We have an appservice hosting some odata api's in Azure. We are running an instance in Central US and another in East US 2. We have a Traffic Manager profile set up so a single url is balanced between the two instances. There is an intermittent issue, is there a way to hit a specific server as the endpoint to test them?
If you want to hit a specific server, you can directly access the instance with each instance domain name. Since Azure Traffic Manager works based on DNS, you can verify Traffic Manager settings using the tools like nslookup or dig to resolve DNS names. To effectively test a performance traffic routing method, you must have clients located in different parts of the world.
About the performance, please note that
The only performance impact that Traffic Manager can have on your
website is the initial DNS lookup.
Traffic does NOT flow through Traffic Manager. Once the DNS lookup
completes, the client has an IP address for an instance of your web
site. The client connects directly to that address and does not pass
through Traffic Manager. The Traffic Manager policy you choose has no
influence on the DNS performance. However, a Performance
routing-method can negatively impact the application experience. For
example, if your policy redirects traffic from North America to an
instance hosted in Asia, the network latency for those sessions may be
a performance issue.
You may set the DNS TTL value low so that changes propagate quickly (for example, 30 seconds).
In addition, there are sample tools to measure DNS performance.
To troubleshoot a probe failure, you need a tool that shows the HTTP status code return from the probe URL. There are many tools available that show you the raw HTTP response.
Fiddler
curl
wget
Also, you can use the Network tab of the F12 Debugging Tools in Internet Explorer to view the HTTP responses.
Hope this information could help you.
Related
As per the Traffic Manager FAQs in the unlikely event of an outage of an entire Azure region, Traffic Manager is expected to continue to function normally.
Can someone please confirm if during an Azure worldwide outage, Azure Traffic Manager is expected to function normally or not?
Traffic manager is not a regional deployment. It is a service which spans across data centers. In case of any regional outages, your Traffic manager still continues to work but the endpoint which you have added might fail as it is a regional deployment.
Since Mozilla and Google announced, that they intend to activate DNS over HTTPS in the default settings in the future and the IETF approved officially the draft (https://datatracker.ietf.org/wg/doh/about/), I tried to understand the impact on our corporate network. It is now possible for every application to bypass the internal DNS Server (assigned via DHCP) and directly connect to a public DNS service. There is no easy way for an administrator to prevent application and users doing this, since all traffic is routed through HTTPS.
In most corporations that I know, there is a split DNS setup in place, allowing internal (intranet) and external (internet) name and IP resolution for the same domain name (e.g. mail.mycorp.example) with different resolve values. It also allows to add additional, intranet only, services like wiki.intra.mycorp.example, that would not be resolvable/accessible from the internet. Same goes for infrastructure names like server01.eq.mycorp.example.
The problem I see is, that if the application itself is preferring DNS over HTTPS and is not correctly falling back to the system assigned DNS servers, internal only domains would not be accessible.
I made an experiment with Firefox 61.0.1 (64-Bit) on Windows 10. I have set:
network.trr.bootstrapAddress = 1.1.1.1
network.trr.uri = https://mozilla.cloudflare-dns.com/dns-query
network.trr.mode = 2
network.trr.mode = 2 should prefer DNS over HTTPS, but fallback to system DNS if no value received, mode = 1, which I also tried, should make a race and use the first valid result that Firefox gets back.
Unfortunately, after activating DNS over HTTPS in Firefox, all internal only websites did no longer work. All requests end in a timeout and fail therefor.
What do I miss?
Is there a better way to handle internal only DNS entries in future setups?
The exact configuration you described works in my corporate network. It first tries DoH for internal sites, then falls back to local DNS and internal sites resolve and load correctly.
So I have my website set up, call it www.mywebsite.com. I have my Traffic Manager set up so that www.mywebsite.com points to mytrafficmanager.trafficmanager.com.
The Traffic Manager then points to my two on-premise web front-ends web1.mywebsite.com and web2.mywebsite.com. It also has an endpoint of a Azure Web App.
It is set up to do a Priority fail over: web1, then if that fails to web2, and if they are both down, to fail over to the Azure Web App.
My question is this: If I get a DDoS attack on www.mywebsite.com, what would happen? Would the on-premise servers go down, and then it would fail over to the Azure Web App (which is set up to scale appropriately to hopefully mitigate a DDoS attack). Or would it not be able to route the traffic properly?
See MSDN forum topic for answer: https://social.msdn.microsoft.com/Forums/en-US/92733178-f305-4994-b954-67da945f40a7/azure-traffic-manager-and-ddos-attacks?forum=WAVirtualMachinesVirtualNetwork
I am wondering how distributed web site traffic is balanced. For example, I have a web site which has the single domain name (www.foo.com) and supposing physically it is setup as three web servers in US, EU and Asia separately. When the end user is located in the US, I want the user to access US physical web server when he requests www.foo.com in his browser. When the end user is located in the EU, I want the user to access EU physical web server. And similar for Asia. The benefit is the end user could access the nearest server, which will give the best performance.
I believe most big and distributed web sites are implemented in this way, e.g Google. I am wondering how it is implemented internally? In more details, how the magic of finding the nearest server is implemented?
Here you go. A perfect article for you and me to understand how this works. Like #omar it's something to do with DNS.
Global DNS Load Balancing, direct the users based on their geography.
Quick Info:
A special DNS server, or a module attached with DNS server, return different answer to different request based on the request (generally another DNS server, which is your DNS server of your ISP) IP geo-location :
www.yourdomain.com ---[CNMAE Record] ---> geo.yourdomain.com --- [ GSLB handdling, CNAME ]--> us.geo.yourdomain.com -- [A record] --> 68.178.110.21
Please don't hesitate to have a look at this:
http://dev.robertmao.com/2007/06/30/global-dns-load-balancing-for-free/
Some of the players who give service:
Amazon Route 53, Cloudlevarage, f5, zeus, etc
Some of the ways you can build your own Geo-DNS:
Bind & MaxMind
Bind & MaxMind
This is done by using professional DNS services. They have world wide DNS servers who support DNS resolution from countries and return specific IP.
We're building a multitenant SAAS app. Each customer gets its own subdomain, http://customername.mycompany.com. Each customer will have many gigabytes of data, which means that they have to be assigned to a particular server and stay there.
If I have a server farm, and a request comes in for a particular customer, how do I direct the request to the right server?
My thought is that I'll have to create some kind of custom, programmable load balancer that will know where each customer lives and proxy the request through.
Is there an easier way?
If not, where do I find such a load balancer? The ones I've found online act more like appliances than applications which could go query a database to find the right destination server.
I think the answer is in the question; you mention that the user will connect to username.mycompany.com. So use a DNS A record to point them to a particular IP.
In the future, if you wanted to load balance the user across (say 2) servers, you could create a virtual IP on a load balancer appliance (running LVS for example), and then point the A record to the Virtual IP created by the LB, and distribute the user across a group of servers that you have configured.
This is why using subdomains is simpler than having URL based access such as company.com/username, in which case you would have to inspect the content of the packet to see the requested URL. By using subdomains, everything can be done at the IP layer.