You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/application-gateway/application-gateway-diagnostics.md
+5-2Lines changed: 5 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ services: application-gateway
6
6
author: greg-lindsay
7
7
ms.service: application-gateway
8
8
ms.topic: article
9
-
ms.date: 01/10/2024
9
+
ms.date: 02/28/2024
10
10
ms.author: greglin
11
11
---
12
12
@@ -87,10 +87,13 @@ Azure generates the activity log by default. The logs are preserved for 90 days
87
87
88
88
### Access log
89
89
90
-
The access log is generated only if you've enabled it on each Application Gateway instance, as detailed in the preceding steps. The data is stored in the storage account that you specified when you enabled the logging. Each access of Application Gateway is logged in JSON format as shown below.
90
+
The access log is generated only if you've enabled it on each Application Gateway instance, as detailed in the preceding steps. The data is stored in the storage account that you specified when you enabled the logging. Each access of Application Gateway is logged in JSON format as shown below.
91
91
92
92
#### For Application Gateway and WAF v2 SKU
93
93
94
+
> [!NOTE]
95
+
> For TLS/TCP proxy related information, visit [data reference](monitor-application-gateway-reference.md#tlstcp-proxy-logs).
96
+
94
97
|Value |Description |
95
98
|---------|---------|
96
99
|instanceId | Application Gateway instance that served the request. |
title: Frequently asked questions about Application Gateway
@@ -491,7 +491,7 @@ sections:
491
491
> [!NOTE]
492
492
> You can't use any layer 4 properties for HTTP or HTTPS protocol settings.
493
493
494
-
- question: Can I use a TCP/TLS listener with an HTTP(S) backend betting?
494
+
- question: Can I map a TCP/TLS protocol listener with an HTTP(S) protocol Backend setting?
495
495
answer: No. You can't cross-link Layer 4 and Layer 7 properties. Therefore, a routing rule will only allow you to link a Layer 4-type listener to a Layer 4-type Backend setting.
496
496
497
497
- question: Can L7 and L4 properties have same names?
Copy file name to clipboardExpand all lines: articles/application-gateway/monitor-application-gateway-reference.md
+33-31Lines changed: 33 additions & 31 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -70,28 +70,47 @@ Similarly, if the *Application gateway total time* has a spike but the *Backend
70
70
|**Unhealthy host count**|Count|The number of backends that are determined unhealthy by the health probe. You can filter on a per backend pool basis to show the number of unhealthy hosts in a specific backend pool.|
71
71
|**Requests per minute per Healthy Host**|Count|The average number of requests received by each healthy member in a backend pool in a minute. Specify the backend pool using the *BackendPool HttpSettings* dimension.|
72
72
73
-
##Application Gateway layer 4 proxy monitoring
73
+
### Backend health API
74
74
75
-
### Layer 4 metrics
75
+
See [Application Gateways - Backend Health](/rest/api/application-gateway/application-gateways/backend-health?tabs=HTTP) for details of the API call to retrieve the backend health of an application gateway.
After sending this POST request, you should see an HTTP 202 Accepted response. In the response headers, find the Location header and send a new GET request using that URL.
With layer 4 proxy feature now available with Application Gateway, there are some Common metrics (apply to both layer 7 as well as layer 4), and some layer 4 specific metrics. The following table describes all the metrics are the applicable for layer 4 usage.
| Current Connections | The number of active connections: reading, writing, or waiting. The count of current connections established with Application Gateway. | Common | None |
82
-
| New Connections per second | The average number of connections handled per second in last 1 minute. | Common | None |
83
-
| Throughput | The rate of data flow (inBytes+ outBytes) in the last 1 minute. | Common | None |
84
-
| Healthy host count | The number of healthy backend hosts. | Common | BackendSettingsPool |
85
-
| Unhealthy host | The number of unhealthy backend hosts. | Common | BackendSettingsPool |
86
-
| ClientRTT | Average round trip time between clients and Application Gateway. | Common | Listener |
87
-
| Backend Connect Time | Time spent establishing a connection with a backend server. | Common | Listener, BackendServer, BackendPool, BackendSetting |
88
-
| Backend First Byte Response Time | Time interval between start of establishing a connection to backend server and receiving the first byte of data (approximating processing time of backend server). | Common | Listener, BackendServer, BackendPool, BackendHttpSetting`*`|
89
-
| Backend Session Duration | The total time of a backend connection. The average time duration from the start of a new connection to its termination. | L4 only| Listener, BackendServer, BackendPool, BackendHttpSetting`*`|
90
-
| Connection Lifetime | The total time of a client connection to application gateway. The average time duration from the start of a new connection to its termination in milliseconds. | L4 only| Listener |
100
+
| Current Connections | The number of active connections: reading, writing, or waiting. The count of current connections established with Application Gateway. | Common metric | None |
101
+
| New Connections per second | The average number of connections handled per second during that minute. | Common metric| None |
102
+
| Throughput | The rate of data flow (inBytes+ outBytes) during that minute. | Common metric| None |
103
+
| Healthy host count | The number of healthy backend hosts. | Common metric | BackendSettingsPool |
104
+
| Unhealthy host | The number of unhealthy backend hosts. | Common metric | BackendSettingsPool |
105
+
| ClientRTT | Average round trip time between clients and Application Gateway. | Common metric | Listener |
106
+
| Backend Connect Time | Time spent establishing a connection with a backend server. | Common metric | Listener, BackendServer, BackendPool, BackendSetting |
107
+
| Backend First Byte Response Time | Time interval between start of establishing a connection to backend server and receiving the first byte of data (approximating processing time of backend server). | Common metric | Listener, BackendServer, BackendPool, BackendHttpSetting`*`|
108
+
| Backend Session Duration | The total time of a backend connection. The average time duration from the start of a new connection to its termination. | L4-specific| Listener, BackendServer, BackendPool, BackendHttpSetting`*`|
109
+
| Connection Lifetime | The total time of a client connection to application gateway. The average time duration from the start of a new connection to its termination in milliseconds. | L4-specific| Listener |
91
110
92
111
`*` BackendHttpSetting dimension includes both layer 7 and layer 4 backend settings.
