Network Feature Updates in Microsoft Azure
Microsoft Azure Traffic Manager
Microsoft Azure Traffic Manager is a service that provides the ability to manage how user traffic is distributed to Azure cloud services and websites, which are referred to as endpoints. In complex deployments, endpoints can reside in multiple datacenters in different geographical regions, and can include some on premises resources, also known as external endpoints.
How Microsoft Azure Traffic Manager Works
Traffic Manager distributes traffic to endpoints based on profile settings that define an Azure service DNS name, a load balancing method, and the set of target endpoints for the service. Traffic Manager has three load balancing methods available to distribute user traffic:
- Round Robin – Allows distribution of user load across endpoints in one or more datacenters
- Performance – Allows direction of user load to the closest endpoint based on lowest latency
- Failover – Allows direction of user load to a primary endpoint with redirection to an alternate endpoint if the primary becomes unavailable
In Figure 1, you can see the basic process flow that occurs when a user sends a data request to an endpoint managed through Traffic Manager.
Figure 1: Azure Traffic Manager Process Flow
In the example shown in Figure 1, a user is requesting access to the Contoso website with a DNS name of www.contoso.com. The request is managed as detailed below:
- User sends a request to Contoso website DNS name: The client sends a data request using the company website DNS name with the objective of resolving an IP address to forward the network packets.
- DNS redirects the request to Traffic Manager: The DNS resource record for the company website points to a site managed by Azure Traffic Manager. This is accomplished by entering a CNAME resource record that maps the company website DNS name to a Traffic Manager domain name. In the example shown in Figure 1, the Traffic Manager domain name is contoso.trafficmanager.net.
- Traffic Manager DNS processes the user request: The Traffic Manager domain name is defined in a Traffic Manager profile. The user's DNS server sends a new DNS query which is received and processed by the Traffic Manager DNS.
- Traffic Manager profile rules processed: Traffic Manager processes the request based on the profile rules that define the load balancing method to use and endpoints that can service the request. Traffic Manager leverages monitoring status to determine which endpoint is best-suited to service the request.
- Endpoint IP address sent to user: Traffic Manager returns a CNAME record that maps the Traffic Manager domain name to the domain name of the endpoint. The user's DNS server resolves the endpoint domain name to an IP address and sends it to the user.
- User sends request to the defined endpoint: The user calls the returned endpoint directly using its IP address.
Using this process, Traffic Manager is able to improve application response time by balancing the user load, directing users to the closest endpoint, or enabling high-availability by redirecting users to alternate endpoints if primary endpoints become unresponsive. The problem, however, is that this implementation of Traffic Manager profiles only supports a single level of load balancing optimization for traffic distribution. More complex multi-tier, multi-geographical deployments may require multiple levels of traffic distribution optimization to properly distribute user load.
Microsoft Azure Traffic Manager Enhancements
In order to support more complex deployment scenarios including hybrid environments with external endpoints (on-premise), Microsoft released enhancements to Traffic Manager announced at TechEd North America 2014 and TechEd Europe 2014. The enhancements to Traffic Manager include support for nested profiles, weighted traffic distribution, and endpoints external to Azure. Let’s look at how Traffic Manager nested profiles work and the advantages they offer for multi-geographic deployments.
As an example to understand the additional complexity that Traffic Manager nested profiles support, consider a service deployed in multiple Azure regions to provide a better user experience by load balancing traffic to endpoints that are closest (lowest latency) to the requesting users. For this scenario, a single Traffic Manager profile with the Performance load balancing method defined in the profile suffices to satisfy the requirement. Going a step further, imagine a new requirement in one of the regions to redirect a smaller number of users to an updated version of the service while the majority of users are directed to the older version of the service. This scenario is enabled using a nested profile, as shown in Figure 2.
Figure 2: Azure Traffic Manager Nested Profiles
For this to work, two Traffic Manager profiles must be created, with the second-level (child) profile nested in the top-level (parent) profile. In other words, the parent profile defines a performance load-balancing method to accomplish directing user traffic across the regions to their closest, lowest-latency endpoint. The child profile defines a weighted round-robin load balancing method that is added to the parent profile as an endpoint. Weighting is only available in Traffic Manager for the round robin load-balancing method. In order to asymmetrically distribute the user traffic, you specify a weight between 1 to 1000 for each of the target endpoints. The endpoints tagged with a higher weight value will have more traffic directed to them than those with lower weight values.
With support for external endpoints, meaning resources that are deployed outsize of Azure, you can also have an on-premise service with an Azure failover, or use the Azure service supplement the on-premise service as needed.
It is possible to mix endpoint types in nested profiles, including cloud services, websites, and external endpoints. Traffic Manager profiles allow you to nest profiles up to 10 levels deep, but do not allow nested profile loops. You cannot configure nested profiles using the Azure Management Portal. The configuration and management of nested Traffic Manager profiles requires that you use the REST API or Traffic Manager PowerShell cmdlets.
Reverse DNS Support
Another recent network feature update is reverse DNS support (IP to name address resolution) for cloud services, including VMs. Azure supports fully-qualified domain name (FQDN) or vanity name reverse DNS resolution. Configuration of reverse DNS entries requires access through the Service Management API or PowerShell cmdlets.
Default reverse DNS records are not created by default, and must be specifically configured in Azure if desired. After setting up reverse DNS for a cloud service, Azure manages all the DNS delegations and DNS zones required for reverse DNS records to resolve for internet queries.
Instance-Level Public IP Address
The Instance Level Public IP (PIP) address feature provides the ability to assign a direct and publicly accessible IP address to an Azure VM that remains static for the lifecycle of the VM. A PIP can only be assigned to a single instance of a VM in a cloud service, in contrast to a virtual IP (VIP) which is shared by all instances of the VM in that cloud service. A PIP must be assigned for each VM instance, if that VM instance must be independently reacheable from the Internet. Since it is an individually configured IP address, a PIP is not load balanced by default like a VIP in Azure.
VIP and PIP addresses can both be assigned to an Azure VM. The VIP is assigned by default as part of the cloud service configuration while a PIP must be configured for a specific VM instance. As with the other new network features described in this article, a PIP is configured using the REST API or using PowerShell cmdlets. It does not appear as a VM configuration item in the Azure Management Portal.
As more companies and institutions look to move their applications and services to a public cloud or leverage a hybrid services deployment, Microsoft Azure continues to improve the sophistication and feature set of its offerings to allow hosting more and more complex scenarios. As it pursues these endeavors, Microsoft recently released new features in Azure Network Services, including Traffic Manager nested profiles to optimize traffic distribution across services deployed in Azure datacenters, support for reverse DNS, and public IP addresses that can be assigned statically to VMs on an individual basis to make them reachable from the Internet. Be assured that this is just the tip of the iceberg, and that Microsoft will continue to provide a more robust feature set as it competes with other cloud providers.