Merge pull request #211029 from greg-lindsay/appgw-stats

App GW content health pass

Author: v-regandowner

articles/application-gateway/application-gateway-backend-health-troubleshooting.md

@@ -5,7 +5,7 @@ services: application-gateway
 author: greg-lindsay
 ms.service: application-gateway
 ms.topic: troubleshooting
-ms.date: 07/20/2022
+ms.date: 09/13/2022
 ms.author: greglin 
 ms.custom: devx-track-azurepowershell
 ---

articles/application-gateway/application-gateway-faq.yml

@@ -5,7 +5,7 @@ services: application-gateway
 author: greg-lindsay
 ms.service: application-gateway
 ms.topic: how-to
-ms.date: 01/11/2022
+ms.date: 09/13/2022
 ms.author: greglin 
 ms.custom: devx-track-azurepowershell
 ---
@@ -35,7 +35,7 @@ This article walks you through the steps to configure a Standard v1 Application
 ## Create an application gateway
 
 The difference between using Azure Classic and Azure Resource Manager is the order in which you create the application gateway and the items that need to be configured.
-With Resource Manager, all items that make an application gateway is configured individually and then put together to create the application gateway resource.
+With Resource Manager, all items that make an application gateway are configured individually and then put together to create the application gateway resource.
 
 Here are the steps that are needed to create an application gateway:
 

articles/application-gateway/application-gateway-ilb-arm.md

@@ -5,8 +5,8 @@ services: application-gateway
 author: greg-lindsay
 ms.service: application-gateway
 ms.topic: troubleshooting
-ms.date: 11/16/2019
-ms.author: amsriva 
+ms.date: 09/13/2022
+ms.author: greglin
 ms.custom: devx-track-azurepowershell
 ---
 
@@ -18,7 +18,7 @@ Learn how to troubleshoot bad gateway (502) errors received when using Azure App
 
 ## Overview
 
-After configuring an application gateway, one of the errors that you may see is "Server Error: 502 - Web server received an invalid response while acting as a gateway or proxy server". This error may happen for the following main reasons:
+After you configure an application gateway, one of the errors that you may see is **Server Error: 502 - Web server received an invalid response while acting as a gateway or proxy server**. This error may happen for the following main reasons:
 
 * NSG, UDR, or Custom DNS is blocking access to backend pool members.
 * Back-end VMs or instances of virtual machine scale set aren't responding to the default health probe.
@@ -31,42 +31,42 @@ After configuring an application gateway, one of the errors that you may see is
 
 ### Cause
 
-If access to the backend is blocked because of an NSG, UDR, or custom DNS, application gateway instances can't reach the backend pool. This causes probe failures, resulting in 502 errors.
+If access to the backend is blocked because of an NSG, UDR, or custom DNS, application gateway instances can't reach the backend pool. This issue causes probe failures, resulting in 502 errors.
 
 The NSG/UDR could be present either in the application gateway subnet or the subnet where the application VMs are deployed.
 
-Similarly, the presence of a custom DNS in the VNet could also cause issues. A FQDN used for backend pool members might not resolve correctly by the user configured DNS server for the VNet.
+Similarly, the presence of a custom DNS in the VNet could also cause issues. An FQDN used for backend pool members might not resolve correctly by the user configured DNS server for the VNet.
 
 ### Solution
 
 Validate NSG, UDR, and DNS configuration by going through the following steps:
 
-* Check NSGs associated with the application gateway subnet. Ensure that communication to backend isn't blocked.
-* Check UDR associated with the application gateway subnet. Ensure that the UDR isn't directing traffic away from the backend subnet. For example, check for routing to network virtual appliances or default routes being advertised to the application gateway subnet via ExpressRoute/VPN.
+1. Check NSGs associated with the application gateway subnet. Ensure that communication to backend isn't blocked.
+2. Check UDR associated with the application gateway subnet. Ensure that the UDR isn't directing traffic away from the backend subnet. For example, check for routing to network virtual appliances or default routes being advertised to the application gateway subnet via ExpressRoute/VPN.
 
