0

Here's the setup. I have an application gateway configured with two backend pools:
BAP 1: VMs 1, 2, 3
BAP 2: VM 1

I have two listeners:
Listener 1: web1.mysite.com
Listener 2: web2.mysite.com

HTTP settings:
setting1: HTTPS
setting2: HTTPS

I have two rules:
Web site 1: mapped to BAP 1, listener 1, setting1
Web site 2: mapped to BAP 2, listener 2, setting2

What I want to happen is for all requests to web site 2 (web2.mysite.com) to go to only VM 1 (via the rule mapping). My set up seems to reflect that.

But yet I'm seeing traffic in the IIS logs for web site 2 on all three VMs. How is this possible? I've tried non-overlapping pools (i.e. pool 1 contains only VMs 2 and 3, and pool 2 contains only VM1) but I'm still getting traffic to all three machines when hitting web2.mysite.com.

My backend health shows VMs 1, 2, 3 are healthy for HTTP setting1, and VM 1 is healthy for HTTP setting2. Which is what I expect. There are no unhealthy probes. On VMs 2 and 3, just for good measure, I purposefully set up web2.mysite.com and made sure the file specified in the health probe is absent (i.e. should make the health probe think the site was down, if the health probe was even looking at VMs 2 and 3, which it should not be).

My thinking is there's some kind of order-of-processing issue happening, but I'm at a loss otherwise.

Thank you in advance!

Chris
  • 443
  • 1
  • 3
  • 14
  • The strange thing is that I can get this to work with some chicanery. If I take VMs 2 and 3 down by removing the health probe file (effectively making back end pool 1 a 1 node cluster), then everything works with web site 2. In other words, crippling back end pool 1 makes back end pool 2 work somehow. Which indicates to me that azure is somehow routing web site 2 calls to the wrong back end pool. The second I bring those other two VMs back, it starts failing again. – Chris May 03 '17 at 20:35

1 Answers1

0

What I want to happen is for all requests to web site 2 (web2.mysite.com) to go to only VM 1 (via the rule mapping).

Do you want traffic all requests to web site 2 to VM1, and other requests to web site 1 to VM2, 3?

To troubleshoot this issue more efficiently, please show more information about your application gateway settings.

Here is my Application gateway settings(web1 listen on port 80, web2 listen on port 8080):
Backend pools settings: 

Name              Target
backend1          server1
backend2          server2

Http settings:

Name     Port     Protocol          
web1     80       HTTP
web2     8080     HTTP

Listeners settings:

Name       Protocol     Port    Associated Rule
web1       HTTP          80      rule1
web2       HTTP          8080    rule2

Rules settings:

Name        Type      Listener
rule1       Basic     web1
rule2       Basic     web2

In this way, I can traffic all requests to web1 to server 1, and other requests to web2 to server2:

enter image description here
enter image description here

More information about Azure Application gateway, please refer to this link.

Jason Ye
  • 13,710
  • 2
  • 16
  • 25
  • You are correct in the way you describe it. The only difference is I want all traffic on port 80, and I have more VMs in the cluster than you. If possible, I'd love all traffic to web site 2 to go to VM 1, and all other traffic to go to VMs 1, 2, and 3. I've read through the Azure AG documentation already and don't really see any reason why my set up wouldn't work. – Chris May 03 '17 at 14:33
  • No, I don't think application gateway can work in this way, because all requests with same Public IP address and same port, in your scenario all traffic will go to rule1 by default. – Jason Ye May 05 '17 at 07:19
  • By default? But why? The rules I set up instruct it to do something else based on host name. If all requests are routed to rule1, then why even allow me to specify rules? That seems a little funny, but if that's the way it is, then that's good to know (because it's not written anywhere). Is there any workaround? – Chris May 05 '17 at 11:54
  • As a workaround, maybe we can modify port for website2, in this way, we can use new port to access this website. – Jason Ye May 05 '17 at 12:41
  • Given that this is a consumer site, I can't require users to type in a different port number. I'll explore some other work arounds I guess. – Chris May 05 '17 at 13:06
  • Does all the VMs in two backend pools run same website? – Jason Ye May 08 '17 at 03:09
  • Sort of... VM1 runs website 1 and 2. VMs 2 and 3 run only website 1. – Chris May 08 '17 at 11:54