Azure Front Door Load Balancing

B

Can we deploy Azure Load Balancer behind Front Door?

Azure Front Door needs a public VIP or a publicly available DNS name to route the traffic to. Deploying an Azure Load Balancer behind Front Door is a common use case.

The correct answer to this question is C. a public Azure Load Balancer.

Azure Front Door is a global, scalable entry point for fast delivery of your web applications. It uses anycast protocol to route users to the closest Front Door point of presence (POP) for better performance and user experience. In this case, you want to use Front Door to load balance requests for App1 across all the virtual machines.

To achieve this, you need to use an Azure Load Balancer. Azure Load Balancer is a Layer 4 load balancing service that distributes incoming traffic among healthy instances of services defined in a load balancer configuration. It can balance both internal and external traffic, and supports both inbound and outbound scenarios.

In this specific case, since the virtual machines are inaccessible from the internet, you need to use a public Azure Load Balancer, which will route traffic from the internet to the virtual machines. You would configure the load balancer to listen on port 443 (HTTPS), and configure the backend pool with the four virtual machines running App1. The load balancer will distribute traffic among the virtual machines in the backend pool, ensuring that all machines receive roughly an equal share of the traffic.

Azure Traffic Manager is a DNS-based traffic load balancing solution that allows you to distribute traffic optimally to services across global Azure regions, while Azure Private Link enables private connectivity between Azure resources and services over an Azure Virtual Network. Neither of these services is suitable for load balancing traffic to the virtual machines running App1 in this scenario.

Therefore, the correct answer is C. a public Azure Load Balancer.