Ask Downloads
Domain 3 β€” Module 5 of 5 100%
18 of 26 overall
Domain 3: Application Delivery Services Free ⏱ ~10 min read

Choosing the Right Load Balancer

The definitive decision guide for Azure's four load balancers β€” Load Balancer, Traffic Manager, Application Gateway, and Front Door. Master the exam elimination technique.

Choosing the Right Load Balancer

This is the module that ties Domain 3 together. The exam frequently presents a scenario and asks you to choose the right load balancer. This decision matrix and elimination technique will serve you well.

Simple explanation

Azure has four load balancers: Load Balancer (traffic light β€” fast, simple, any vehicle), Traffic Manager (GPS β€” tells you which road, doesn’t drive), Application Gateway (smart toll booth β€” inspects tickets, routes to right lane), Front Door (international airport hub β€” global, caches, security screening).

The Four-Way Comparison

Azure Load Balancing Services
FeatureLoad BalancerTraffic ManagerApp GatewayFront Door
LayerLayer 4 (TCP/UDP)DNSLayer 7 (HTTP/S)Layer 7 (HTTP/S)
ScopeRegional (cross-region with global tier)GlobalRegionalGlobal
Proxies trafficYes (pass-through)No (DNS redirect only)Yes (full proxy)Yes (full proxy)
URL/path routingNoNoYesYes
TLS terminationNoNoYesYes
WAFNoNoYes (add-on)Yes (built-in)
CDN / CachingNoNoNoYes
Private Link originsNoNoNoYes (Premium)
Non-HTTP trafficYes (any TCP/UDP)Yes (DNS β€” any protocol)NoNo
Session affinitySource IP (2/3-tuple)NoCookie-basedCookie-based
Health probesTCP, HTTP, HTTPSHTTP, HTTPS, TCPHTTP, HTTPSHTTP, HTTPS

Decision Flowchart

Use this flowchart when the exam presents a load balancing scenario:

Step 1: Is the traffic HTTP/HTTPS?

  • No β†’ Load Balancer (for TCP/UDP) or Traffic Manager (for DNS-based routing of any protocol)
  • Yes β†’ Continue to Step 2

Step 2: Does it need global distribution?

  • No (single region) β†’ Application Gateway
  • Yes (multi-region) β†’ Continue to Step 3

Step 3: Does it need CDN, caching, or Private Link origins?

  • Yes β†’ Front Door (Premium if Private Link needed)
  • No β†’ Traffic Manager (if DNS-only is acceptable) or Front Door (if you need proxy/WAF)

Common Combinations

Load balancers work together, not in isolation:

Front Door + Application Gateway: Front Door handles global distribution, CDN, and edge WAF. Application Gateway handles regional routing, path-based rules, and additional WAF. This is the most common enterprise web app pattern.

Traffic Manager + Load Balancer: Traffic Manager provides global DNS routing to regional Load Balancers. Used for non-HTTP workloads (databases, gaming, IoT) that need global failover.

Front Door + Load Balancer: Front Door handles global HTTP entry. Load Balancer distributes within a region to non-HTTP backend tiers (e.g., TCP-based microservices behind an API layer).

Exam Elimination Guide

When you see a load balancing question, eliminate options using these rules:

β€œNon-HTTP protocol” mentioned β†’ Eliminate Application Gateway and Front Door. Answer is Load Balancer or Traffic Manager.

β€œURL routing” or β€œpath-based routing” needed β†’ Eliminate Load Balancer and Traffic Manager. Answer is Application Gateway or Front Door.

β€œGlobal CDN” or β€œcaching at edge” β†’ Only Front Door provides this. Eliminate all others.

β€œPrivate Link origin” or β€œbackend with no public IP” β†’ Only Front Door Premium. Eliminate all others.

β€œDNS-based only” or β€œno proxy needed” β†’ Traffic Manager. It’s the only one that doesn’t proxy traffic.

β€œRegional, internal workload” β†’ Internal Load Balancer or Application Gateway (internal frontend).

β€œSession affinity with cookies” β†’ Application Gateway or Front Door. Load Balancer uses source IP only.

β€œLayer 4, high throughput, HA ports” β†’ Standard Load Balancer with HA ports.

Practice this elimination technique with every load balancing question you encounter.

Key Takeaways

  • Non-HTTP traffic: Load Balancer (L4) or Traffic Manager (DNS)
  • Regional HTTP: Application Gateway
  • Global HTTP with CDN/WAF: Front Door
  • Private Link origins: Front Door Premium only
  • DNS-only (no proxy): Traffic Manager only
  • Combinations are common in enterprise architectures

Test Your Knowledge

Question

Which load balancer provides CDN caching at edge locations?

Click or press Enter to reveal answer

Answer

Azure Front Door only. Application Gateway, Load Balancer, and Traffic Manager do not provide CDN caching.

Click to flip back
Question

Which load balancer works with non-HTTP protocols like TCP and UDP?

Click or press Enter to reveal answer

Answer

Azure Load Balancer (Layer 4) handles TCP/UDP directly. Traffic Manager works at DNS level and can route any protocol. Application Gateway and Front Door only handle HTTP/HTTPS.

Click to flip back
Question

Which is the only load balancer that doesn't proxy traffic?

Click or press Enter to reveal answer

Answer

Traffic Manager. It works at the DNS layer β€” it returns the IP of the best endpoint and the client connects directly. All others (LB, AG, FD) proxy or pass-through the actual traffic.

Click to flip back
Knowledge Check

Ravi needs to load-balance a TCP-based database replication protocol across VMs in a single region. Which service should he use?
Knowledge Check

Elena needs global HTTP load balancing with CDN caching, managed WAF rules, and origins that have no public IPs. Which service and tier?

Next up: Private Link and Private Endpoints β€” Start Domain 4 by making Azure PaaS services accessible only through your private network.