Azure Application Gateway with Service Fabric

15
votes

Currently I have a Service Fabric cluster with 2 stateless services hosting Asp Web APIs. While creating the cluster also appropriate Azure Load Balancers got created.

Now I would like to add Application Gateway in front of my cluster for various reasons like SSL offloading, url-routing etc.

I'd like to understand how to configure the Application Gateway correctly. I see 2 options, not sure which one is valid:

  • Application Gateway replaces the existing Load Balancer and points directly to SF services hosting WebApi
  • I keep existing LB configuration and Application Gateway points to this LB (seems like 1 LB solution too many)

Which one is correct? Any advise how to configure?

4
azureazure-service-fabricazure-application-gateway
Did you get this resolved? Which approach did you take? I'd like to know how to do this as I'm also evaluating doing the same in one of my projects.Hiral Desai
Note the 20 port backend limit for app gateway and sf which requires one service per port.user1496062

4 Answers

6
votes

Approach 2 is what we are using, We have kept the load balancer and that is routing any request received from the Application Gateway. We found this to be easiest and simplest choice, as this involves minimum changes to be done in Application Gateway.

0
votes

Your two web api's can run on every node in the VM scale set. The Azure Load Balancer is used to distribute traffic over those nodes. Targeting a single service on a single node will reduce scalability and fault tolerance.

You could use the App Gateway to translate incoming request to different ports on the Load Balancer. (E.g. direct traffic to API 1 @url ~/1/ and API 2 @url ~/2/)

Favor using load balancing rules (using all nodes) over NAT redirections (to single nodes). This way you'll have a performant, reliable system.

0
votes

Solution 2 would also provide possibly to create VPN connection e.g to manage your cluster. Then no need to expose management endpoint to the public. Internal lb also brings on additional features to utilize in the future.

-2
votes

I would go with your first option and to implement it create / modify your ARM template so that it doesn't contain the load balancer and instead contains the application gateway.

Here is a link to the quick starts for ARM templates which you can use. There isn't an out of the box example for service fabric with a gateway but it will give you a great starting place.

link