4

We have web API application and its related supporting background services hosted on Azure service fabric cluster on 2 different geographical regions (Japan East and West) to over Azure region outage. They are Active-Passive High-Availability clusters.

Expected incoming traffic is only HTTPS.

Traffic will come to our application only from specific country(Japan) not from all over the world.

Is it better to put traffic manager or Azure front door in-front these multi region set up? Which one failover fast during outage? when to choose which one? pros & cons?

Gone through the documents no specific answers for those above questions.

ecma-402
  • 63
  • 1
  • 7
  • 1
    https://medium.com/awesome-azure/azure-difference-between-traffic-manager-and-front-door-service-in-azure-4bd112ed812f has a high level comparison of the two, but it would seem that they both failover fast, but that Front Door favors and accelerates HTTP traffic, where Traffic Manager will handle any protocol. – WaitingForGuacamole Apr 09 '21 at 13:51
  • if you are talking about HTTP(S) traffic, Front Door is almost always the preferred way to go as it offers much richer features and faster failover than TM – silent Apr 09 '21 at 15:53

4 Answers4

4

With HTTPS traffic, Azure Front Door is probably your best option in this situation. Not only can it failover fast (depending on configuration), but also provides other features that could benefit you such as TLS termination; caching; path based routing; as well as WAF policies.

This page covers the options, as well as having a decision tree for load balancing options, which although you're looking at options for failover for region outage, is still relevant:

https://learn.microsoft.com/en-us/azure/architecture/guide/technology-choices/load-balancing-overview

enter image description here

Ira Rainey
  • 5,173
  • 2
  • 34
  • 42
1

Azure Traffic Manager is DNS based. It is mainly for systems that are used across the world to redirect traffic to the nearest service, since all your resources and users are in Japan, it may not be the best fit.

The fail over will depend on the settings. In the example in the link below a probe every 10 seconds with 3 retrys before fail over and a 10 second TTL would give a 40 second failover.

https://learn.microsoft.com/en-us/azure/networking/disaster-recovery-dns-traffic-manager

Azure frontdoor promises "near real-time failover"

https://learn.microsoft.com/en-us/azure/frontdoor/front-door-faq

Shiraz Bhaiji
  • 64,065
  • 34
  • 143
  • 252
  • Any insights, how Azure Front Door do fast failover (depending on configuration)? – ecma-402 Apr 15 '21 at 11:46
  • The minimum probe interval is 5 seconds, so you could reduce the above example to 25 seconds. This is based on https://learn.microsoft.com/en-us/azure/frontdoor/standard-premium/how-to-configure-endpoint-manager – Shiraz Bhaiji Apr 15 '21 at 17:59
1

I found this intersting article which present differences between Front Door and Trafic manager in Azure : https://www.iamashishsharma.com/2020/04/difference-between-azure-front-door.html

Azure Front Door service can be compared to Azure Traffic Manager in a way that this also provides global HTTP load balancing to distribute traffic across different Azure regions, cloud providers or even with your on-premises.

Both AFD & Traffic Manager support:

Multi-geo redundancy: If one region goes down, traffic routes to the closest region without any intervention.

Closest region routing: Traffic is automatically routed to the closest region.

Differences:

Azure Front Door provides TLS protocol termination (SSL offload), and Azure Traffic Manager does not. It means AFDs take load off from the Web Front Ends, which do not have to encrypt or decrypt the request.

Azure Front Door provides application layer processing, and Azure Traffic Manager does not.

While using AFS, user will experience better performance than traffic manager as AFD uses Anycast, which provides lower latency, thereby providing higher performance.

AFD provides WAF feature for your application to provide security from DDoS attacks.

We can perform URL rewriting in Azure Front Door but not in Traffic Manager.

Traffic manager relies on DNS lookup for network routing while AFD uses reverse proxy which provides faster failover support.

AFD caches the static content while no caching mechanism is available in Traffic Manager.

Amri
  • 11
  • 1
0

The major difference between Traffic Manager(TM) and Azure Front door(AFD) is routing. The TM acts as a Name Server in DNS system and hold a zone file. Zone file contains cname record which provides actual end point based on health and priority on DNS query. Hence, traffic does not flow through TM.

On the other hand, Azure Front Door (AFD) acts as reverse proxy. It routes incoming requests based configuration. Since incoming traffic goes through AFD, it also terminates SSL.

Lets see using an example. When you hit application url(example.com), url is resolved through (DNS and TM) and traffic is routed to actual end point. But in case of AFD, url is translated into AFD address and the traffic is moved to AFD. AFD internally routes the traffic to the end point based on configuration.

shuaib ahmad
  • 89
  • 1
  • 2