-```azurepowershell
-$vnet = Get-AzVirtualNetwork -Name vnetName -ResourceGroupName rgName
-Get-AzVirtualNetworkSubnetConfig -Name appGwSubnet -VirtualNetwork $vnet
-```
+    ```azurepowershell
+    $vnet = Get-AzVirtualNetwork -Name vnetName -ResourceGroupName rgName
+    Get-AzVirtualNetworkSubnetConfig -Name appGwSubnet -VirtualNetwork $vnet
+    ```
 
-* Check effective NSG and route with the backend VM
+3. Check effective NSG and route with the backend VM
 
-```azurepowershell
-Get-AzEffectiveNetworkSecurityGroup -NetworkInterfaceName nic1 -ResourceGroupName testrg
-Get-AzEffectiveRouteTable -NetworkInterfaceName nic1 -ResourceGroupName testrg
-```
+    ```azurepowershell
+    Get-AzEffectiveNetworkSecurityGroup -NetworkInterfaceName nic1 -ResourceGroupName testrg
+    Get-AzEffectiveRouteTable -NetworkInterfaceName nic1 -ResourceGroupName testrg
+    ```
 
-* Check presence of custom DNS in the VNet. DNS can be checked by looking at details of the VNet properties in the output.
+4. Check presence of custom DNS in the VNet. DNS can be checked by looking at details of the VNet properties in the output.
 
-```json
-Get-AzVirtualNetwork -Name vnetName -ResourceGroupName rgName 
-DhcpOptions            : {
-                           "DnsServers": [
-                             "x.x.x.x"
-                           ]
-                         }
-```
-If present, ensure that the DNS server can resolve the backend pool member's FQDN correctly.
+    ```json
+    Get-AzVirtualNetwork -Name vnetName -ResourceGroupName rgName 
+    DhcpOptions            : {
+                               "DnsServers": [
+                                 "x.x.x.x"
+                               ]
+                             }
+    ```
+5. If present, ensure that the DNS server can resolve the backend pool member's FQDN correctly.
 
 ## Problems with default health probe
 
@@ -91,9 +91,9 @@ The following table lists the values associated with the default health probe:
 * Protocol of the request is determined by the BackendHttpSetting protocol.
 * URI Path will be set to */*.
 * If BackendHttpSetting specifies a port other than 80, the default site should be configured to listen at that port.
-* The call to `protocol://127.0.0.1:port` should return an HTTP result code of 200. This should be returned within the 30-second timeout period.
+* The call to `protocol://127.0.0.1:port` should return an HTTP result code of 200. This code should be returned within the 30-second timeout period.
 * Ensure the configured port is open and there are no firewall rules or Azure Network Security Groups blocking incoming or outgoing traffic on the port configured.
-* If Azure classic VMs or Cloud Service is used with a FQDN or a public IP, ensure that the corresponding [endpoint](/previous-versions/azure/virtual-machines/windows/classic/setup-endpoints?toc=%2fazure%2fapplication-gateway%2ftoc.json) is opened.
+* If Azure classic VMs or Cloud Service is used with an FQDN or a public IP, ensure that the corresponding [endpoint](/previous-versions/azure/virtual-machines/windows/classic/setup-endpoints?toc=%2fazure%2fapplication-gateway%2ftoc.json) is opened.
 * If the VM is configured via Azure Resource Manager and is outside the VNet where the application gateway is deployed, a [Network Security Group](../virtual-network/network-security-groups-overview.md) must be configured to allow access on the desired port.
 
 ## Problems with custom health probe
@@ -128,7 +128,7 @@ Validate that the Custom Health Probe is configured correctly as the preceding t
 
 ### Cause
 
-When a user request is received, the application gateway applies the configured rules to the request and routes it to a back-end pool instance. It waits for a configurable interval of time for a response from the back-end instance. By default, this interval is **20** seconds. In Application Gateway v1, if the application gateway does not receive a response from back-end application in this interval, the user request gets a 502 error.  In Application Gateway v2, if the application gateway does not receive a response from the back-end application in this interval, the request will be tried against a second back-end pool member.  If the second request fails the user request gets a 502 error.
+When a user request is received, the application gateway applies the configured rules to the request and routes it to a back-end pool instance. It waits for a configurable interval of time for a response from the back-end instance. By default, this interval is **20** seconds. In Application Gateway v1, if the application gateway doesn't receive a response from back-end application in this interval, the user request gets a 502 error.  In Application Gateway v2, if the application gateway doesn't receive a response from the back-end application in this interval, the request will be tried against a second back-end pool member.  If the second request fails the user request gets a 502 error.
 
 ### Solution
 
@@ -152,7 +152,7 @@ Ensure that the back-end address pool isn't empty. This can be done either via P
 Get-AzApplicationGateway -Name "SampleGateway" -ResourceGroupName "ExampleResourceGroup"
 ```
 
-The output from the preceding cmdlet should contain non-empty back-end address pool. The following example shows two pools returned which are configured with a FQDN or an IP addresses for the backend VMs. The provisioning state of the BackendAddressPool must be 'Succeeded'.
+The output from the preceding cmdlet should contain non-empty back-end address pool. The following example shows two pools returned which are configured with an FQDN or an IP addresses for the backend VMs. The provisioning state of the BackendAddressPool must be 'Succeeded'.
 
 BackendAddressPoolsText:
 

articles/application-gateway/application-gateway-troubleshooting-502.md

@@ -5,7 +5,7 @@ services: application-gateway
 author: greg-lindsay
 ms.service: application-gateway
 ms.topic: conceptual
-ms.date: 02/17/2022
+ms.date: 09/13/2022
 ms.author: greglin
 ---
 

articles/application-gateway/configuration-http-settings.md

@@ -5,8 +5,8 @@ services: application-gateway
 author: greg-lindsay
 ms.service: application-gateway
 ms.topic: conceptual
-ms.date: 06/14/2021
-ms.author: surmb
+ms.date: 09/13/2022
+ms.author: greglin
 ---
 
 # Application Gateway infrastructure configuration
@@ -32,7 +32,7 @@ Application Gateway (Standard or WAF) SKU can support up to 32 instances (32 ins
 
 Application Gateway (Standard_v2 or WAF_v2 SKU) can support up to 125 instances (125 instance IP addresses + 1 private frontend IP configuration + 5 Azure reserved). A minimum subnet size of /24 is recommended.
 
-To determine the available capacity of a subnet that has existing Application Gateways provisioned, take the size of the subnet and subtract the five reserved IP addresses of the subnet reserved by the platform.  Next, take each gateway and subtract the the max-instance count.  For each gateway that has a private frontend IP configuration, subtract one additional IP address per gateway as well.
+To determine the available capacity of a subnet that has existing Application Gateways provisioned, take the size of the subnet and subtract the five reserved IP addresses of the subnet reserved by the platform.  Next, take each gateway and subtract the max-instance count.  For each gateway that has a private frontend IP configuration, subtract one additional IP address per gateway as well.
 
 For example, here's how to calculate the available addressing for a subnet with three gateways of varying sizes:
 - Gateway 1: Maximum of 10 instances; utilizes a private frontend IP configuration
@@ -46,7 +46,7 @@ Subnet Size /24 = 255 IP addresses - 5 reserved from the platform = 250 availabl
 237 - Gateway 3 (15) - 1 private frontend IP configuration = 221
 
 > [!IMPORTANT]
-> Although a /24 subnet is not required per Application Gateway v2 SKU deployment, it is highly recommended. This is to ensure that Application Gateway v2 has sufficient space for autoscaling expansion and maintenance upgrades. You should ensure that the Application Gateway v2 subnet has sufficient address space to accommodate the number of instances required to serve your maximum expected traffic. If you specify the maximum instance count, then the subnet should have capacity for at least that many addresses. For capacity planning around instance count, see [instance count details](understanding-pricing.md#instance-count).
+> Although a /24 subnet isn't required per Application Gateway v2 SKU deployment, it is highly recommended. This is to ensure that Application Gateway v2 has sufficient space for autoscaling expansion and maintenance upgrades. You should ensure that the Application Gateway v2 subnet has sufficient address space to accommodate the number of instances required to serve your maximum expected traffic. If you specify the maximum instance count, then the subnet should have capacity for at least that many addresses. For capacity planning around instance count, see [instance count details](understanding-pricing.md#instance-count).
 
 > [!TIP]
 > IP addresses are allocated from the beginning of the defined subnet space for gateway instances. As instances are created and removed due to creation of gateways or scaling events, it can become difficult to understand what the next available address is in the subnet. To be able to determine the next address to use for a future gateway and have a contiguous addressing theme for frontend IPs, consider assigning frontend IP addresses from the upper half of the defined subset space. For example, if my subnet address space is 10.5.5.0/24, consider setting the private frontend IP configuration of your gateways starting with 10.5.5.254 and then following with 10.5.5.253, 10.5.5.252, 10.5.5.251, and so forth for future gateways.

articles/application-gateway/configuration-infrastructure.md

@@ -5,7 +5,7 @@ services: application-gateway
 author: greg-lindsay
 ms.service: application-gateway
 ms.topic: conceptual
-ms.date: 01/18/2022
+ms.date: 09/13/2022
 ms.author: greglin
 ---
 
