You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/application-gateway/application-gateway-autoscaling-zone-redundant.md
+3Lines changed: 3 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -22,6 +22,9 @@ Application Gateway and WAF can be configured to scale in two modes:
22
22
23
23
-**Manual** - You can also choose Manual mode where the gateway doesn't autoscale. In this mode, if there's more traffic than what Application Gateway or WAF can handle, it could result in traffic loss. With manual mode, specifying instance count is mandatory. Instance count can vary from 1 to 125 instances.
24
24
25
+
> [!NOTE]
26
+
> These scaling modes don’t apply for Application Gateway Basic. Application Gateway Basic automatically scales up to an estimated 200 connections per second, based on an RSA 2048-bit key TLS certificate.
27
+
25
28
## Autoscaling and High Availability
26
29
27
30
Azure Application Gateways are always deployed in a highly available fashion. The service is made up of multiple instances that are created as configured if autoscaling is disabled, or required by the application load if autoscaling is enabled. From the user's perspective, you don't necessarily have visibility into the individual instances, but just into the Application Gateway service as a whole. If a certain instance has a problem and stops being functional, Azure Application Gateway transparently creates a new instance.
Copy file name to clipboardExpand all lines: articles/application-gateway/overview-v2.md
+66-22Lines changed: 66 additions & 22 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,36 +5,66 @@ services: application-gateway
5
5
author: greg-lindsay
6
6
ms.service: application-gateway
7
7
ms.topic: overview
8
-
ms.date: 04/25/2024
8
+
ms.date: 04/30/2024
9
9
ms.author: greglin
10
10
ms.custom: references_regions
11
11
---
12
12
13
13
# What is Azure Application Gateway v2?
14
14
15
-
Application Gateway is available under a Standard_v2 SKU. Web Application Firewall (WAF) is available under a WAF_v2 SKU. The v2 SKU offers performance enhancements and adds support for critical new features like autoscaling, zone redundancy, and support for static VIPs. Existing features under the Standard and WAF SKU continue to be supported in the new v2 SKU, with a few exceptions listed in [comparison](#differences-from-v1-sku) section.
15
+
Application Gateway v2 is the latest version of Application Gateway. It provides advantages over Application Gateway v1 such as performance enhancements, autoscaling, zone redundancy, and static VIPs.
16
16
17
-
The new v2 SKU includes the following enhancements:
17
+
> [!IMPORTANT]
18
+
> Deprecation of Application Gateway V1 was [announced on April 28, 2023](v1-retirement.md). If you use Application Gateway V1 SKU, start planning your migration to V2 now and complete your migration to Application Gateway v2 by April 28, 2026. The v1 service isn't supported after this date.
19
+
20
+
## Key capabilities
21
+
22
+
The v2 SKU includes the following enhancements:
18
23
19
24
-**TCP/TLS proxy (Preview)**: Azure Application Gateway now also supports Layer 4 (TCP protocol) and TLS (Transport Layer Security) proxying. This feature is currently in public preview. For more information, see [Application Gateway TCP/TLS proxy overview](tcp-tls-proxy-overview.md).
20
25
-**Autoscaling**: Application Gateway or WAF deployments under the autoscaling SKU can scale out or in based on changing traffic load patterns. Autoscaling also removes the requirement to choose a deployment size or instance count during provisioning. This SKU offers true elasticity. In the Standard_v2 and WAF_v2 SKU, Application Gateway can operate both in fixed capacity (autoscaling disabled) and in autoscaling enabled mode. Fixed capacity mode is useful for scenarios with consistent and predictable workloads. Autoscaling mode is beneficial in applications that see variance in application traffic.
21
26
-**Zone redundancy**: An Application Gateway or WAF deployment can span multiple Availability Zones, removing the need to provision separate Application Gateway instances in each zone with a Traffic Manager. You can choose a single zone or multiple zones where Application Gateway instances are deployed, which makes it more resilient to zone failure. The backend pool for applications can be similarly distributed across availability zones.
