Share via

Active Passive with private IPs

Carlos Chacon Chavarria 81 Reputation points
2022-01-21T01:49:27.057+00:00

hey guys

what would be option when services are internal so Traffic Manager or Front Door does not apply since they support public endpoints/public DNS?

in the last month 2 customers are configuring some active/passive private ips in different AZ and and go and say you know you can use Traffic Manager or Front Door but when they tell me their access points are private IPs, they are not public services IPs...
I am speechless

so what would he workaround when a services is published internally and customer has ER so they don't have public endpoints which work for Traffic Manager or Front Door

I also know Azure LB and App GW they don't work either since they don't even support priority routing like TM and FD do

so my customers basically have "Disaster Recovery" scenarios in the same region and accessing this using ER/VPN in case an AZ completely fails

I know that is not really Disaster Recovery but let's call it that way and just want to know what would the solution for this scenarios, thanks

167054-active-passive.png

thanks

Azure Traffic Manager
Azure Traffic Manager
An Azure service that is used to route incoming network traffic for high performance and availability.
135 questions
Azure Load Balancer
Azure Load Balancer
An Azure service that delivers high availability and network performance to applications.
506 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator
    2022-02-03T10:58:56.557+00:00

    Hello @Carlos Chacon Chavarria ,

    Apologies for the delay in response.

    I can think of 3 ways to achieve your setup:

    1) Use Traffic manager with private endpoints and manual failover as advised by @Devaraj G .
    Refer : https://learn.microsoft.com/en-gb/archive/blogs/mihansen/using-azure-traffic-manager-for-private-endpoint-failover-manual-method

    When we use private endpoints with Azure Traffic Manager, the health probes fail and they will be marked as degraded. The endpoints that are degraded are not included in the ATM's query response. However, if all the endpoints are degraded then they will be included in the query response. Therefore you can go ahead and set it up for private endpoints, if you are okay with the health monitoring feature not being available.

    If all endpoints in a profile are degraded, then Traffic Manager treats all endpoints as healthy and routes traffic to all endpoints. This behavior ensures that problems with the probing mechanism do not result in a complete outage of your service.

    Refer: https://learn.microsoft.com/en-us/azure/traffic-manager/traffic-manager-monitoring#traffic-routing-methods - check the NOTE section.
    https://learn.microsoft.com/en-us/azure/traffic-manager/traffic-manager-troubleshooting-degraded#understanding-traffic-manager-probes

    2) Use Application gateway/Load balancer with the backend private IPs and then put Azure Front Door in the front for the routing methods.
    Refer : https://learn.microsoft.com/en-us/azure/frontdoor/front-door-faq#can-azure-front-door-load-balance-or-route-traffic-within-a-virtual-network-

    3) Use Azure Front Door premium (which is in preview) as it supports traffic routing to private link origins.
    Refer : https://learn.microsoft.com/en-us/azure/frontdoor/standard-premium/concept-private-link

    Kindly let us know if the above helps or you need further assistance on this issue.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.
    0 comments
  2. Devaraj G 2,096 Reputation points Volunteer Moderator
    2022-01-21T05:16:46.373+00:00

    Interesting setup.
    Traffic Manager works at the DNS level and designed to serve internet facing services only . I haven't seen ppls using it for private endpoints, but may be the below link workaround can up for discussion.

    https://learn.microsoft.com/en-gb/archive/blogs/mihansen/using-azure-traffic-manager-for-private-endpoint-failover-manual-method

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.