www.myotherdomain.com/myotherapp to go to backend 2, then I need Azure Application Gateway.
Using an Application Gateway with an Internal Load Balancer is a very common setup. If you wanted to expose a workload on an IP/FQDN which is already being used as a frontend in an Application Gateway, then you would use an internal load balancer which would balance the load across the pods with a single backend IP configured in Application Gateway instead of multiple pod IPs (which would require constant manual configuration as pod IPs change all the time). The internal load balancer gives you a static, well-known IP.
Application Gateway Ingress Controller
As an alternative, you can use Application Gateway Ingress Controller which removes the need for the load balancer:
AGIC helps eliminate the need to have another load balancer/public IP in front of the AKS cluster and avoids multiple hops in your datapath before requests reach the AKS cluster. Application Gateway talks to pods using their private IP directly and doesn't require NodePort or KubeProxy services. This also brings better performance to your deployments.
Ingress Controller is supported exclusively by Standard_v2 and WAF_v2 SKUs, which also brings you autoscaling benefits. Application Gateway can react in response to an increase or decrease in traffic load and scale accordingly, without consuming any resources from your AKS cluster.
Using Application Gateway in addition to AGIC also helps protect your AKS cluster by providing TLS policy and Web Application Firewall (WAF) functionality.
Additional Reading: