Master Azure networking services that distribute traffic, provide secure connectivity, and connect on-premises networks to Azure. Learn Load Balancer, VPN Gateway, ExpressRoute, and Traffic Manager.
After completing this session, you'll be ready for Quiz 14 and able to:
Azure Load Balancer is like a traffic director at a busy intersection, intelligently distributing incoming network traffic across multiple servers to ensure no single server gets overwhelmed while maintaining high availability.
Like network requests arriving at your application
Directs customers to available tables/servers based on capacity
Multiple servers/VMs ready to serve requests efficiently
Distributes internet traffic to VMs
Distributes traffic within VNet
Works with IP addresses and ports
Up to 300 instances, single availability zone
Up to 1000 instances, zone redundant, higher SLA (99.99%)
For third-party network virtual appliances
💡 Quiz Tip: Health probes determine which backend instances can receive traffic!
| Feature | Load Balancer | Application Gateway |
|---|---|---|
| OSI Layer | Layer 4 (Transport) | Layer 7 (Application) |
| Protocol Support | TCP, UDP | HTTP, HTTPS, WebSocket |
| URL-based Routing | ❌ No | ✅ Yes |
| SSL Termination | ❌ No | ✅ Yes |
| Web Application Firewall | ❌ No | ✅ Yes |
| Best Use Case | Non-HTTP traffic, high performance | Web applications, advanced routing |
Key Point: Application Gateway is for web applications, Load Balancer is for all TCP/UDP traffic!
Azure VPN Gateway is like a secure tunnel connecting your on-premises network to Azure or individual devices to Azure, providing encrypted connectivity over the internet.
10 S2S tunnels, 128 P2S connections, 100 Mbps
More tunnels, BGP support, zone redundancy
Availability zone support, higher SLA
Root certificate for Point-to-Site
Enterprise authentication with MFA
Third-party authentication servers
Connect branch offices securely
• Site-to-Site VPN
• Always-on connection
• Multiple users
Individual access from home
• Point-to-Site VPN
• On-demand connection
• Personal devices
Extend on-premises to Azure
• Site-to-Site VPN
• Burst to cloud
• Data replication
🔑 Quiz Tip: Site-to-Site connects networks, Point-to-Site connects individual devices!
ExpressRoute is like having a private highway between your on-premises infrastructure and Azure - dedicated, fast, reliable, and never touching the public internet.
Direct connection at Exchange provider facility
Dedicated fiber connection
Through MPLS provider
50 Mbps - 10 Gbps, regional connectivity
Global connectivity, higher route limits
100 Gbps at peering locations
Global Reach enables direct connectivity between your on-premises locations through Microsoft's backbone network
Connected to Azure via ExpressRoute
Global Reach connection
Connected to Azure via ExpressRoute
🌐 Benefit: Offices communicate directly without going through internet or Azure!
1. User requests DNS resolution
2. Traffic Manager responds with IP of best endpoint
3. User connects directly to selected endpoint
4. Traffic Manager monitors endpoint health
Routes to endpoint with lowest latency
Distributes traffic based on assigned weights
Primary endpoint with failover to secondary
Routes based on user's geographic location
Returns multiple healthy endpoints
Routes based on source IP subnet ranges
Key Difference: Traffic Manager is DNS-only, Front Door provides full application delivery platform!
Let's explore real-world scenarios to understand when to use each Azure networking service. These scenarios are commonly tested in the AZ-900 exam.
You need to distribute HTTP/HTTPS traffic for a shopping website across multiple web servers
Why: Layer 7 load balancing, URL-based routing, SSL termination, and WAF capabilities make Application Gateway perfect for web applications.
You need to distribute TCP database connections across multiple SQL servers
Why: Layer 4 load balancing provides optimal performance for TCP traffic, with session affinity for persistent database connections.
Your company needs to provide secure access to Azure resources for remote employees
Why: Perfect for individual remote access with Azure AD authentication, cost-effective for occasional connections.
Connect a branch office network permanently to Azure for shared resources
Why: Cost-effective always-on connection for entire office networks with encrypted connectivity over internet.
Financial company needs highest performance, predictable latency, and complete security
Why: Private, dedicated connection with guaranteed bandwidth, predictable performance, and highest SLA for mission-critical applications.
Here are example questions similar to what you'll see in Quiz 14. Make sure you understand these networking connectivity concepts!
"What is the main advantage of ExpressRoute over VPN Gateway?"
"Which Azure service operates at Layer 7 and provides URL-based routing?"
📝 Quiz 14 Topics: Load Balancer, Application Gateway, VPN Gateway, ExpressRoute, Traffic Manager, Front Door
Take Quiz 14 NowYou now understand how to distribute traffic with Load Balancers, secure connectivity with VPN Gateway, high-performance private connections with ExpressRoute, and global traffic management with Traffic Manager. You can choose the right networking solution for any scenario!
Excellent! You've mastered Azure networking services for connectivity and traffic distribution. Now test your knowledge with Quiz 14, which covers all the Load Balancer, VPN Gateway, ExpressRoute, and Traffic Manager topics from this session.