22
27
23
28
Zone redundancy is available only where Azure Zones are available. In other regions, all other features are supported. For more information, see [Regions and Availability Zones in Azure](../reliability/availability-zones-service-support.md)
24
-
-**Static VIP**: Application Gateway v2 SKU supports the static VIP type exclusively. This ensures that the VIP associated with the application gateway doesn't change for the lifecycle of the deployment, even after a restart. There isn't a static VIP in v1, so you must use the application gateway URL instead of the IP address to route App Services via the application gateway.
29
+
-**Static VIP**: Application Gateway v2 SKU supports the static VIP type exclusively. Static VIP ensures that the VIP associated with the application gateway doesn't change for the lifecycle of the deployment, even after a restart. You must use the application gateway URL for domain name routing to App Services via the application gateway, as v1 doesn't have a static VIP.
25
30
-**Header Rewrite**: Application Gateway allows you to add, remove, or update HTTP request and response headers with v2 SKU. For more information, see [Rewrite HTTP headers with Application Gateway](./rewrite-http-headers-url.md)
26
31
-**Key Vault Integration**: Application Gateway v2 supports integration with Key Vault for server certificates that are attached to HTTPS enabled listeners. For more information, see [TLS termination with Key Vault certificates](key-vault-certs.md).
27
32
-**Mutual Authentication (mTLS)**: Application Gateway v2 supports authentication of client requests. For more information, see [Overview of mutual authentication with Application Gateway](mutual-authentication-overview.md).
28
33
-**Azure Kubernetes Service Ingress Controller**: The Application Gateway v2 Ingress Controller allows the Azure Application Gateway to be used as the ingress for an Azure Kubernetes Service (AKS) known as AKS Cluster. For more information, see [What is Application Gateway Ingress Controller](ingress-controller-overview.md).
29
-
-**Private link**: The v2 SKU offers private connectivity from other virtual networks in other regions and subscriptions through the use of private endpoints.
34
+
-**Private link**: The v2 SKU offers private connectivity from other virtual networks in other regions and subscriptions by using private endpoints.
30
35
-**Performance enhancements**: The v2 SKU offers up to 5X better TLS offload performance as compared to the Standard/WAF SKU.
31
-
-**Faster deployment and update time**: The v2 SKU provides faster deployment and update time as compared to Standard/WAF SKU. This also includes WAF configuration changes.
36
+
-**Faster deployment and update time**: The v2 SKU provides faster deployment and update time as compared to Standard/WAF SKU. The faster time also includes WAF configuration changes.
32
37
33
38
34
39
40
+
> [!NOTE]
41
+
> Some of the capabilities listed here are dependent on the SKU type.
42
+
43
+
## SKU types
44
+
45
+
Application Gateway v2 is available under two SKUs:
46
+
-**Basic** (preview): The Basic SKU is designed for applications that have lower traffic and SLA requirements, and don't need advanced traffic management features. For information on how to register for the public preview of Application Gateway Basic SKU, see [Register for the preview](#register-for-the-preview).
47
+
-**Standard_v2 SKU**: The Standard_v2 SKU is designed for running production workloads and high traffic. It also includes auto scale that can automatically adjust the number of instances to match your traffic needs.
48
+
49
+
The following table displays a comparison between Basic and Standard_v2.
| Scale | Max. connections per second<br>Number of listeners<br>Number of backend pools<br>Number of backend servers per pool<br>Number of rules | 200<sup>1</sup><br>5<br>5<br>5<br>5 | 62500<sup>1</sup><br>100<br>100<br>1200<br>400 |
57
+
| Capacity Unit | Connections per second per compute unit<br>Throughput<br>Persistent new connections | 10<br>2.22 Mbps<br>2500 | 50<br>2.22 Mbps<br>2500 |
58
+
59
+
<sup>1</sup>Estimated based on using an RSA 2048-bit key TLS certificate.
