← Back to Dashboard

Design 15: Traffic Manager (DNS Load Balancing)

Summary

This design implements Azure Traffic Manager.

Topology: Traffic Manager is a global DNS load balancer. It points to Public IPs in Spoke VNets across regions.

1. Key Design Decisions (ADR)

ADR-01: Routing Method

  • Decision: Priority.
  • Rationale: Active-Passive DR. Traffic goes to East US (Priority 1). If down, West US (Priority 2).

2. High-Level Design (HLD)

+--------------+           +--------------------------+           +--------------+
|  Global User |           |        Region A          |           |  Region B    |
|  (DNS Query) |           |        (East US)         |           |  (West US)   |
+------+-------+           +------------+-------------+           +------+-------+
       |                                |                                |
       v                                v                                v
+------+-------+           +------------+-------------+           +------+-------+
|  Traffic     |---------->| Public IP            |           |  Public IP   |
|  Manager     |           | (App Gateway)        |           |  (App Gateway) |
+--------------+           +--------------------------+           +--------------+

3. Low-Level Design (LLD)

                               GLOBAL RESOURCE
+-----------------------------------------------------------------------+
| Traffic Manager Profile: tm-corp-global                               |
|   Routing: Priority                                                   |
|   Endpoint 1: East US (Priority 1)                                    |
|   Endpoint 2: West US (Priority 2)                                    |
+-----------------------------------|-----------------------------------+
                                    |
                                    v
                               PRIMARY REGION (East US)
+-----------------------------------------------------------------------+
| SPOKE VNet: vnet-web-east                                             |
|   [App Gateway / LB]                                                  |
|   (Public IP: 1.2.3.4)                                                |
+-----------------------------------------------------------------------+

                               SECONDARY REGION (West US)
+-----------------------------------------------------------------------+
| SPOKE VNet: vnet-web-west                                             |
|   [App Gateway / LB]                                                  |
|   (Public IP: 5.6.7.8)                                                |
+-----------------------------------------------------------------------+

4. Component Rationale

  • DNS Based: Fast, no traffic passes through TM. It just returns an IP.

5. Strategy: High Availability (HA)

  • SLA: 99.99%.

6. Strategy: Disaster Recovery (DR)

  • Implementation: Active-Passive.
  • Process: Automatic failover via DNS update.

7. Strategy: Backup

  • N/A.

8. Strategy: Security

  • N/A: It's public DNS.

9. Well-Architected Framework Analysis

  • Reliability: High.
  • Security: Medium.
  • Cost Optimization: High. Cheap.
  • Operational Excellence: High.
  • Performance Efficiency: High.

10. Detailed Traffic Flow

1. User: Types app.contoso.com.

2. DNS: Resolves to tm-corp.trafficmanager.net.

3. TM: Checks health. East US is Up.

4. Return: Returns IP 1.2.3.4.

5. Connect: User connects directly to East US.

11. Runbook: Deployment Guide (Azure Portal)

11. Runbook: Deployment Guide (Azure Portal)

Phase 1: Prerequisites (Endpoints)

1. Ensure you have Public IPs attached to resources in two regions (e.g., pip-web-east and pip-web-west).

2. *Note: These Public IPs must have a DNS name label configured (e.g., myapp-east.eastus.cloudapp.azure.com).*

Phase 2: Create Traffic Manager Profile

1. Search: "Traffic Manager profiles" -> + Create.

2. Name: tm-corp-global-[uniqueid].

3. Routing method: Priority.

4. Subscription: Select yours.

5. Resource Group: Create rg-design15-tm.

6. Location: East US (Metadata location only).

7. Create.

Phase 3: Add Endpoints

1. Go to the new Traffic Manager Profile.

2. Endpoints (left menu) -> + Add.

3. Endpoint 1 (Primary):

* Type: Azure endpoint.

* Name: ep-east.

* Target resource type: Public IP address.

* Target resource: Select pip-web-east.

* Priority: 1.

* Add.

4. Endpoint 2 (Failover):

* + Add.

* Type: Azure endpoint.

* Name: ep-west.

* Target resource: Select pip-web-west.

* Priority: 2.

* Add.

Phase 4: Verify

1. Copy the DNS name from the Overview page (e.g., tm-corp-global.trafficmanager.net).

2. Run nslookup tm-corp-global.trafficmanager.net.

3. It should resolve to the IP of ep-east.

4. Simulate Failover:

* Disable ep-east in the portal (Edit -> Status: Disabled).

* Wait 30 seconds (TTL).

* Run nslookup again. It should resolve to ep-west.