samaravathi avatar image
0 Votes"
samaravathi asked samaravathi commented

How to setup multi-region active/active HA of web apps in internal ASE?

Environment: Expressroute and Internal ASE

Requirement: Setup highly available multi-region web application running in internal ASE.

A web app in an app service integrated to VNET (ILB ASE) is accessed internally via Expressroute.
We now want to provide an active/active HA by provisioning a similar environment (ILB ASE) in a secondary region and load balance traffic across the regions.

I'm trying to figure out how to load balance traffic across the regions without leaving the internal network.

Can FrontDoor be used here with private links to ILB of ASE?

Any ideas in this regard appreciated.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

GitaraniSharmaMSFT-4262 avatar image
0 Votes"
GitaraniSharmaMSFT-4262 answered samaravathi commented

Hello @samaravathi ,

Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

If you just want to setup a highly available ILB ASE:
The recommended solution is to deploy a zone redundant Application Gateway.

You can improve the resiliency of an ASE deployment by deploying in multiple availability zones and load balance them using Application Gateway v2 which is zone-redundant. Application gateway v2 spans multiple availability zones per region. This in turn means, a single application gateway is sufficient for a highly available system. The v1 SKU does not support this.
Refer the below articles for more information:

If you want to setup a highly available multi-region ILB ASE:
It needs a global load balancing solution and in Azure this is only provided by Azure Front Door and Azure Traffic Manager.

Azure Front Door with private links to ILB ASE can be used but this feature is only available in Azure Front Door Standard/Premium (Preview).
Refer :
NOTE : Azure Front Door Standard/Premium (Preview) is currently in public preview, this preview version is provided without a service level agreement, and it's not recommended for production workloads. Also, Azure Front Door private endpoints are only available in the following regions during public preview: East US, West 2 US, South Central US, UK South, and Japan East.
Refer :

You can also use private endpoints with Azure Traffic Manager but in this case, the health probes will fail and be marked as degraded. The degraded endpoints are not included in the ATM's query response. However, if all the endpoints are degraded then they will be included in the query response. Therefore you can go ahead and set it up for private web app endpoints if you are okay with the health monitoring feature not being available.
You can refer to the following documentation for a detailed explanation on how Azure Traffic Manager (ATM) can assist with HA for web applications with private endpoints (in an ASE):

Kindly let us know if the above helps or you need further assistance on this issue.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks GitaraniSharmaMSFT-4262

This article also helped me....

0 Votes 0 ·