IP-based session affinity is not maintained by the Load Balancer when Application Gateway is used in front of it.

Prasad Naik 31 Reputation points
2020-11-20T19:56:36.357+00:00

We are using Windows Server 2019 VMs with IIS for hosting our web servers and we need WAF and load balancing for these VMs. We also need IP based sticky sessions in Azure Load Balancer.
For WAF we have set an Application Gateway in front of Azure Load Balancer. The Load Balancer is configured to use Client IP based session affinity. When we add an application gateway in front of the load balancer, the requests start going to a random backend server (VM) for the same client IP. The reason I think could be that the app gateway sends the IP of its instance to load balancer instead of the real client IP. And these instances are chosen randomly by the application gateway hence sticky sessions are most probably not maintained by the load balancer.
What could be the exact issue and how to resolve it?

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,136 questions
Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
956 questions
Azure Load Balancer
Azure Load Balancer
An Azure service that delivers high availability and network performance to applications.
399 questions
{count} votes

Accepted answer
  1. SaiKishor-MSFT 17,181 Reputation points
    2020-11-24T06:46:24.35+00:00

    @Prasad Naik

    Thank you for your patience while I was investigating further. The application gateway can only perform session-based affinity by using a cookie. If the application cannot handle cookie-based affinity, you must use an external or internal azure load balancer or another third-party solution. I understand that's the reason you are implementing a Load balancer, however, as you mentioned App GW doe snot preserve the source IP and we cannot change that behavior. The only solution at this time is to use a load balancer by itself. Please let us know if you have any further questions/concerns. Thank you!


0 additional answers

Sort by: Most helpful