The actual behavior differs from the doc (IP address used)

[torumakabe]

Let me check the IP address used to communicate with the backend pool.

According to this doc, If the backend pool contains an internally resolvable FQDN or a private IP address, the application gateway routes the request to the backend server by using its instance private IP addresses.

Also, another article says like this, "Application Gateway uses one private IP address per instance, plus another private IP address if a private front-end IP is configured."

But, it seems that App GW uses IP addresses over the number of instances in my env.

An overview of my environment

[Clients]---[Public IP]---[App GW (1 instance)]---[Internal Azure Load Balancer]---[NGINX on AKS pods]

Configuration

% az network application-gateway show -g my-rg -n agw-demoapp -o json --query '{sku:sku, autoscaleConfiguration:autoscaleConfiguration, publicIpAddress:frontendIpConfigurations[].publicIpAddress, privateIpAddress:frontendIpConfigurations[].privateIpAddress, backendAddresses:backendAddressPools[].backendAddresses, subnetId:gatewayIpConfigurations[].subnet.id}'
{
  "autoscaleConfiguration": null,
  "backendAddresses": [
    [
      {
        "fqdn": null,
        "ipAddress": "10.0.32.100"
      }
    ]
  ],
  "privateIpAddress": [],
  "publicIpAddress": [
    {
      "id": "/subscriptions/my-sub/resourceGroups/my-rg/providers/Microsoft.Network/publicIPAddresses/pip-demoapp",
      "resourceGroup": "my-rg"
    }
  ],
  "sku": {
    "capacity": 1,
    "name": "Standard_v2",
    "tier": "Standard_v2"
  },
  "subnetId": [
    "/subscriptions/my-sub/resourceGroups/my-rg/providers/Microsoft.Network/virtualNetworks/vnet-default/subnets/subnet-appgw"
  ]
}

% az network  vnet subnet show --ids "/subscriptions/my-sub/resourceGroups/my-rg/providers/Microsoft.Network/virtualNetworks/vnet-default/subnets/subnet-appgw" -o json --query '{addressPrefix:addressPrefix}'
{
  "addressPrefix": "10.0.48.0/20"
}

Logs of NGINX

10.0.48.5 - - [10/Jun/2021:23:20:00 +0000] "GET /api/info HTTP/1.1" 200 360 "https://mysite/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.864.41" 787 0.000 [podinfo-podinfo-http] [] 10.0.0.250:9898 360 0.000 200 2434d53c921a18088ab4bbff201b0dd5
10.0.48.6 - - [10/Jun/2021:23:20:00 +0000] "GET /api/info HTTP/1.1" 200 360 "https://mysite/" "Mozilla/5.0 (iPhone; CPU iPhone OS 14_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0 EdgiOS/46.3.20 Mobile/15E148 Safari/605.1.15" 606 0.002 [podinfo-podinfo-http] [] 10.0.0.147:9898 360 0.000 200 d794207b12804a4383f4506f6bb14783
10.0.48.5 - - [10/Jun/2021:23:20:03 +0000] "GET /api/info HTTP/1.1" 200 360 "https://mysite/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 Edg/91.0.864.41" 787 0.001 [podinfo-podinfo-http] [] 10.0.0.250:9898 360 0.000 200 24e581c4174d1ae4713ca31fbe3964c4
10.0.48.6 - - [10/Jun/2021:23:20:03 +0000] "GET /api/info HTTP/1.1" 200 360 "https://mysite/" "Mozilla/5.0 (iPhone; CPU iPhone OS 14_6 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0 EdgiOS/46.3.20 Mobile/15E148 Safari/605.1.15" 606 0.002 [podinfo-podinfo-http] [] 10.0.0.147:9898 360 0.004 200 03f51a6c4fa9241cd87de3e3bcafd1a7

The number of App GW instances is 1. But it seems coming from 2 IP addresses (10.0.48.5 and 10.0.48.6). Is this the correct behavior? Is it consistent with the document?

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 0373061e-623f-f6ca-7d42-e32ea0299c66
• Version Independent ID: 20930963-7740-a05e-8743-2210404675da
• Content: How an application gateway works
• Content Source: articles/application-gateway/how-application-gateway-works.md
• Service: application-gateway
• GitHub Login: @abshamsft
• Microsoft Alias: absha

[shashishailaj]

@ToruMakabe Thank you for your query . We will investigate and update the thread.

[TravisCragg-MSFT]

@ToruMakabe Azure Application Gateway V2 SKU is always deployed in a way that will maintain high availability (requiring 2 instances), even if the instance count is manually configured to 1. This is stated (indirectly) on the Application Gateway V2 SKU autoscaling & high availability section.

[torumakabe]

@TravisCragg-MSFT Thanks. I got the background. The followings are my requests to the doc.

• Actually, specifying capacity as "1" to be invalid. This may be a service specification but should be documented directly as it is confusing.
• It seems we cannot get the actual number of instances from Azure Management API or CLI. Should we get it from Azure Monitor Metrics when we need it? If so, it is useful to state this way in the doc.
• This page contains very important information related to App GW v2, not only Autoscaling and Zone-redundant, but also capacity, pricing, and more. Perhaps many users look at the title and decide that they don't have to look at this page. Could you please match the title of this page with the content?

[TravisCragg-MSFT]

@ToruMakabe Thank you for outlining what to add to the docs! I have assigned the issue to the content author to evaluate and update as appropriate.

[vhorne]

v2 overview and autoscaling info split out.

please-close