
Azure App Gateway: change public IP zero downtime?

Our app's DNS record points to a public IP handled by an Azure Application Gateway.

We need to switch over to a different public IP with zero downtime.

It would seem that each App Gateway can only handle a single public IP, see ApplicationGatewayFrontendIPConfiguration. Is that correct? Or is there a way to temporarily have the App Gateway serve two public IPs?

If not possible to serve two IPs, just updating that IP in-place and immediately updating the DNS record would cause a temporary outage during the DNS caching period - right?

So, would a zero downtime solution require temporarily adding a second Application Gateway (identical to the existing one, just different public IP), then cutting over the DNS record, then (after a few days) cleaning up the old Application Gateway? Or is there an easier solution?


  • As discussed, to achieve zero downtime when switching the public IP address of an Azure Application Gateway, you can create a second Application Gateway with the new public IP address, update the DNS record to point to the new Application Gateway, and then decommission the old Application Gateway after ensuring traffic has fully transitioned.

    Create a Second Application Gateway

    az network public-ip create --resource-group <your-resource-group> --name <new-public-ip-name> --allocation-method Static --sku Standard

    enter image description here

    az network application-gateway create \
      --name <new-app-gateway-name> \
      --location <your-location> \
      --resource-group <your-resource-group> \
      --vnet-name <your-vnet-name> \
      --subnet <your-subnet-name> \
      --public-ip-address <new-public-ip-name> \
      --sku Standard_v2 \
      --capacity <capacity> \
      --frontend-port 80 \
      --http-settings-cookie-based-affinity Disabled \
      --http-settings-port 80 \
      --http-settings-protocol Http \
      --routing-rule-type Basic

    enter image description here

    enter image description here

    az network dns record-set a update --resource-group <your-dns-resource-group> --zone-name <your-domain> --name <your-dns-record> --ttl 60
    az network dns record-set a add-record --resource-group <your-dns-resource-group> --zone-name <your-domain> --record-set-name <your-dns-record> --ipv4-address <new-public-ip-address>

    enter image description here

    Done. Finally monitor and Decommission the Old Application Gateway

    az network application-gateway delete --resource-group <your-resource-group> --name <old-app-gateway-name>