@@ -151,3 +151,4 @@ For an Application Gateway v1-v2 feature comparison, see [What is Azure Applicat
 ## Next steps
 
 - Learn [how an application gateway works](how-application-gateway-works.md)
+- Review [Frequently asked questions about Azure Application Gateway](application-gateway-faq.yml)

articles/application-gateway/features.md

@@ -5,13 +5,13 @@ services: application-gateway
 author: greg-lindsay
 ms.service: application-gateway
 ms.topic: conceptual
-ms.date: 11/16/2019
+ms.date: 09/13/2022
 ms.author: greglin
 ---
 
 # How an application gateway works
 
-This article explains how an application gateway accepts incoming requests and routes them to the backend.
+This article explains how an [application gateway](overview.md) accepts incoming requests and routes them to the backend.
 
 ![How an application gateway accepts a request](./media/how-application-gateway-works/how-application-gateway-works.png)
 
@@ -34,8 +34,8 @@ Internal application gateways use only private IP addresses. If you are using a
 If a request is valid and not blocked by WAF, the application gateway evaluates the request routing rule that's associated with the listener. This action determines which backend pool to route the request to.
 
 Based on the request routing rule, the application gateway determines whether to route all requests on the listener to a specific backend pool, route requests to different backend pools based on the URL path, or redirect requests to another port or external site.
->[!NOTE]
->Rules are processed in the order they're listed in the portal for v1 SKU. 
+> [!NOTE]
+> Rules are processed in the order they're listed in the portal for v1 SKU. 
 
 When the application gateway selects the backend pool, it sends the request to one of the healthy backend servers in the pool (y.y.y.y). The health of the server is determined by a health probe. If the backend pool contains multiple servers, the application gateway uses a round-robin algorithm to route the requests between healthy servers. This load balances the requests on the servers.
 
@@ -45,8 +45,8 @@ The port and protocol used in HTTP settings determine whether the traffic betwee
 
 When an application gateway sends the original request to the backend server, it honors any custom configuration made in the HTTP settings related to overriding the hostname, path, and protocol. This action maintains cookie-based session affinity, connection draining, host-name selection from the backend, and so on.
 
- >[!NOTE]
->If the backend pool:
+ > [!NOTE]
+> If the backend pool:
 > - **Is a public endpoint**, the application gateway uses its frontend public IP to reach the server. If there isn't a frontend public IP address, one is assigned for the outbound external connectivity.
 > - **Contains an internally resolvable FQDN or a private IP address**, the application gateway routes the request to the backend server by using its instance private IP addresses.
 > - **Contains an external endpoint or an externally resolvable FQDN**, the application gateway routes the request to the backend server by using its frontend public IP address. The DNS resolution is based on a private DNS zone or custom DNS server, if configured, or it uses the default Azure-provided DNS. If there isn't a frontend public IP address, one is assigned for the outbound external connectivity.
@@ -63,4 +63,5 @@ You can configure application gateway to modify request and response headers and
 
 ## Next steps
 
-[Learn about application gateway components](application-gateway-components.md)
+- [Learn about application gateway components](application-gateway-components.md)
+- Review [Azure Application Gateway features](features.md)

articles/application-gateway/how-application-gateway-works.md

@@ -6,7 +6,7 @@ author: greg-lindsay
 ms.service: application-gateway
 ms.topic: overview
 ms.custom: mvc
-ms.date: 08/26/2020
+ms.date: 09/13/2022
 ms.author: greglin
 #Customer intent: As an IT administrator, I want to learn about Azure Application Gateways and what I can use them for.
 ---
@@ -35,6 +35,10 @@ This type of routing is known as application layer (OSI layer 7) load balancing.
 
 To learn about Application Gateway features, see [Azure Application Gateway features](features.md).
 
+## Infrastructure
+
+To learn about Application Gateway infrastructure, see [Azure Application Gateway infrastructure configuration](configuration-infrastructure.md).
+
 ## Pricing and SLA
 
 For Application Gateway pricing information, see [Application Gateway pricing](https://azure.microsoft.com/pricing/details/application-gateway/).
@@ -53,3 +57,5 @@ Depending on your requirements and environment, you can create a test Applicatio
 - [Quickstart: Direct web traffic with Azure Application Gateway - Azure PowerShell](quick-create-powershell.md)
 - [Quickstart: Direct web traffic with Azure Application Gateway - Azure CLI](quick-create-cli.md)
 - [Learn module: Introduction to Azure Application Gateway](/learn/modules/intro-to-azure-application-gateway)
+- [How an application gateway works](how-application-gateway-works.md)
+- [Frequently asked questions about Azure Application Gateway](application-gateway-faq.yml)