Sudhambarish V's Blog

Creating Azure Traffic Manager and Integrate with Azure API Management Service

Creating Azure Traffic Manager and Integrate with Azure API Management Service

Sudhambarish V's photo
Sudhambarish V
·

5 min read

Prerequisites

Introduction: Azure Traffic Manager

Azure Traffic Manager is one of the load balancer service provided by Azure. It is a DNS-based traffic load balancer. This load balancer service allows to distribute the traffic to the configured pubic facing applications across the different Azure regions with increased application availability, performance and helps in maintaining zero downtime during planned service activities.

Azure Traffic Manager provides the configured application’s public endpoint with high availability and quick responsiveness.

The Traffic Manager works at the DNS level which is at the Application layer (Layer-7). Traffic Manager uses DNS to direct the client request to the appropriate service endpoints configured. It provides health monitoring functionality for each endpoint. Traffic manager is not a proxy or gateway. Traffic Manager does not see the traffic passing between client and service.

How Azure Traffic Manager Works?

The below figure (Fig.1) depicts the working of Azure Traffic Manager

1.JPG

Fig.1. Client connecting with API Management Service Instance using Azure Traffic Manager

Sequence

Note: As a prerequisite, need to configure the domain name to point to the traffic manager endpoint. In this article it is explained with an example of domain name demo-labs.com to point to labs-apim.azure-api.net, using a DNS CNAME record

  1. Client attempts a connection to demo-labs.com. The client sends a request to recursive DNS service to resolve the domain name

  2. The recursive DNS service, contacts the name servers of the domain name demo-labs.com, this will return a CNAME record of the DNS servers which points to traffic manager endpoint(labs-apim.azure-api.net).

  3. The Traffic Manager name servers receive the request. They choose an endpoint based on, configured state of each endpoint (disabled endpoints are not returned) (or) current health of each endpoint, as determined by the Traffic Manager health checks (or) the chosen traffic-routing method.

  4. The chosen endpoint is returned as another DNS CNAME record. In this case, labs-apim.azure-api.net is returned.

  5. Next, the recursive DNS service finds the name servers for the azure-api.net domain. It contacts those name servers to request the labs-apim.azure-api.net DNS record. A DNS 'A' record containing the IP address of the APIM service endpoint is returned.

  6. The recursive DNS service consolidates the results and returns a single DNS response to the client.

  7. The client receives the DNS results and connects to the APIM service endpoint directly, not through Traffic Manager

Creating Traffic Manager using Portal

Step1. Create a new resource, Traffic Manager Profile and click on “Create” button

2.jpg

3.jpg

Step2. Enter the Traffic Manager Profile details and click Create

  • Name: Traffic Manager Profile details

  • Routing Method: Performance/Weighted/Priority/Geographic/Multivalue/Subnet

  • Subscription

  • Resource Group: Select the existing resource group or choose from existing resource group

  • Resource Group Location

4.jpg

Step3. Once created, navigate to the newly created Traffic Manager Profile

5.jpg

Integrate Azure Traffic Manager and Azure API Management Instance

Step4. Navigate to newly created Traffic Manager Profile and click on Endpoints from the left blade and click Add to add a new endpoint in Traffic Manager

Step5. Enter the details of the endpoint to add. Here, APIM service endpoint which per se points to the Microsoft provided backend APIs

  • Type: External is selected

  • Name: name of the endpoint

  • FQDN: FQDN of the Azure API gateway created

Once the endpoint details are added, click Add button

6.jpg

Step6. Once the endpoint added, the monitor status will be “checking endpoint”. This explains that the Azure Traffic Manager probes the endpoint added to determine the availability/health of the endpoint. This will take some time to view the status of endpoint

7.jpg

Step7. After sometime, the monitor status is noticed as Degraded. This is because the APIM instance endpoint cannot be accessible so the probe request might receive a response other than 200 OK (which is the default response the Traffic Manager expects).

Note: If the API response is expected to return other than 200 OK response, then navigate to configuration menu from the left blade and configure the expected response code

Step8. To make the endpoint status to Online, navigate to Configuration menu in Traffic Manager Profile i.e., demo-labs. Below mentioned configurations has been made

  • Protocol: HTTPS

  • Port: 443

  • Path: APIM valid API endpoint Path

  • Custom Header settings: Ocp-Apim-subscription-Key

  • Expected Status Code Ranges: Left to default (200)

Once the configuration is done, click on Save.

To resolve the Degraded endpoint monitor status in Traffic manager, need to map the Traffic Manager’s domain name to APIM instance as a custom domain. To achieve this, create a self-signed certificate with CN entry as Traffic Manager domain name demo-labs.trafficmanager.net

Step9. mkcert utility is used to create a self-signed certificate with Traffic Manager domain name. The newly created certificate is exported to pfx file and will be uploaded to the APIM custom domain

Step10. Navigate to APIM instance and choose Custom Domain menu and click on Add to create a new custom domain

8.jpg

Step11. Enter the required inputs and click on Add button

  • Type: Gateway

  • Hostname: Traffic Manager Hostname

  • Certificate: Select custom. Upload the newly created pfx file and provide password of the pfx file

9.jpg

Step12. Once added, click on Save to complete the creation of custom domain for APIM

10.jpg

After the APIM service is updated with the custom domain name, now the APIM APIs can be accessed using the Traffic manager domain name demo-labs.trafficmanager.net/speakers. The below screenshot refers to the same tested from POSTMAN tool

11.jpg

In Traffic Manager demo-labs, the endpoint monitor status changed to Online from Degraded

12.jpg

References

Azure Traffic Manager

Creating Self Signed Certificate

Azure