Why should I use the Service Fabric Reverse Proxy instead of the Azure App Gateway to talk to SF Cluster? Why should I use the Service Fabric Reverse Proxy instead of the Azure App Gateway to talk to SF Cluster? azure azure

Why should I use the Service Fabric Reverse Proxy instead of the Azure App Gateway to talk to SF Cluster?


azure reverse-proxy azure-service-fabric azure-application-gateway

Well, for external traffic into the cluster you will get an Azure Load Balancer / Reverse Proxy combination out-of-the-box. But whether it is sufficient is another question. We had the same decision to make, we ended up using the Application Gateway.

The differences between the Azure Load Balancer and Application Gateway are outlined in this document.

Some takeaways:

  • Azure Load Balancer works at the transport layer (Layer 4 in the OSI network reference stack). It provides network-level distribution of traffic across instances of an application running in the same Azure data center.
  • Application Gateway works at the application layer (Layer 7 in the OSI network reference stack). It acts as a reverse-proxy service, terminating the client connection and forwarding requests to back-end endpoints.

So, Application Gateway additionally supports SSL termination, SSL end to end and URL-based routing which makes it a good candidate for Service Fabric applications that have external clients.

azure reverse-proxy azure-service-fabric azure-application-gateway

Given a path well trodden, aditional trade offs only became real to me when physically implemented.

If you dont use a reverse proxy then adding other services in your cluster and being able to differentiate requests to them becomes a mammothly expensive exercise.

Consider the cost of adding new PIPs, load balancer Natting rules, firewall rules (if using NVAs) and natting rules contained therein.

Put another way, without an RP, I am saying you effectively end up having a one to one relationship between an external IP address and a service on a node manifested by hard coding a route from point to point.

With a reverse proxy like traefic, you can use service discovery to deploy and make active services with much much less configuration. Significanty saving time, effort and money. When implementing the RP I will update answer again.

azure reverse-proxy azure-service-fabric azure-application-gateway

I can tell you why you might not want to use Reverse Proxy.

When you configure the reverse proxy's port in Load Balancer, all microservices in the cluster that expose an HTTP endpoint are addressable from outside the cluster.

If you have any services that you do not want to be exposed to the outside world then you probably don't want to use reverse proxy.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last