We have setup Azure Front Door (AFD), with an Azure Load Balancer (ALB) behind it, as what was recommended when taking the decision tree approach found here --> Decision tree for load balancing in Azure
Here is an image as well for quick reference:
We have configured everything and it is working from a resolving perspective and the websites are being presented and all.
We are struggling to configure session affinity as the backend websites and applications are using ASP.NET MVC 5.0 they require session based items. Therefore when a user requests the application, each subsequent request should be routed to the same backend.
We have enabled session affinity from AFD and we can see the cookies being set, and they stay constant between requests, but we assume that because the ALB is a layer 4 load balancer it does not respect cookies, and that is why the session affinity is being lost and each request is sent to another request in some scenarios. This creates the issue that the Session variable is not available anymore and the user is logged out due to this.
We have also enabled Client IP & Protocol affinity in ALB but this does not seem to help, again the assumption is that each request that comes through get either a new private IP and or PORT.
We are using Azure Private Link and IP between these services to ensure our VNET has not internet facing IP and is not reachable without our VPN.
We have thought of other solution such as replacing the ALB with Azure Application Gateway because it is also layer 7, but this needs a public IP which we are trying to get away from.
Any ideas on how to get this right?
