Azure Application Gateway vs Load Balancer cost: L7 vs L4

Quick answer

Azure Load Balancer (L4) is cheap — ~$0.025/hour plus rules, often $20-40/month. Application Gateway (L7) starts ~$0.246/hour (~$180/month) plus capacity units, more with WAF. You pay the gap for routing, SSL offload, and WAF. Use Load Balancer when L4 distribution is enough; reserve Application Gateway for genuine L7 needs and consolidate apps behind one rather than one per app.

These two get compared because both "balance traffic," but they operate at different layers and cost an order of magnitude apart. The common overspend is reaching for Application Gateway by default when a Standard Load Balancer would do the job for a fraction of the price.

The price gap

Load Balancer (Standard, L4): ~$0.025/hour plus load-balancing rules and minimal data charges. Distributes TCP/UDP across a backend pool. Often $20-40/month.
Application Gateway (v2, L7): a fixed instance cost (~$0.246/hour, ~$180/month for Standard_v2) plus capacity units that autoscale with traffic. WAF_v2 adds more. The L7 platform.

What the Application Gateway premium buys

It's a Layer 7 application delivery controller:

URL path-based and host-based routing to different backend pools.
TLS/SSL termination and end-to-end SSL.
Web Application Firewall (WAF_v2 tier).
Cookie-based session affinity and header rewrites.
Autoscaling capacity units.

If you need none of those — just spread connections across VMs — the Load Balancer does it at L4 for far less. This mirrors the AWS ALB vs NLB distinction, except the Azure price gap between L7 and L4 is wider.

Keeping it down

Don't default to Application Gateway. Use Load Balancer where Layer 4 is sufficient.
Consolidate behind one gateway. Path- and host-based routing lets one Application Gateway front many apps — far cheaper than one gateway per app.
Right-size capacity units (min/max) so you're not paying for headroom you never use.
Enable WAF selectively — only where the traffic warrants it.

FAQ

What's the cost difference between Azure Application Gateway and Load Balancer?

Azure Load Balancer (Standard, Layer 4) is cheap: ~$0.025/hour plus per-rule and minimal data charges — often $20-40/month. Application Gateway (Layer 7) is much pricier: a Standard_v2 instance starts around $0.246/hour (~$180/month) plus capacity units, and WAF_v2 costs more. You pay for the L7 features.

Why is Application Gateway so much more expensive?

Because it does far more than a Load Balancer: TLS termination, path- and host-based routing, a Web Application Firewall, cookie-based session affinity, and autoscaling capacity units. The Load Balancer just distributes Layer 4 traffic. The price gap is the cost of L7 application delivery versus L4 packet distribution.

When do I need Application Gateway over Load Balancer?

When you need Layer 7 features: URL path routing, host-based routing to different backends, SSL offload, a WAF, or HTTP header rewrites. If you only need to spread TCP/UDP traffic across instances, the Standard Load Balancer does it for a fraction of the cost.

What are Application Gateway capacity units?

Application Gateway v2 bills a fixed hourly instance cost plus capacity units that scale with connections, throughput, and compute. Under load it autoscales capacity units, so the bill rises with traffic on top of the base instance cost. Sizing min/max instances sensibly keeps it predictable.

How do I keep these networking costs down?

Use Load Balancer where L4 is enough rather than defaulting to Application Gateway, consolidate multiple apps behind one Application Gateway with path/host routing instead of one per app, right-size capacity-unit min/max, and only enable the WAF tier where you actually need it.

How does C3X estimate these?

C3X prices an azurerm_application_gateway and an azurerm_lb from their SKU and configuration, so the cost gap between L7 and L4 is concrete before you pick — and per-resource sprawl shows up in review.

What to do next

Pick the layer you actually need, then check the cost. C3X prices an azurerm_application_gateway and an azurerm_lb from their SKU, so an Application Gateway used where a Load Balancer would do shows the difference in review. The quickstart runs it in minutes.