Microsoft Azure Application Gateway Deep Dive
HTML-код
- Опубликовано: 16 июн 2024
- In this video I explore all the ins and outs to using Azure Application (App) Gateway in your environment!
Whiteboard - github.com/johnthebrit/Random...
Links under chapters!
00:00 Introduction
00:32 Types of load balancing solution
02:00 Layer 7 with App Gateway
04:33 App Gateway deployment to virtual network
08:45 Locking down the public IP
10:05 App Gateway and WAF versions
14:14 Key features
20:55 How App Gateway works
21:25 Backend sets
25:28 Frontend IPs
27:40 Listeners
36:36 SSL/TLS offload/termination
37:44 Rules
43:30 Redirection rules
46:33 Rewrite rules
50:03 HTTP settings and health probe
56:45 How the bits fit together
57:48 App Gateway as AKS ingress controller
1:02:39 Summary
Azure Load Balancer Video - • Azure Global Load Bala...
Choosing a Load Balancing Solution - • Picking the right Azur...
Locking down App Gateway IP - docs.microsoft.com/en-us/azur...
App Gateway Pricing - docs.microsoft.com/en-us/azur...
App Gateway Version Differences - docs.microsoft.com/en-us/azur... - Наука
I appreciate how you take your time in explaining concepts in depth. And nice ink!
I watched this with my wife. She is now convinced you are a rocket scientist. Well done as always. :]
Lol far from it :)
Amazing explanation. I didn't know much about app gateway before watching this video and you answered to almost all of my questions.
Thank you, John!
I've only recently discovered your channel. Truly insightful and well explained.
You said that's it not a very complicated service but you did an amazing job explaining every single bit. Thank you John
This is topic that I was looking for deep dive in . As always rocking content, thank you
John, you are not only inspiring with your teaching but also with your physical personality. I started going to gym now a days.... Thank you for both of these.....
Just in time when I needed it. I just started to look into app gateway for our company and there comes your video. Excellent! Love your videos. You make infrastructure fun!
Fantastic!
Tour de force! I'm amazed at how much ease you display when drawing and explaining these deep dive concepts. You make it very clear and understandable. Thank you.
I've gone through some of the Microsoft learn modules but watching your videos helps me better understand the things that Microsoft doesn't do well explaining. Thank you for the videos. I missed the my Az-700 cert by 30 points but I'm sure after watching these videos I will pass the next try.
Another hit. Everything has become so clear after watching this video. Thanks a lot, John.
I really enjoy your videos and use it as reference for any tech on azure, you have amazing teaching skills
Great Video John! this is making the idea of tansitioning from F5 so much easier. TY!!
Great content!!!! Super well explained from top to bottom 👏🏻👏🏻👏🏻
The clarity on this content is on another level.. Thank you so much.. BTW i spotted the smike on your face when you said it's easy :)..
Superb John. One of the best videos on the subject I have seen.
Another excellent video John! You have really helped me get up to speed when I need help with a new Azure component. Keep up the good work!
Glad to help!
I needed this today John! You are most appreciated!
John, just wanted to jump in to let you know how helpful and appreciated these videos are. I'm working my way through them all as I get ready for an AZ-104 working toward the 303 and 304.
Glad you like them!
Yet another awesome video! Thanks a lot John!
You make things so simple to understand.. Bravo...
Excellent video. It was very helpful for me. Thanks a lot. Waiting for more.
Wow, I had all the answers to my questions in a single video. Azure community is lucky to have you, John. Keep it up mate.
Happy to help!
Awesome deep dive! Thanks a mil, John.
great job John, when i feel confused, i just need to check your video again. thanks to god, we have Mr John
Hehe, thanks!
Wonderful content , this is everything in Application Gateway and mind map.
Fantastic! Very good explanation! Thanks to share your knowledge.
it was a really awesome video from you john !!!
Wow. Great content! I really appreciate you putting this together. I've been using the AZ WAF for a couple years now.
Any ideas on why they take so long to save/update and make changes?
Again, great content and presentation!
App gateway V1 usually take 18 to 22 minutes to update or make any change, however you have the option App gateway V2 that usually takes 5 to 6 minutes to update.
Awesome work again Sir John.
Great video sir. App gateways are pretty complex. Thanks for helping simplify.
My pleasure!
thanks a ton John for sharing, was waiting for this video.
Your videos are a gold mine. Thank you very much. You helped me clear many of my questions.
Whenever i need some guidance , i bank upon your content! Thanks again!
Thank you for putting all the informations together!
Great video, very well explained all important concepts of Application Gateway. Thanks for sharing your knowledge!
Glad it was helpful!
I believe, there is lot i will get to learn from your videos 👍
Another "gold" video :-)...Just in time when I needed. Thanks very much for the great content and also for including the whiteboard drawing for reference
Very welcome.
Very insightful. that's called deep dive. great content. Thank you. appreciate it.
Thank you for doing the deep dive videos they are life saver.
Great stuff! This really clarified a lot of things regarding "Rules, Backend sets and Listeners" for me.
Great content and great information. Thank you John
Thanks John , Amazing Work, its appreciated!!!
Great content, great presentation as always ! thanks for your efforts
May be you are not aware, how much your contents are helping peoples. Super Great !
That is very kind and appreciated, thank you
Awesome stuff, thanks for this great explanation, gtg now and create an app gateway.
Thanks ,as always the best first reference for Azure ,I refer you before googling.
Great explanation.. would love to see deep dive into App service environment as well.
Did a video on that
Great content as always, thanks John
Very welcome
Thank you for such detailed explanation
Thank you for this deep dive. Best spent hour of my day.
Love it, thanks!
Awesome explainer!! Thanks so much!
Very very helpful john i search multiple this thing but not find anywhere Thanks a lot
It's another great Azure concept you put them together, nicely done and greatly presented, really appreciate the time and the amount of effort you spend with all your videos and the high quality, you're aces
My pleasure! 🤙
Awesome tutorial! Thank you!
Timing of this couldn’t be better. Planning to watch today. We’re trying to get AG in front of an app service protected by a private endpoint.
42:59 "try not to be completely incompetent" while giving the best explanation of an application gateway i have ever see, ok 😂 thanks for the video man, awesome stuff
Super useful, even a year after recording, thanks!
Lol, things don’t change that fast
Great content as always. Thank you, John!
Glad you enjoyed it!
Nice in details! thank you!
Great stuff as always. Very much appreciated!
Glad you enjoyed it
Great content! Another one for the AZ700 playlist. Now that we have deep dives for AFW, ALB and AGW... would you consider doing one for AFD? Again thanks for the effort... much appreciated!
Done that :)
@@NTFAQGuy I know :) watched it immediately. Thks for all the effort
Great information, nicely putting all together, thanks John. Would it be possible having content of how App Gateway sits in a variety of architecture utilising several services and probably the configuration among the services? Thanks.
Just look at the landing zones and the Microsoft reference architectures. docs.microsoft.com/en-us/azure/architecture/browse/
Awesome content. You really saved my day. Thank you so much.
Glad to hear it!
watch this awesome video today, really enjoy its usefulness! Thank you.
Thank you for the amazing video!
This is superb !! Thank you so much sir..
Thanks John. This is very useful.
Very welcome
Great Content, Your aproach was quite unique and I get to understand the every bits that make up the APG. Do you have plans to do something similar for AWS networking infrastructure?
No aws plans
Great video. Thanks Mr Saville.
Glad you enjoyed it
Another brilliant content John, you have the gift to turn complex topics into a more digestive, if I could say :). Just one point out that is still not clear even trying MS docs. The Availability Zone, when enable, let's say to two zones, we also need to scale up instance count to two as well, right? This way, each instance will go to a different AZ. Or the concept of instances is just related to performance? If so, then AZ would cost twice the normal price or at least a bit more?
If I could add one thing to this blasting deep dive is the key point where you can't use private and public with the same port on the listener.
A listener is bound to the private or public so for same port would be two listeners. Yes would need 2 instances to span AZs
This is a nice video. Thank you @John
Great content here. Lots of moving parts in AGW, thanks for bringing it all together.
My pleasure
Truly the best video on APP G/w
Great video John! very interesting.... I love Azure jaja
you are really impressive. Keep up the good work please!
great contents as always!!!
Thank you so much for an informative video
this is best content on youtube over Azure
Hey John, thanks for the excellent video, I recall seeing a notification from Azure Service Health sometime early June stating that Application Gateway V2 will require a minimum subnet of a /24 (256 IP addresses per Application Gateway ) by default to ensure the subnet has sufficient number of IP addresses to undergo maintenance/updates. It doesn't impact existing deployments but recommend moving to a /24 subnet. At the time I had tried deploying to smaller subnet and the deployment failed.Haven't tried since, do you know if Microsoft back tracked on this requirement?
as i mentioned in the video. /24 would ensure you could scale to its maximum size but its not required to my knowledge if you know will be smaller.
Great content!
Great content as always.
QQ: If I understood you correctly, if I were to support multiregion (like 3 AKS clusters, one for EMEA, second for APAC, last for NORAM), would the recommended approach be to have a AG for each of the clusters and Azure FrontDoor in front of the AGs ?
Yes
Cleared my biggest confused regarding why App Gateway is still considered as regional lb option when we can have backend service belonging to any region or any public IP.Thanks John
Thanks so much John for the content. One question please, what would be a use for re-encrypting traffic after it goes through the listener?
Because it needs to always be encrypted even between listener and the final target
Thanks for the video. Amazing 😊
lol thanks. Assuming you watched a whole bunch in a sitting as you like 4 in 60 seconds :-D. Glad you enjoy the content and appreicate the comments.
Agreed!. very good explanation of App GW
Thank you
excelent explanation, thanks
You are welcome!
Great Video!
Thanks!
Awesome sauce!!!
Excellent! Thank you.
Glad it was helpful!
the ultimate AzureGuru John Savil
Thanks, helpful!
What brilliant didactics!
Thanks I think :) checking dictionary. 🤙
Great Content!~
I'm glad you like it
Thank you! ❣
Had to learn this even though I love Front Door, it doesn't support Web Sockets and Blazer app doesn't seem to work behind it.
This is how I learn!!!
Hi John, great vid as always. Got one doubt. When picking a target for the backend sets, it seems like it only detects Virtual Machines from the same Virtual Network so, let's say we have a Hub&Spoke network architecture, how would this play out if the App Gw is deployed on the hub? By the (private) IP address it won't let me neither.
Portal limits, use PowerShell/CLI etc
@@NTFAQGuy Thanks!
Hey John, how does outbound traffic works, does it also routed through app gateway for a single VM added as backend pool in gateway?
no, only responses.
Good stuff John! Thanks for this deep dive!
How does the connection draining work? The MS Docs says "It ensures that all deregistering instances of a back-end pool continue to maintain existing connections and serve on-going requests for a configurable timeout and don't receive any new requests or connections"
What constitutes a Deregistering instance? During a planned maintenance window - how would an engineer mark the backend as 'Deregistering' and get feedback that no more new requests are coming to the backend and that it's safe to take down for maintenance? Maybe a topic for another video where you demo it :D
Today its removing from the pool or failing a custom probe.
@@NTFAQGuy Cool, thanks!
Thanks mate!
You're welcome!