This post was co-authored by Dave Burkhardt and Sami Modak.
As part of your cloud journey, critical applications need to be deployed in multiple Azure regions to ensure high availability for your global customer base. When reviewing Azure's various global traffic distribution solutions, ask yourself, “Which option is the best one for my application?”.
In this blog, you will learn about each global traffic distribution solution Azure offers, and which solution is the best one for your internet-facing cloud architecture. Currently, Azure offers different options for distributing global traffic. Microsoft Azure Front Door is a content delivery network (CDN) service with application layer load balancing capabilities. Azure cross-region Load Balancer is a global network layer load balancer. Finally, Azure Traffic Manager is a domain name service (DNS)-based traffic distribution solution.
Choosing the right global traffic distribution solution
You will learn about three example companies—Contoso1, Contoso2, and Contoso3. For each company, we will dive into their application's scenario and decide which global traffic distribution solution is the best one for them.
Customer scenario 1—wholesale distributor
Contoso1 is a large wholesale distributor that has locations all over the globe. Contoso1 has been going through a large technological transformation and has been migrating services to Azure. One of the applications being moved to Azure is their backend inventory management software. This application is responsible for providing users with information about inventory status and updating inventory records after a transaction has occurred. As part of their migration the team at Contoso1 has strict requirements that need to be met by a global distribution solution.
- First, all traffic type will be layer 4 and must be served with ultra-low latency. In addition, the application requires a regional redundancy with automatic traffic fail-over in the event a region is down, to ensure high availability.
- Second, the application requires a static IP address that the application's frontend will consistently ping.
- Finally, any updates made to regional deployments shouldn't have an impact on the overall backend inventory application.
Given all the requirements laid out by Contoso1's, Azure cross-region Load Balancer is a perfect solution for their application. Azure cross-region Load Balancer is highly optimized at serving layer-4 traffic with ultra-low latency. Furthermore, cross-region load balancer provides geo-proximity routing, which means all Contoso1's stores traffic will be forwarded to the closest regional deployment to them. Azure cross-region Load Balancer also provides automatic failover. In the event one of Contoso1's regional deployment is unhealthy, all traffic will be serviced by the next healthy regional deployment. In addition, cross-region load balancers provide users with a static globally anycast IP address, in which Contoso1 doesn't have to worry about their IP address changing. Finally, Azure cross-region Load Balancer will allow Contoso1 to update its regional deployments behind a single global endpoint without any impact on its end users.
Customer scenario 2—social media company
Contoso2 is a global social media platform. As a social media site, they need to serve both interactive and static content to their users around the globe as quickly and reliably as possible. Most recently, due to Contoso2's prominent status as a social media platform, they have experienced an outage with their on-premises hosted website because of a DDoS attack. That said, Contoso2 has the following strict requirements as they migrate to Azure:
- A platform that can deliver both static and dynamic content to their consumers around the globe with the utmost performance and reliability.
- Ability to route content to both their mobile and desktop users as quickly as possible.
- Easily integrate with Azure's DNS, Web Application, Storage, and Application Gateway products.
- DDoS protection.
- Reduce secure sockets layer (SSL) load on Contoso2's application servers, and instead process SSL requests on the edge for faster user experience for Contoso2's global clients.
Azure Front Door is an ideal solution to enable accelerated and highly resilient web application performance for optimal delivery of static and dynamic content around the globe:
- Static Content—Contoso2's cached static content can be served from Azure Front Door's 185 global edge points of presence (PoP) locations. To ensure the utmost performance and resiliency, Azure Front Door utilizes the Anycast protocol to make sure the Contoso2's client's requests are served from the nearest global edge locations.
