Monday, March 30, 2020

Azure Traffic Manager (DNS Based Load Balancing)

Architecture Diagram:

Multi-region Traffic Manager Deployment


Summary

There are different options to load balance traffic in Microsoft Azure. These options work differently from each other, have a different feature set and support different scenarios. They can each be used in isolation, or be stacked as shown in this architecture. Azure Load Balancer works at the transport layer (Layer 4). It provides network-level distribution of traffic across instances of an application running in the same Azure virtual network within a region. Application Gateway works at the application layer (Layer 7). It acts as a reverse-proxy service, terminating the client connection and forwarding requests to back-end endpoints. Traffic Manager works at the DNS level. It uses DNS responses to direct end user traffic to globally distributed endpoints. Clients then connect to those endpoints directly. This blog article demonstrates a sample architecture with some end-to-end verification steps. Azure documentation link here


Test Drive


http://nncolors.trafficmanager.net
http://nncolorseast.eastus.cloudapp.azure.com/
http://nncolorswest.westus.cloudapp.azure.com

Custom domain:
http://nncolorstm.penguintrails.com/

DNS Checker  (Validate DNS resolution from all over the world)
https://dnschecker.org/#CNAME/nncolors.trafficmanager.net

Scribble:


Routing Methods:

Detailed documentation on the routing methods here. The method used in this blog article is performance based active/active region deployment and end users gets the closes endpoint with lowest latency.

End Points


Azure supports different type os endpoints with traffic manager.   Detailed documentation here. Here we use external IPv4 endpoints to demonstrate that services can be hosted outside of Azure either on-premises or with another hosting provider.

Validations:

Global DNS Validation:
DNS Checker  (Validate DNS resolution from all over the world)
https://dnschecker.org/#CNAME/nncolors.trafficmanager.net

End User : DNS validation

nehali@nn-linux-dev:~$ dig +noall +answer +nocomments  nncolorstm.penguintrails.com
nncolorstm.penguintrails.com. 5 IN      CNAME   nncolors.trafficmanager.net.
nncolors.trafficmanager.net. 5  IN      CNAME   nncolorseast.eastus.cloudapp.azure.com.
nncolorseast.eastus.cloudapp.azure.com. 10 IN A 52.150.45.51
nehali@nn-linux-dev:~$



End Point : Web Server side packet capture:

nehali@nn-red-vm:~$ ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0d:3a:8e:22:50 brd ff:ff:ff:ff:ff:ff
    inet 172.16.2.4/24 brd 172.16.2.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20d:3aff:fe8e:2250/64 scope link
       valid_lft forever preferred_lft forever

nehali@nn-red-vm:~$

Original Source IP :

  71.184.73.96.1503 > 172.16.2.4.80: Flags [P.], cksum 0x375e (correct), seq 7939:8506, ack 5980, win 1303, options [nop,nop,TS val 30891632 ecr 3629512936], length 567: HTTP, length: 567
        GET / HTTP/1.1
        Host: nncolors.trafficmanager.net
        Connection: keep-alive
        Cache-Control: max-age=0
        Upgrade-Insecure-Requests: 1
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36 Edg/81.0.416.64
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
        Accept-Encoding: gzip, deflate
        Accept-Language: en-US,en;q=0.9
        If-None-Match: "49-59cd37191e857-gzip"
        If-Modified-Since: Thu, 23 Jan 2020 19:14:00 GMT

16:33:42.428291 IP (tos 0x0, ttl 64, id 53784, offset 0, flags [DF], proto TCP (6), length 479)
    172.16.2.4.80 > 71.184.73.96.1503: Flags [P.], cksum 0x40fe (incorrect -> 0x6c6b), seq 5980:6407, ack 8506, win 501, options [nop,nop,TS val 3629513117 ecr 30891632], length 427: HTTP, length: 427
        HTTP/1.1 200 OK
        Date: Thu, 30 Apr 2020 16:33:42 GMT
        Server: Apache/2.4.29 (Ubuntu)
        Last-Modified: Thu, 23 Jan 2020 19:14:00 GMT
        ETag: "49-59cd37191e857-gzip"
        Accept-Ranges: bytes
        Vary: Accept-Encoding
        Content-Encoding: gzip
        Content-Length: 93
        Keep-Alive: timeout=5, max=86
        Connection: Keep-Alive
        Content-Type: text/html


Custom Domain:
   71.184.73.96.3682 > 172.16.2.4.80: Flags [P.], cksum 0x1ab0 (correct), seq 6248:6816, ack 4699, win 1102, options [nop,nop,TS val 30905342 ecr 3629650041], length 568: HTTP, length: 568
        GET / HTTP/1.1
        Host: nncolorstm.penguintrails.com
        Connection: keep-alive
        Cache-Control: max-age=0
        Upgrade-Insecure-Requests: 1
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.122 Safari/537.36 Edg/81.0.416.64
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
        Accept-Encoding: gzip, deflate
        Accept-Language: en-US,en;q=0.9
        If-None-Match: "49-59cd37191e857-gzip"
        If-Modified-Since: Thu, 23 Jan 2020 19:14:00 GMT

16:35:59.524620 IP (tos 0x0, ttl 64, id 35656, offset 0, flags [DF], proto TCP (6), length 479)
    172.16.2.4.80 > 71.184.73.96.3682: Flags [P.], cksum 0x40fe (incorrect -> 0xbd26), seq 4699:5126, ack 6816, win 501, options [nop,nop,TS val 3629650213 ecr 30905342], length 427: HTTP, length: 427
        HTTP/1.1 200 OK
        Date: Thu, 30 Apr 2020 16:35:59 GMT
        Server: Apache/2.4.29 (Ubuntu)
        Last-Modified: Thu, 23 Jan 2020 19:14:00 GMT
        ETag: "49-59cd37191e857-gzip"
        Accept-Ranges: bytes
        Vary: Accept-Encoding
        Content-Encoding: gzip
        Content-Length: 93
        Keep-Alive: timeout=5, max=89
        Connection: Keep-Alive
        Content-Type: text/html


No comments: