July 22, 2024


This submit was co-authored by Dave Burkhardt and Sami Modak.

As a part of your cloud journey, crucial functions should be deployed in a number of Azure areas to make sure excessive availability on your world buyer base. When reviewing Azure’s numerous world site visitors distribution options, ask your self, “Which possibility is the perfect one for my utility?”.

On this weblog, you’ll find out about every world site visitors distribution answer Azure gives, and which answer is the perfect one on your internet-facing cloud structure. At the moment, Azure gives totally different choices for distributing world site visitors. Microsoft Azure Entrance Door is a content material supply community (CDN) service with utility layer load balancing capabilities. Azure cross-region Load Balancer is a worldwide community layer load balancer. Lastly, Azure Visitors Supervisor is a site identify service (DNS)-based site visitors distribution answer. 

Selecting the best world site visitors distribution answer

You’ll find out about three instance firms—Contoso1, Contoso2, and Contoso3. For every firm, we’ll dive into their utility’s situation and resolve which world site visitors distribution answer is the perfect one for them.

Buyer situation 1—wholesale distributor

Contoso1 is a big wholesale distributor that has places everywhere in the globe. Contoso1 has been going by means of a big technological transformation and has been migrating providers to Azure. One of many functions being moved to Azure is their backend stock administration software program. This utility is accountable for offering customers with details about stock standing and updating stock information after a transaction has occurred. As a part of their migration the staff at Contoso1 has strict necessities that should be met by a worldwide distribution answer.

  • First, all site visitors kind can be layer Four and should be served with ultra-low latency. As well as, the applying requires a regional redundancy with automated site visitors fail-over within the occasion a area is down, to make sure excessive availability.
  • Second, the applying requires a static IP tackle that the applying’s frontend will persistently ping.
  • Lastly, any updates made to regional deployments shouldn’t have an effect on the general backend stock utility.

Given all the necessities laid out by Contoso1’s, Azure cross-region Load Balancer is an ideal answer for his or her utility. Azure cross-region Load Balancer is extremely optimized at serving layer-Four site visitors with ultra-low latency. Moreover, cross-region load balancer gives geo-proximity routing, which suggests all Contoso1’s shops site visitors can be forwarded to the closest regional deployment to them. Azure cross-region Load Balancer additionally gives automated failover. Within the occasion one in every of Contoso1’s regional deployment is unhealthy, all site visitors can be serviced by the following wholesome regional deployment. As well as, cross-region load balancers present customers with a static globally anycast IP tackle, wherein Contoso1 doesn’t have to fret about their IP tackle altering. Lastly, Azure cross-region Load Balancer will enable Contoso1 to replace its regional deployments behind a single world endpoint with none affect on its finish customers.

The following image shows Azure cross-region Load Balancer connected to three regional load balancers. The regional load balancers are spread across the globe, which showcases how cross-region load balancer can achieve global load balancing.

Buyer situation 2—social media firm

Contoso2 is a worldwide social media platform. As a social media web site, they should serve each interactive and static content material to their customers across the globe as shortly and reliably as doable. Most not too long ago, resulting from Contoso2’s outstanding standing as a social media platform, they’ve skilled an outage with their on-premises hosted web site due to a DDoS assault. That mentioned, Contoso2 has the next strict necessities as they migrate to Azure:

  • A platform that may ship each static and dynamic content material to their customers across the globe with the utmost efficiency and reliability.
  • Capacity to route content material to each their cellular and desktop customers as shortly as doable.
  • Simply combine with Azure’s DNS, Net Utility, Storage, and Utility Gateway merchandise.
  • DDoS safety.
  • Cut back safe sockets layer (SSL) load on Contoso2’s utility servers, and as an alternative course of SSL requests on the sting for sooner consumer expertise for Contoso2’s world shoppers.

Azure Entrance Door is a perfect answer to allow accelerated and extremely resilient net utility efficiency for optimum supply of static and dynamic content material across the globe:

  • Static Content material—Contoso2’s cached static content material could be served from Azure Entrance Door’s 185 world edge factors of presence (PoP) places. To make sure the utmost efficiency and resiliency, Azure Entrance Door makes use of the Anycast protocol to ensure the Contoso2’s consumer’s requests are served from the closest world edge places.
  • Dynamic Content material—Azure Entrance Door has an arsenal of site visitors acceleration options. Consumer to Azure Entrance Door PoP site visitors is once more optimized by way of the Anycast protocol. Though because it particularly pertains to dynamic workloads, edge PoP to buyer’s origin connections are optimized by way of break up TCP. This system permits the site visitors to terminate the TCP connection to the closest edge PoP and makes use of lengthy dwelling connections over Microsoft’s world non-public broad space community (WAN) to scale back the round-trip-time (RTT). Moreover, within the occasion Cotoso2 deployed multiregional origin deployments, Azure Entrance Door makes use of well being probes to fetch content material from the least latent origin.

Furthermore, Azure Entrance Door additionally has SSL offload capabilities which may enhance efficiency additional. As well as, Azure Entrance Door is extremely optimized for HTTP and web-based functions. With Azure Entrance Door, clients are outfitted with numerous layer 7 routing options. These options enable clients to use enterprise routing and superior routing inside Azure Entrance Door. For instance, Azure Entrance Door can route requests to cellular or desktop variations of Contoso2’s net utility based mostly on the consumer machine kind. Extra examples embody SSL offload, path-based routing, quick failover, caching, and extra.

Right now Azure gives end-to-end options for each side of utility administration. Azure Entrance Door gives seamless integration with different Azure providers equivalent to DNS, Net App, and Storage. These integrations enable clients to simply create highly effective net functions constructed utilizing the combination of a number of Azure providers.

Lastly, Azure Entrance Door gives built-in help for numerous safety merchandise to assist shield clients’ net functions. For instance, clients can safe their origins with layer three, Four, and seven DDOS mitigation, and seamlessly allow Azure Net Utility Firewall safety.

The following Image shows Azure Front Door connected to two backend regions, an active region, and a standby region. Within each region, there is an Azure Web app that is connected to various Azure services (Function App, SQL, Cosmos DB, and Azure cognitive search.  In addition, the image also showcases how static content is cached at the Azure Front Door level, which help with performance and reliability.

Buyer situation three—sustainable vogue retailor

Contoso3 is a big retail retailer centered on sustainable vogue gadgets. Contoso3 has a big on-line presence and has traditionally been internet hosting all their functions on-premises. Nevertheless, given the benefit of the cloud and Azure, Contoso3 has begun migrating their functions to Azure. One in all these functions is their on-line retailer platform. Because the staff at Contoso3 is evaluating totally different Azure world site visitors distribution options, they’ve outlined a number of necessities that should be addressed.

  • First, the staff at Contoso3 can be doing a rolling migration the place a part of their utility will stay on-premises and the opposite half can be hosted on Azure. Any viable answer ought to have the ability to direct site visitors to on-premises servers to help this rolling migration plan.
  • Second, latency is crucial for Contoso3 and consumer site visitors must be routed to wholesome endpoints in a well timed method. 
  • Lastly, the answer wants to have the ability to direct customers to the proper backend kind based mostly on their geographical location. Contoso3 caters to a variety of consumers and infrequently has clothes gadgets particular to sure geographical areas.

With all the necessities said prior, Azure Visitors Supervisor could be the optimum answer for Contoso3. With Azure Visitors Supervisor, customers can add on-premises servers within the backend to help burst-to-cloud, failover-to-cloud, and migrate-to-cloud situations. As well as, Azure Visitors Supervisor gives automated failover and multi-region help, which all lead to site visitors being served with low latency. DNS identify decision is quick, and outcomes are cached. The pace of the preliminary DNS lookup relies on the DNS servers the consumer makes use of for identify decision. Usually, a consumer can full a DNS lookup inside roughly 50 ms. The outcomes of the lookup are cached at some stage in the DNS time-to-live (TTL). The default TTL for Visitors Supervisor is 300 seconds (about 5 minutes). The Visitors Supervisor may also assist Contoso3 with their geofencing wants, particularly with the geographic routing function. This function will enable Contoso3 to direct customers to the proper backend occasion based mostly on their geographical location.

The following image shows Azure Traffic Manager connected to three endpoints, where each backend endpoint is in a different region. When a user issues a DNS query with Azure traffic Manager, the DNS response is the endpoint closet to the user's location. A user can then directly connect to the endpoint given by the DNS response.


The next part discusses frequent use circumstances for every load balancing answer, and what every answer is optimized for.  


Azure Entrance Door

Azure cross-region Load Balancer

Azure Visitors Supervisor

Visitors kind




Routing insurance policies

Latency, precedence, spherical robin, weighted spherical robin, path-based, superior http guidelines engine

Geo-proximity and Hash Primarily based

Geographical, latency, weighted, precedence, subnet, multi-value

Supported environments.

Azure, non-Azure cloud, on-premises


Azure, non-Azure cloud, on-premises

Backend Sorts

Azure Utility Gateway, Azure Load balancer, Azure Visitors Manger

Azure Load Balancer

Azure Utility Gateway, Azure Load balancer, Azure Visitors Supervisor, Azure Entrance Door, Azure Cross Area Load Balancer

Session affinity




Web site acceleration








Static IP





DDOS, Net Utility Firewall, Personal Hyperlink

Community Safety Group

Azure Useful resource Logs, Azure Insurance policies









Study Extra

To study extra in regards to the merchandise mentioned within the weblog please go to the next websites:


Source link