Active Passive with private IPs

Carlos Chacon Chavarria 76 Reputation points

hey guys

what would be option when services are internal so Traffic Manager or Front Door does not apply since they support public endpoints/public DNS?

in the last month 2 customers are configuring some active/passive private ips in different AZ and and go and say you know you can use Traffic Manager or Front Door but when they tell me their access points are private IPs, they are not public services IPs...
I am speechless

so what would he workaround when a services is published internally and customer has ER so they don't have public endpoints which work for Traffic Manager or Front Door

I also know Azure LB and App GW they don't work either since they don't even support priority routing like TM and FD do

so my customers basically have "Disaster Recovery" scenarios in the same region and accessing this using ER/VPN in case an AZ completely fails

I know that is not really Disaster Recovery but let's call it that way and just want to know what would the solution for this scenarios, thanks



Azure Traffic Manager
Azure Traffic Manager
An Azure service that is used to route incoming network traffic for high performance and availability.
111 questions
Azure Load Balancer
Azure Load Balancer
An Azure service that delivers high availability and network performance to applications.
411 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Devaraj G 2,091 Reputation points

    Interesting setup.
    Traffic Manager works at the DNS level and designed to serve internet facing services only . I haven't seen ppls using it for private endpoints, but may be the below link workaround can up for discussion.

  2. GitaraniSharma-MSFT 48,016 Reputation points Microsoft Employee

    Hello @Carlos Chacon Chavarria ,

    Apologies for the delay in response.

    I can think of 3 ways to achieve your setup:

    1) Use Traffic manager with private endpoints and manual failover as advised by @Devaraj G .
    Refer :

    When we use private endpoints with Azure Traffic Manager, the health probes fail and they will be marked as degraded. The endpoints that are degraded are not included in the ATM's query response. However, if all the endpoints are degraded then they will be included in the query response. Therefore you can go ahead and set it up for private endpoints, if you are okay with the health monitoring feature not being available.

    If all endpoints in a profile are degraded, then Traffic Manager treats all endpoints as healthy and routes traffic to all endpoints. This behavior ensures that problems with the probing mechanism do not result in a complete outage of your service.

    Refer: - check the NOTE section.

    2) Use Application gateway/Load balancer with the backend private IPs and then put Azure Front Door in the front for the routing methods.
    Refer :

    3) Use Azure Front Door premium (which is in preview) as it supports traffic routing to private link origins.
    Refer :

    Kindly let us know if the above helps or you need further assistance on this issue.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments