Azure Front Door Basic Walk Through

Image:https://docs.microsoft.com/en-us/azure/frontdoor/front-door-overview

I am going to talk about Azure Front Door (AFD) today since I am using it for one of my projects. As far as I understand, in simple words, AFD is a combination of Load balancing, CDN and WAF services.

As usual, let the official does the explanation ; )

Azure Front Door is a global, scalable entry-point that uses the Microsoft global edge network to create fast, secure, and widely scalable web applications.

Front Door works at Layer 7 (HTTP/HTTPS layer) using anycast protocol with split TCP and Microsoft’s global network to improve global connectivity. Based on your routing method you can ensure that Front Door will route your client requests to the fastest and most available application backend.

Below are some facts that I think is important to know and understand. For more and detailed information, please refer to AFD FAQ.

  • AFD is different from Azure Application Gateway. Use AFD with these scenarios.
  • AFD needs a public VIP or a publicly available DNS name to route the traffic to, meaning that it CAN NOT route within Vnet. Using Application Gateway or Load Balancer solve this scenario.
  • Continuation from above, it means that your backend needs to be publicly accessible.
  • Continuation from above, how to make sure backend only accept requests from ADF? Please refer here.
  • AFD DOES NOT support static or dedicated frontend anycast IPs currently.
  • AFD and Azure CDN can’t be configured together because both services utilizes the same Azure edge sites when responding to requests.
  • AFD supports managed and owned SSL certification.
  • Continuation from above, for certificate autorotation, you need to file support ticket when expiry date is less than 60 days. For owned certificate, you need to rotate it yourself.
  • AFD supports TLS/SSL offload and end to end TLS. Since AFD talks to backend publicly, it is recommended to perform the later.
  • AFD DOES NOT support self-signed certificates on both frontend and backend.

Enough of the boring wordings, let’s started to get our hands dirty!!

Please have your backend ready as AFD will need to point to it during setup, let’s get started.

Azure Front Door Basic Walk Through

Configuration is the section where we will configure all the settings.

Step1, Create frontend with a unique AFD FQDN. WAF policy can be setup here but I will do it on other post.

Azure Front Door Basic Walk Through

Step2, add backed pool to AFD.

Azure Front Door Basic Walk Through

The available backend types are as blow.

Azure Front Door Basic Walk Through

For my scenario, I use VMSS as my backend so I can find them in Pubic IP Address. If your backend is VM, the IP Address has to be static sku so it could be found on the list.

Azure Front Door Basic Walk Through

with backend setup, you need to configure backend health probe so that AFD will route traffic to healthy backends. Remember to setup your available backend protocol accordingly.

Azure Front Door Basic Walk Through

Define the definition of health or unhealthy condition.

Azure Front Door Basic Walk Through

Step 3, add route so that AFD knows how to route traffic from frontend to backend. Configure the protocol of your frontend and remember AFD works at layer 7 so that you can set path routing accordingly.

Azure Front Door Basic Walk Through

Next, let’s configure how you want the traffic to be routed. Since my backend does not support https, so I choose HTTP only. I believe Match request will do the trick too.

Azure Front Door Basic Walk Through

Finally, with everything configured, let’s create AFD!

Azure Front Door Basic Walk Through

Once done creation, you can get your AFD FQDN from Overview.

Azure Front Door Basic Walk Through

Scroll down a bit, you can review various metrics which Backend health percentage is quick useful to me.

Azure Front Door Basic Walk Through

Lastly, let’s verify the result by access the AFD FQDN. I access them with Chrome and Safari for comparison and we can verify that Load Balancing is indeed functioning!

Azure Front Door Basic Walk Through
Azure Front Door Basic Walk Through

That’s it for this post, hope you enjoy it! I will write another post regarding other configurations such as setup SSL certification, restrict only AFD to your backend and force HTTP to HTTPS. Stay tuned!!

Quickstart: Create a Front Door for a highly available global web application

AWS Certified SA, SysOps & Developer Associate, Alibaba Cloud certified SA. Focusing on Azure, Prometheus w/ Grafana, ELK and K8S now.