question

zeeshanmcp12 avatar image
0 Votes"
zeeshanmcp12 asked zeeshanmcp12 commented

How a server in backend pool can listen on multiple ports using fqdn in Application Gateway

Hi,

I have one instance configured in backend pool. It's listener is set with 'frontend' public IP, '443' port and 'multi site' listener with 'single' host type. Say, demo.wso2.com

This listener is attached with 'basic' request routing rule. (i.e. no path based routing rules are defined)

It's http setting has configured with following options:

Backend protocol: HTTPS
Backend port: 9443
Override with new host name: Yes
Override with specific domain name: selected
demo.wso2.com
custom probe: no

Backend pool contains virtual machine which has application server deployed on it which listens on port 9443 that's why we set the 'Backend port' as '9443' in httpSettings.

I can telnet this demo.wso2.com on port 9443 from publicly without any issue.

 telnet demo.wso2.com


Internally, this application server listening on other ports as well, for example port 10711 and 10500.

I can telnet both ports from within a same private network using VM's hostname and it's IP address.

Using hostname:
telnet demo-wso2 10711
Trying 192.168.0.5...
Connected to demo-wso2.<>.<**>.internal.cloudapp.net.
Escape character is '^]'.

telnet demo-wso2 9443
Trying 192.168.0.5...
Connected to demo-wso2.<>.<**>.internal.cloudapp.net.
Escape character is '^]'.

Using IP address:
telnet 192.168.0.5 10500
Trying 192.168.0.5...
Connected to 192.168.0.5.
Escape character is '^]'.

...I can also telnet port 433 using hostname configured as hostname in HttpSettings and listener but I'm not able to telnet port 10711 and 10500 similarly using fqdn (hostname) set in httpSetting. for example:

Success:
telnet demo.wso2.com 443
Above is success because listener is configured with port 443 and in httpsetting, backend port is configured as 9443.


Fail:
telnet demo.wso2.com 10711
telnet demo.wso2.com 10500

Internally all ports are open and can be telnet(ed) using hostname and private ip address but using fqdn no success at all for just two ports which are 10711 and 10500.

Is there any way we can configure listener/httpSetting so a server in backend pool can listen on more than 1 port publicly. For example as below:

telnet demo.wso2.com 10711
telnet demo.wso2.com 10500

Please let me know if you required any further information.

Best,
Zeeshan

azure-application-gateway
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

GitaraniSharmaMSFT-4262 avatar image
0 Votes"
GitaraniSharmaMSFT-4262 answered zeeshanmcp12 commented

Hello @zeeshanmcp12 ,

Apologies for the delay in response.

It is not possible to configure your App gateway listener/httpSetting in a way that a server in backend pool can listen on more than 1 port publicly on the same FQDN/hostname.

For a basic rule, only one back-end HTTP setting is allowed. All requests on the associated listener are forwarded to the corresponding back-end targets by using this HTTP setting. So, you cannot add more backend HTTP settings with different ports as it is not allowed.
Please refer : https://docs.microsoft.com/en-us/azure/application-gateway/configuration-request-routing-rules#associated-back-end-http-setting

The only way to access one backend pool on multiple ports is by configuring multiple HTTP settings. And since a basic request routing rule allows only one backend HTTP setting, you need to opt the multi-site architecture where you have multiple hostnames for each application/backend site on the same backend pool with different ports and then you can configure respective multi-site listeners and backend HTTP settings for them to bind in respective rules.
Please refer : https://docs.microsoft.com/en-us/azure/application-gateway/application-gateway-faq#can-one-backend-pool-serve-many-applications-on-different-ports
https://docs.microsoft.com/en-us/azure/application-gateway/multiple-site-overview

Kindly let us know if the above helps or you need further assistance on this issue.


Please "Accept the answer" below if the information helped you. This will help us and others in the community as well.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @GitaraniSharmaMSFT-4262

Apologize for the delay in my response.

I had tried your provided workaround but it didn't work in our case because the app does not based on multi-site architecture. As a workaround, we created an Azure Private DNS zone and registered virtual machines into it.

We also changed the hostname of VMs to match with fqdn so it can be telnet(ed) using demo.wso2.com on port 10500.

Your answer is accepted because it answers my question.

1 Vote 1 ·