- Dynamic Content—Azure Front Door has an arsenal of traffic acceleration features. Client to Azure Front Door PoP traffic is again optimized via the Anycast protocol. Although as it specifically pertains to dynamic workloads, edge PoP to customer's origin connections are optimized via split TCP. This technique enables the traffic to terminate the TCP connection to the nearest edge PoP and uses long living connections over Microsoft's global private wide area network (WAN) to reduce the round-trip-time (RTT). Additionally, in the event Cotoso2 deployed multiregional origin deployments, Azure Front Door utilizes health probes to fetch content from the least latent origin.
Moreover, Azure Front Door also has SSL offload capabilities which can improve performance further. In addition, Azure Front Door is highly optimized for HTTP and web-based applications. With Azure Front Door, customers are equipped with various layer 7 routing features. These features allow customers to apply business routing and advanced routing within Azure Front Door. For example, Azure Front Door can route requests to mobile or desktop versions of Contoso2's web application based on the client device type. Additional examples include SSL offload, path-based routing, fast failover, caching, and more.
Today Azure provides end-to-end solutions for every aspect of application management. Azure Front Door provides seamless integration with other Azure services such as DNS, Web App, and Storage. These integrations allow customers to easily create powerful web applications built using the integration of multiple Azure services.
Finally, Azure Front Door provides built-in support for various security products to help protect customers' web applications. For example, customers can secure their origins with layer 3, 4, and 7 DDOS mitigation, and seamlessly enable Azure Web Application Firewall protection.
Customer scenario 3—sustainable fashion retailor
Contoso3 is a large retail store focused on sustainable fashion items. Contoso3 has a large online presence and has historically been hosting all their applications on-premises. However, given the advantage of the cloud and Azure, Contoso3 has begun migrating their applications to Azure. One of these applications is their online store platform. As the team at Contoso3 is evaluating different Azure global traffic distribution solutions, they have outlined several requirements that must be addressed.
- First, the team at Contoso3 will be doing a rolling migration where part of their application will remain on-premises and the other part will be hosted on Azure. Any viable solution should be able to direct traffic to on-premises servers to support this rolling migration plan.
- Second, latency is critical for Contoso3 and client traffic needs to be routed to healthy endpoints in a timely manner.
- Finally, the solution needs to be able to direct users to the correct backend type based on their geographical location. Contoso3 caters to a wide range of customers and often has clothing items specific to certain geographical areas.
With all the requirements stated prior, Azure Traffic Manager would be the optimal solution for Contoso3. With Azure Traffic Manager, users can add on-premises servers in the backend to support burst-to-cloud, failover-to-cloud, and migrate-to-cloud scenarios. In addition, Azure Traffic Manager provides automatic failover and multi-region support, which all result in traffic being served with low latency. DNS name resolution is fast, and results are cached. The speed of the initial DNS lookup depends on the DNS servers the client uses for name resolution. Typically, a client can complete a DNS lookup within approximately 50 ms. The results of the lookup are cached for the duration of the DNS time-to-live (TTL). The default TTL for Traffic Manager is 300 seconds (about five minutes). The Traffic Manager can also help Contoso3 with their geofencing needs, specifically with the geographic routing feature. This feature will allow Contoso3 to direct users to the correct backend instance based on their geographical location.
The following section discusses common use cases for each load balancing solution, and what each solution is optimized for.
|Azure Front Door||Azure cross-region Load Balancer||Azure Traffic Manager|
|Routing policies||Latency, priority, round robin, weighted round robin, path-based, advanced http rules engine||Geo-proximity and Hash Based||Geographical, latency, weighted, priority, subnet, multi-value|
|Supported environments.||Azure, non-Azure cloud, on-premises||Azure||Azure, non-Azure cloud, on-premises|
|Backend Types||Azure Application Gateway, Azure Load balancer, Azure Traffic Manger||Azure Load Balancer||Azure Application Gateway, Azure Load balancer, Azure Traffic Manager, Azure Front Door, Azure Cross Region Load Balancer|
|Security||DDOS, Web Application Firewall, Private Link||Network Security Group||Azure Resource Logs, Azure Policies|
To learn more about the products discussed in the blog please visit the following sites: