Skip to main content
Welcome. In this lesson you’ll explore the load balancing options available in Microsoft Azure. You will learn how Azure provides high availability, fault tolerance, and optimal performance by distributing incoming network traffic across multiple resources. By the end of this module you will be able to:
  • Explain the core concept of a load balancer and how it acts as a traffic cop, distributing incoming network requests to backend resources to maintain reliability and consistent performance as demand varies.
  • Identify and compare the primary Azure load balancing solutions:
    • Azure Load Balancer — Layer 4 (transport) scenarios for TCP/UDP traffic.
    • Application Gateway — Layer 7 (HTTP/HTTPS) routing with web application features such as WAF.
    • Traffic Manager — DNS-based global routing for geographic or performance-based failover.
    • Azure Front Door — global HTTP/HTTPS load balancing, acceleration, and edge features.
  • Choose the right Azure service based on application requirements (traffic type, availability, latency, and architectural constraints).
Tip: If you’re new to networking, review TCP/UDP and HTTP request flow in the Networks and Communications course before comparing Layer 4 and Layer 7 behaviors — that background will make protocol differences easier to understand.

Load balancing fundamentals

A load balancer distributes client requests across multiple backend instances to:
  • Increase application availability by avoiding single points of failure.
  • Improve performance by distributing load and enabling horizontal scaling.
  • Provide fault tolerance and allow graceful handling of instance failures.
Key concepts:
  • Front-end: The public (or internal) IP and port where clients connect.
  • Back-end pool: The set of VMs, VM scale sets, App Service instances, or endpoints that receive traffic.
  • Health probes: Periodic checks that determine whether a backend instance is healthy and can receive traffic.
  • Session affinity (sticky sessions): Optional configuration to route a client consistently to the same backend.

Azure load balancing services at a glance

Below is a short summary of each Azure load balancing product and its ideal use cases.
  • Azure Load Balancer
    • Layer: 4 (TCP/UDP)
    • Use case: High-performance, low-latency distribution for non-HTTP/S workloads (or for internal VMs).
    • Features: Public and internal SKUs, cross-zone HA, NAT rules.
  • Application Gateway
    • Layer: 7 (HTTP/HTTPS)
    • Use case: Web traffic routing with URL-based routing, cookie-based affinity, and WAF integration.
    • Features: Web Application Firewall (WAF), SSL termination, path-based routing.
  • Traffic Manager
    • Layer: DNS-based routing
    • Use case: Global traffic distribution using DNS for geographic routing, failover, or performance-based routing.
    • Features: No direct data plane — uses DNS responses to steer clients to endpoints.
  • Azure Front Door
    • Layer: Global HTTP/HTTPS (edge)
    • Use case: Global web application acceleration, TLS termination at the edge, dynamic site acceleration, and global load balancing.
    • Features: CDN-like caching, WAF, fast failover across regions, anycast.

Comparison table

ServiceLayerPrimary use caseKey features
Azure Load Balancer4 (Transport)High-throughput TCP/UDP, internal or public load balancingLow latency, NAT rules, cross-zone HA
Application Gateway7 (Application)HTTP/HTTPS web apps, WAF protectionURL/path-based routing, SSL offload, WAF
Traffic ManagerDNS routingGlobal failover and geographic routingMultiple routing methods (priority, performance, geographic)
Azure Front DoorGlobal HTTP/HTTPS edgeGlobal web apps, acceleration and edge featuresAnycast, TLS at edge, caching, WAF

When to pick each service

Use this decision guide to select the most suitable Azure load balancing product:
  • Choose Azure Load Balancer when:
    • You need high-performance Layer 4 routing (TCP/UDP).
    • Your application is non-HTTP (e.g., gaming, databases, custom TCP services).
    • You require an internal (private) load balancer for VNet scenarios.
  • Choose Application Gateway when:
    • You need advanced Layer 7 features (URL routing, host-based routing).
    • You want integrated Web Application Firewall (WAF) for OWASP protection.
    • You require SSL termination and session affinity for HTTP-based services.
  • Choose Traffic Manager when:
    • You need DNS-level global routing or geographic failover for multi-region deployments.
    • You want to control endpoint selection by latency, priority, or geographic location.
    • Your application can tolerate DNS-based routing behavior and TTL propagation.
  • Choose Azure Front Door when:
    • You want global HTTP/HTTPS acceleration (edge caching and routing).
    • You need fast global failover and front-door features such as TLS termination at the edge.
    • Your focus is on low-latency global delivery for web applications and APIs.
Quick design tip: For many global web apps, a common pattern is to use Azure Front Door at the edge (global routing and acceleration) with regional Application Gateways behind it for WAF and path-based routing, and Azure Load Balancer for non-HTTP services or internal layer-4 traffic.

Common architecture patterns

  • Internal application (microservices) within a VNet:
    • Use Azure Load Balancer (internal) to distribute TCP traffic to VM Scale Sets or Kubernetes nodes.
  • Public web application requiring WAF and URL routing:
    • Use Application Gateway with WAF SKU; place back-end pools as VM Scale Sets, App Service Environments, or AKS Ingress.
  • Global web application with low-latency requirements:
    • Use Azure Front Door to direct users to the closest region and provide edge caching. Combine with regional Application Gateways for centralized WAF policies.
  • Multi-region failover and geolocation-based routing:
    • Use Traffic Manager to control DNS responses based on performance or geography, optionally combined with Front Door for HTTP acceleration.

Practical checklist before choosing

  • Identify the traffic type: HTTP/HTTPS vs TCP/UDP.
  • Determine scope: regional vs global.
  • Decide on security needs: Do you need WAF?
  • Consider latency and acceleration needs: edge caching, TLS at edge?
  • Plan for failover: DNS-based vs application-layer health checks.
  • Verify SLA and limits for the chosen SKU.

References and further reading

Use these resources to dive deeper into deployment examples, CLI/ARM templates, and best practices for configuring health probes, session affinity, and security policies.

Watch Video