Hello anonymous user ,
Sorry for the delay in response.
From your question, I gather that you would like to understand the behaviour of traffic routing in Application gateway when one of the backend nodes is down.
Azure Application Gateway by default monitors the health of all resources in its back-end pool and automatically removes any resource considered unhealthy from the pool. Application Gateway continues to monitor the unhealthy instances and adds them back to the healthy back-end pool once they become available and respond to health probes. By default, Application gateway sends the health probes with the same port that is defined in the back-end HTTP settings.
For example: You configure your application gateway to use back-end servers A, B, and C to receive HTTP network traffic on port 80. The default health monitoring tests the three servers every 30 seconds for a healthy HTTP response with a 30 second timeout for each request. A healthy HTTP response has a status code between 200 and 399. In this case, the HTTP GET request for the health probe will look like http://127.0.0.1/.
If the default probe check fails for server A, the application gateway stops forwarding requests to this server. The default probe still continues to check for server A every 30 seconds. When server A responds successfully to one request from a default health probe, application gateway starts forwarding the requests to the server again.
Please refer : https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-probe-overview
https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-backend-health-troubleshooting#backend-health-status-unhealthy
In case your backend VMs are configured to receive HTTP traffic on port 15999 and one of the nodes has a NSG blocking this port, then the health check for this particular node will fail and the Application gateway will stop forwarding requests to this server and will route the traffic/requests to the remaining healthy servers/nodes.
Port Check is a simple tool for checking open ports on your computer/device and is not useful in blocking a port on Azure. Rather using NSGs to block a particular port on a node/VM will serve your test purpose.
Hope this helps!
Kindly let us know if the above helps or you need further assistance on this issue.
----------------------------------------------------------------------------------------------------------------
Please don’t forget to "Accept the answer" wherever the information provided helps you, this can be beneficial to other community members.