60
+
61
+
## Pricing
62
+
63
+
With the v2 SKU, consumption drives the pricing model and is no longer attached to instance counts or sizes. To learn more, see [Understanding pricing](understanding-pricing.md).
64
+
35
65
## Unsupported regions
36
66
37
-
The Standard_v2 and WAF_v2 SKU isn't currently available in the following regions:
67
+
Currently, the Standard_v2 and WAF_v2 SKUs aren't available in the following regions:
38
68
39
69
- UK North
40
70
- UK South 2
@@ -43,18 +73,11 @@ The Standard_v2 and WAF_v2 SKU isn't currently available in the following region
43
73
- US DOD East
44
74
- US DOD Central
45
75
46
-
## Pricing
47
-
48
-
With the v2 SKU, the pricing model is based on consumption. It's no longer attached to instance counts or sizes. The v2 SKU pricing has two components:
49
-
50
-
-**Fixed price** - This is an hourly (or partial hour) price to provision a Standard_v2 or WAF_v2 Gateway. It's important to understand that zero additional minimum instances still ensures high availability of the service, and is always included with fixed price.
51
-
-**Capacity Unit price** - This is a consumption-based cost that is charged in addition to the fixed cost. Capacity unit charge is also computed hourly or partial hourly. There are three dimensions to capacity unit - compute unit, persistent connections, and throughput. Compute unit is a measure of processor capacity consumed. Factors affecting compute unit are TLS connections/sec, URL Rewrite computations, and WAF rule processing. Persistent connection is a measure of established TCP connections to the application gateway in a given billing interval. Throughput is average Megabits/sec processed by the system in a given billing interval. The billing is done at a Capacity Unit level for anything above the reserved instance count.
52
-
53
-
Each capacity unit is composed of at most: 1 compute unit, 2500 persistent connections, and 2.22-Mbps throughput.
76
+
## Migrate from v1 to v2
54
77
55
-
To learn more, see [Understanding pricing](understanding-pricing.md).
78
+
An Azure PowerShell script is available in the PowerShell gallery to help you migrate from your v1 Application Gateway/WAF to the v2 Autoscaling SKU. This script helps you copy the configuration from your v1 gateway. Traffic migration is still your responsibility. For more information, see [Migrate Azure Application Gateway from v1 to v2](migrate-v1-v2.md).
56
79
57
-
## Feature comparison between v1 SKU and v2 SKU
80
+
###Feature comparison between v1 SKU and v2 SKU
58
81
59
82
The following table compares the features available with each SKU.
60
83
@@ -66,7 +89,7 @@ The following table compares the features available with each SKU.
66
89
| Azure Kubernetes Service (AKS) Ingress controller ||✓|
67
90
| Azure Key Vault integration ||✓|
68
91
| Rewrite HTTP(S) headers ||✓|
69
-
| Enhanced Network Control (NSG, Route Table, Private IP Frontend only) ||✓|
92
+
| Enhanced Network Control (NSG, Route Table, Private IP Frontend only) ||✓|
70
93
| URL-based routing |✓|✓|
71
94
| Multiple-site hosting |✓|✓|
72
95
| Mutual Authentication (mTLS) ||✓|
@@ -75,7 +98,7 @@ The following table compares the features available with each SKU.
75
98
| Web Application Firewall (WAF) |✓|✓|
76
99
| WAF custom rules ||✓|
77
100
| WAF policy associations ||✓|
78
-
| Transport Layer Security (TLS)/Secure Sockets Layer (SSL) termination |✓|✓|
101
+
| Transport Layer Security (TLS)/Secure Sockets Layer (SSL) termination |✓|✓|
79
102
| End-to-end TLS encryption |✓|✓|
80
103
| Session affinity |✓|✓|
81
104
| Custom error pages |✓|✓|
@@ -88,7 +111,7 @@ The following table compares the features available with each SKU.
