Azure App Gateway: change public IP zero downtime?
Our app's DNS record points to a public IP handled by an Azure Application Gateway.
We need to switch over to a different public IP with zero downtime.
It would seem that each App Gateway can only handle a single public IP, see ApplicationGatewayFrontendIPConfiguration. Is that correct? Or is there a way to temporarily have the App Gateway serve two public IPs?
If not possible to serve two IPs, just updating that IP in-place and immediately updating the DNS record would cause a temporary outage during the DNS caching period - right?
So, would a zero downtime solution require temporarily adding a second Application Gateway (identical to the existing one, just different public IP), then cutting over the DNS record, then (after a few days) cleaning up the old Application Gateway? Or is there an easier solution?
As discussed, to achieve zero downtime when switching the public IP address of an Azure Application Gateway, you can create a second Application Gateway with the new public IP address, update the DNS record to point to the new Application Gateway, and then decommission the old Application Gateway after ensuring traffic has fully transitioned.
Create a Second Application Gateway
- Create a new public IP address that will be used by the new Application Gateway.
az network public-ip create --resource-group <your-resource-group> --name <new-public-ip-name> --allocation-method Static --sku Standard
- Create a new Application Gateway with the same settings as the current one but assign it the new public IP address.
az network application-gateway create \
--name <new-app-gateway-name> \
--location <your-location> \
--resource-group <your-resource-group> \
--vnet-name <your-vnet-name> \
--subnet <your-subnet-name> \
--public-ip-address <new-public-ip-name> \
--sku Standard_v2 \
--capacity <capacity> \
--frontend-port 80 \
--http-settings-cookie-based-affinity Disabled \
--http-settings-port 80 \
--http-settings-protocol Http \
--routing-rule-type Basic
- Ensure the new Application Gateway mirrors the configuration of the existing one, including backend pools, routing rules, health probes, and SSL certificates. Before making any changes, reduce the TTL (Time to Live) for the DNS records to minimize caching and speed up propagation. Set the TTL to a low value (e.g., 60 seconds).
az network dns record-set a update --resource-group <your-dns-resource-group> --zone-name <your-domain> --name <your-dns-record> --ttl 60
- Change the DNS record to point to the new public IP address of the second Application Gateway.
az network dns record-set a add-record --resource-group <your-dns-resource-group> --zone-name <your-domain> --record-set-name <your-dns-record> --ipv4-address <new-public-ip-address>
- Use tools like
nslookupor online DNS checkers to verify that the DNS changes are propagating correctly and clients are resolving to the new IP address.
Done. Finally monitor and Decommission the Old Application Gateway
az network application-gateway delete --resource-group <your-resource-group> --name <old-app-gateway-name>
Reference:
- Azure Service Plan - Convert Consumption App to Premium App
- No PK or FK when exporting SQL Server database
- Assigning a Token Lifetime Policy to an application in Microsoft EntraID seems to have no effect
- How to create a dataset for Azure custom speech using spx (speechCLI)
- Azure App Service Autoscale Fails to Scale In
- Azure Scale Out on Memory keeps flapping (not scaling in)
- Setting a server minimum for Azure Web App when using automatic scaling, from Bicep
- A keyvault created with access policy using BICEP creates compound identity
- Azure Loadbalancer with public IP forward traffic to Container Apps
- How to grant a Managed Identity permissions to an Azure SQL Database using IaC?
- What means skipNegotiation in SignalR HubConnection?
- Azure ClientCertificateCredential - Using SNI
- Azure AI Search MultiIndex / Conditional Semantic search
- MSAL Node service & The Partner Center API
- Load Registered Component in Azure ML for Pipeline using Python sdk v2
- Azure Blob:- How to automate Azure Archive Storage to Cool/Hot tier conversion, send download link once it's avaible , and re-archive after 72 hours?
- Azure App Service Custom Backup to Firewall Enabled Storage Account not working as expected
- How to take max value and replace it in drived column in data factory
- Synapse/ ADF - How to Truncate table if dynamic config column is True in pre-copy script
- Azure Cost Management - track costs associated with Databricks job
- Error: "OrganizationFromTenantGuidNotFound" (even with Microsoft 365 subscription)
- How to check Debug.Writeline() output in VS code?
- C# API - Provide download of files from Azure Blobstorage
- localhost:300/api is not working : "This page isn’t working"
- Creating an Azure Linux VM with Ubuntu 20.04 with Terraform
- Failed to deploy path that does not exist
- Using Azure WAF for my server(not in Azure)
- How and where to define an environment variable on Azure
- Azure Data Factory - Unable to preview data
- Azure yaml trigger pipeline every 14 days on a Saturday