93
112
94
-
###Layer 4 logs
113
+
#### TLS/TCP proxy logs
95
114
96
115
Application Gateway’s Layer 4 proxy provides log data through access logs. These logs are only generated and published if they are configured in the diagnostic settings of your gateway.
97
116
- Also see: [Supported categories for Azure Monitor resource logs](/azure/azure-monitor/essentials/resource-logs-categories#microsoftnetworkapplicationgateways).
@@ -122,30 +141,13 @@ Application Gateway’s Layer 4 proxy provides log data through access logs. The
122
141
| serverStatus |200 - session completed successfully. 400 - client data could not be parsed. 500 - internal server error. 502 - bad gateway. For example, when an upstream server could not be reached. 503 - service unavailable. For example, if access is limited by the number of connections. |
123
142
| ResourceId |Application Gateway resource URI |
124
143
125
-
### Layer 4 backend health
144
+
### TLS/TCP proxy backend health
126
145
127
146
Application Gateway’s layer 4 proxy provides the capability to monitor the health of individual members of the backend pools through the portal and REST API.
128
147
129
148
130
149
131
-
### REST API
132
-
133
-
See [Application Gateways - Backend Health](/rest/api/application-gateway/application-gateways/backend-health?tabs=HTTP) for details of the API call to retrieve the backend health of an application gateway.
After sending this POST request, you should see an HTTP 202 Accepted response. In the response headers, find the Location header and send a new GET request using that URL.
Copy file name to clipboardExpand all lines: articles/application-gateway/multiple-site-overview.md
+3-12Lines changed: 3 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,7 +4,7 @@ description: This article provides an overview of the Azure Application Gateway
4
4
services: application-gateway
5
5
author: greg-lindsay
6
6
ms.service: application-gateway
7
-
ms.date: 02/26/2024
7
+
ms.date: 02/28/2024
8
8
ms.author: greglin
9
9
ms.topic: conceptual
10
10
---
@@ -89,18 +89,9 @@ In the Azure portal, under the multi-site listener, you must choose the **Multip
89
89
90
90
See [create multi-site using Azure PowerShell](tutorial-multiple-sites-powershell.md) or [using Azure CLI](tutorial-multiple-sites-cli.md) for the step-by-step guide on how to configure wildcard host names in a multi-site listener.
91
91
92
-
## Multi-site listeners for Application Gateway layer 4 proxy
92
+
## Multi-site listener for TLS and TCP protocol listeners
93
93
94
-
Multi-site hosting enables you to configure more than one backend TLS or TCP-based application on the same port of application gateway. This can be achieved by using TLS listeners only. This allows you to configure a more efficient topology for your deployments by adding multiple backend applications on the same port using single application gateway. The traffic for each application can be directed to its own backend pool by providing domain names in the TLS listener.
95
-
96
-
For example, you can create three multisite listeners each with its own domain (contoso.com, fabrikam.com, and *.adatum.com), and route them to their respective backend pools having different applications. All three domains must point to the frontend IP address of the application gateway. This feature is in preview phase for use with layer 4 proxy.
97
-
98
-
### Feature information:
99
-
100
-
- Multi-site listener allows you to add listeners using the same port number.
101
-
- For multisite TLS listeners, Application Gateway uses the Server Name Indication (SNI) value. SNI is primarily used to present clients with the domain server certificate and route a connection to the appropriate backend pool. This is done by picking the common name in TLS handshake data of an incoming connection.
102
-
- Application Gateway allows domain-based routing using multisite TLS listener. You can use wildcard characters like asterisk (*) and question mark (?) in the host name, and up to 5 domains per multi-site TLS listener. For example, *.contoso.com.
103
-
- The TCP connection inherently has no concept of hostname or domain name. Hence, with Layer 4 proxy the multisite listener isn't supported for TCP listeners.
94
+
The multi-site feature is also available for Layer4 proxy, but only for its TLS listeners. You can direct the traffic for each application to its backend pool by providing domain names in the TLS listener. For the functioning of the multisite feature on TLS listeners, Application Gateway uses the Server Name Indication (SNI) value (the clients primarily present SNI extension to fetch the correct TLS certificate). A multisite TLS listener would pick this SNI value from the TLS handshake data of an incoming connection and route that connection to the appropriate backend pool. The TCP connection inherently has no concept of hostname or domain name; hence, this isn't available for TCP listeners.
0 commit comments