88
111
> [!NOTE]
89
112
> The autoscaling v2 SKU now supports [default health probes](application-gateway-probe-overview.md#default-health-probe) to automatically monitor the health of all resources in its backend pool and highlight those backend members that are considered unhealthy. The default health probe is automatically configured for backends that don't have any custom probe configuration. To learn more, see [health probes in application gateway](application-gateway-probe-overview.md).
90
113
91
-
## Differences from v1 SKU
114
+
###Differences from the v1 SKU
92
115
93
116
This section describes features and limitations of the v2 SKU that differ from the v1 SKU.
94
117
@@ -105,13 +128,34 @@ This section describes features and limitations of the v2 SKU that differ from t
105
128
|Cookie Affinity |Current V2 doesn't support appending the domain in session affinity Set-Cookie, which means that the cookie can't be used by client for the subdomains.|
106
129
|Microsoft Defender for Cloud integration|Not yet available.
107
130
108
-
## Migrate from v1 to v2
131
+
## Register for the preview
109
132
110
-
An Azure PowerShell script is available in the PowerShell gallery to help you migrate from your v1 Application Gateway/WAF to the v2 Autoscaling SKU. This script helps you copy the configuration from your v1 gateway. Traffic migration is still your responsibility. For more information, see [Migrate Azure Application Gateway from v1 to v2](migrate-v1-v2.md).
133
+
Run the following Azure CLI commands to register for the preview of Application Gateway Basic SKU.
Depending on your requirements and environment, you can create a test Application Gateway using either the Azure portal, Azure PowerShell, or Azure CLI.
115
157
158
+
159
+
116
160
-[Tutorial: Create an application gateway that improves web application access](tutorial-autoscale-ps.md)
117
161
-[Learn module: Introduction to Azure Application Gateway](/training/modules/intro-to-azure-application-gateway)
# Quickstart: Direct web traffic with Azure Application Gateway - Bicep
15
15
16
-
In this quickstart, you use Bicep to create an Azure Application Gateway. Then you test the application gateway to make sure it works correctly.
16
+
In this quickstart, you use Bicep to create an Azure Application Gateway. Then you test the application gateway to make sure it works correctly. The Standard v2 SKU is used in this example.
> You can modify values of the `Name` and `Tier` parameters under `resource\applicationGateWay\properties\sku` to use a different SKU. For example: `Basic`.
36
+
34
37
Multiple Azure resources are defined in the Bicep file:
Copy file name to clipboardExpand all lines: articles/application-gateway/quick-create-cli.md
+4-2Lines changed: 4 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ services: application-gateway
6
6
author: greg-lindsay
7
7
ms.service: application-gateway
8
8
ms.topic: quickstart
9
-
ms.date: 11/06/2023
9
+
ms.date: 01/23/2024
10
10
ms.author: greglin
11
11
ms.custom: mvc, devx-track-azurecli, mode-api
12
12
---
@@ -143,7 +143,9 @@ done
143
143
144
144
## Create the application gateway
145
145
146
-
Create an application gateway using `az network application-gateway create`. When you create an application gateway with the Azure CLI, you specify configuration information, such as capacity, SKU, and HTTP settings. Azure then adds the private IP addresses of the network interfaces as servers in the backend pool of the application gateway.
146
+
Create an application gateway using `az network application-gateway create`. When you create an application gateway with the Azure CLI, you specify configuration information, such as capacity, SKU (for example: `Basic`), and HTTP settings. Azure then adds the private IP addresses of the network interfaces as servers in the backend pool of the application gateway.
147
+
148
+
The Standard v2 SKU is used in this example.
147
149
148
150
```azurecli-interactive
149
151
address1=$(az network nic show --name myNic1 --resource-group myResourceGroupAG | grep "\"privateIPAddress\":" | grep -oE '[^ ]+$' | tr -d '",')
0 commit comments