Azure Front Door is a global service, which is typically used as an entry point for web applications. It’s well-suited for this task, as it operates at Layer 7 (HTTP/HTTPS-based) of the networking stack. However, calling it a load balancer would be underselling it. Azure Front Door uses the Microsoft Global Edge network to accept traffic from end users. You can associate a Web Application Firewall (WAF) with it, to protect your applications from potential threats.
Azure Front Door takes advantage of the anycast protocol, which goes beyond providing traditional CDN capabilities by also providing advanced security capabilities, including preventing Distributed Denial of Service (DDoS) attacks.
The core capabilities of Azure Front Door include
Application and API acceleration through the use of anycast which will optimize the connectivity to Azure application services and reduce the latency for end users.
Global HTTP load balancing allows developers to build out geo-distributed services and lets Azure determine endpoint availability and intelligent routing to local, and available, endpoints.
SSL offload relieves endpoints of performing expensive decryption computation and moves the function higher up in the stack.
WAF @Edge web application filtering provides protection against DDoS attacks or malicious users at the edge without impacting backend services.
Azure Front Door Standard and Premium contain several common features, including
Global load balancing
Layer 7 routing
Enhanced Metrics and diagnostics
Azure Front Door premium contains the following features, in addition to the previous list
Private Origin (Private Link)
Web Application Firewall (WAF) support
Azure Front Door Routing Method
Latency: The latency-based routing ensures that requests are sent to the lowest latency backends acceptable within a sensitivity range. Basically, your user requests are sent to the "closest" set of backends in respect to network latency.
Priority: You can assign priorities to your backends when you want to configure a primary backend to service all traffic. The secondary backend can be a backup in case the primary backend becomes unavailable.
Weighted: You can assign weights to your backends when you want to distribute traffic across a set of backends evenly or according to the weight coefficients. Traffic is distributed as per weights if the latencies of the backends are within the acceptable latency sensitivity range in the backend pool.
Session Affinity: You can configure session affinity for your frontend hosts or domains to ensure requests from the same end user get sent to the same backend.