Load Balancing & Routing

Load balancing design

The load balancing decision matrix

Azure Load Balancing Services

Factor	Azure Front Door	Traffic Manager	Application Gateway	Azure Load Balancer
Scope	Global	Global	Regional	Regional
Protocol	HTTP/HTTPS	Any (DNS-based)	HTTP/HTTPS	TCP/UDP
OSI Layer	L7	DNS	L7	L4
WAF	Yes (built-in)	No	Yes (optional SKU)	No
SSL offload	Yes	No	Yes	No
URL-based routing	Yes (path, header, query)	No	Yes (path, host)	No
Session affinity	Yes	No	Yes (cookie-based)	Yes (IP/protocol tuple)
Caching	Yes (edge caching)	No	No	No
Health probes	Yes (edge-based)	Yes (endpoint monitoring)	Yes (customisable)	Yes (TCP/HTTP probes)
Failover	Instant (edge-based)	DNS TTL-based (30-300 seconds)	Backend pool failover	Backend pool failover
Best for	Global web apps, multi-region failover, edge WAF	Global non-HTTP, multi-region DNS routing	Regional web apps, API routing, WAF	Regional VMs, internal services, non-HTTP

The exam shortcut: Global + HTTP = Front Door. Global + non-HTTP = Traffic Manager. Regional + HTTP = Application Gateway. Regional + non-HTTP = Load Balancer. Memorise this 2x2 matrix.

Common architecture patterns

Pattern	Services Used
Global web app	Front Door → Application Gateway → App Service/VMs
Global with non-HTTP	Traffic Manager → Load Balancer → VMs
Regional web app	Application Gateway → App Service/VMs
Internal services	Internal Load Balancer → VMs/VMSS
Multi-region HA	Front Door (primary routing) + Traffic Manager (failover)

🏗️ Priya’s load balancing architecture:

Users → Front Door (global edge, WAF, caching)
         ├── East US: Application Gateway → App Service (primary)
         └── West Europe: Application Gateway → App Service (secondary)

• Front Door handles global routing, SSL termination, and WAF
• Application Gateway in each region provides URL-based routing to backend services
• Internal Load Balancer distributes internal API traffic between VMs

🏦 Elena’s design:

Trading clients → Traffic Manager (DNS routing, any protocol)
                  ├── UK South: Load Balancer → Trading VMs (TCP/custom protocol)
                  └── West Europe: Load Balancer → Trading VMs (DR)

• Trading uses a custom TCP protocol (not HTTP) → Traffic Manager + Load Balancer
• Financial data can’t use edge caching → no Front Door

💡 Exam tip: Internal vs external Load Balancer

Azure Load Balancer has two SKUs:

• Public (External): Internet-facing — distributes traffic from the internet to VMs
• Internal: Private IP only — distributes traffic between VMs within a VNet

Common pattern: External Load Balancer for the web tier, Internal Load Balancer for the application/database tier. Internal LB keeps backend services off the internet.

Traffic Manager routing methods

Method	How It Routes	Best For
Priority	Always sends to highest-priority endpoint, failover to next	Active-passive DR
Weighted	Distributes by weight percentage	Canary deployments, traffic splitting
Performance	Routes to closest (lowest latency) endpoint	Global apps, latency-sensitive
Geographic	Routes based on user’s geographic location	Data sovereignty, regional compliance
MultiValue	Returns multiple healthy endpoints	Client-side load balancing
Subnet	Routes based on source IP subnet	Different experiences for different networks

Knowledge check

Question

What's the 2x2 load balancing decision matrix?

Click or press Enter to reveal answer

Answer

Global + HTTP = Front Door. Global + non-HTTP = Traffic Manager. Regional + HTTP = Application Gateway. Regional + non-HTTP = Azure Load Balancer. This covers 90% of AZ-305 load balancing questions.

Click to flip back

Question

What's the difference between Front Door and Traffic Manager?

Click or press Enter to reveal answer

Answer

Front Door operates at L7 (HTTP) with edge-based routing, WAF, SSL offload, and caching — instant failover. Traffic Manager operates at DNS level — works with any protocol but failover depends on DNS TTL (30-300 seconds). Use Front Door for web apps, Traffic Manager for non-HTTP.

Click to flip back

Question

When should you use an Internal Load Balancer?

Click or press Enter to reveal answer

Answer

For distributing traffic between VMs within a VNet — no internet exposure. Common pattern: External LB or Application Gateway for the web tier (internet-facing), Internal LB for the application/database tier (private). Keeps backend services off the public internet.

Click to flip back

Knowledge Check

🏗️ GlobalTech's customer portal is deployed in two Azure regions. Users worldwide need fast page loads, the application needs WAF protection, and failover between regions should be instant (not DNS-dependent). Which load balancing service should Priya recommend?

AAzure Traffic Manager with performance routingBAzure Front Door with origin groups in both regionsCAzure Application Gateway in each region with DNS round-robinDAzure Load Balancer with cross-region backend pools

Check Answer

Knowledge Check

🏦 Elena's trading platform uses a custom TCP protocol (not HTTP). It needs global routing to the closest data centre with automatic failover if a region becomes unhealthy. Which load balancing service should she recommend?

AAzure Front Door with TCP proxyBAzure Application Gateway with TCP listenersCAzure Load Balancer with global tierDAzure Traffic Manager with performance routing

Check Answer

---

Congratulations! 🎉 You’ve completed all 30 modules of the AZ-305: Designing Microsoft Azure Infrastructure Solutions study guide.

You’ve learned to design: monitoring, identity, governance, data storage, business continuity, compute, application architecture, migration, and networking — all through the lens of architecture decisions and tradeoffs.

What’s next?

• Review your flashcards and quiz scores
• Practice with scenario-based questions
• Remember: AZ-305 tests “why choose X over Y” — always explain the tradeoff