Is it long connection between azure application gateway and back-end server pools?

Lynn Niu 236 Reputation points
2022-03-21T02:31:30.527+00:00

In official document, we never find this. We have some strange issues related to this. Is it long connection between azure application gateway and back-end server pools? Or every new request, azure application gateway will open a new connection?

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,216 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Andriy Bilous 11,821 Reputation points MVP Volunteer Moderator
    2022-03-22T05:17:33.873+00:00

    Hello @Lynn Niu

    Here is a picture that shows how application gateway works.
    Short answer: After the application gateway determines the backend server, it opens a new TCP session with the backend server based on HTTP settings
    185447-image.png

    First, the request is coming from the client, If a request is valid and not blocked by WAF, the application gateway evaluates the request routing rule that's associated with the listener. This action determines which backend pool to route the request to.
    Based on the request routing rule, the application gateway determines whether to route all requests on the listener to a specific backend pool, route requests to different backend pools based on the URL path, or redirect requests to another port or external site.
    When the application gateway selects the backend pool, it sends the request to one of the healthy backend servers in the pool (y.y.y.y). The health of the server is determined by a health probe. If the backend pool contains multiple servers, the application gateway uses a round-robin algorithm to route the requests between healthy servers. This load balances the requests on the servers.
    After the application gateway determines the backend server, it opens a new TCP session with the backend server based on HTTP settings. HTTP settings specify the protocol, port, and other routing-related settings that are required to establish a new session with the backend server.
    The port and protocol used in HTTP settings determine whether the traffic between the application gateway and backend servers is encrypted (thus accomplishing end-to-end TLS) or is unencrypted.
    When an application gateway sends the original request to the backend server, it honors any custom configuration made in the HTTP settings related to overriding the hostname, path, and protocol. This action maintains cookie-based session affinity, connection draining, host-name selection from the backend, and so on.

    Azure Application Gateway Health Probes:
    Azure Application Gateway probes backend servers to check their health status and to check whether they're ready to serve requests.
    The default probe request is sent in the format of <protocol>://127.0.0.1:<port>/. For example, http://127.0.0.1:80 for an http probe on port Only HTTP status codes of 200 through 399 are considered healthy. The protocol and destination port are inherited from the HTTP settings.
    After Application Gateway sends an HTTP(S) probe request to the backend server, it waits for a response from the backend server for a configured period. If the backend server doesn't respond within the configured period (the timeout value), it's marked as Unhealthy until it starts responding within the configured timeout period again.

    https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-backend-health-troubleshooting

    Azure Application Gateway Keep-Alives:
    Keep-Alive timeout governs how long the Application Gateway will wait for a client to send another HTTP request on a persistent connection before reusing it or closing it. TCP idle timeout governs how long a TCP connection is kept open in case of no activity.
    The Keep-Alive timeout in the Application Gateway v1 SKU is 120 seconds and in the v2 SKU it's 75 seconds. The TCP idle timeout is a 4-minute default on the frontend virtual IP (VIP) of both v1 and v2 SKU of Application Gateway. You can configure the TCP idle timeout value on v1 and v2 Application Gateways to be anywhere between 4 minutes and 30 minutes. For both v1 and v2 Application Gateways, you'll need to navigate to the public IP of the Application Gateway and change the TCP idle timeout under the "Configuration" blade of the public IP on Portal

    https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-faq


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.