In order to guarantee high availability for your global customer base, it is essential to deploy critical applications across multiple Azure regions. Our objective is to assess Azure’s different global traffic distribution solutions and identify the most suitable option for your application.
Microsoft Azure Front Door is a content delivery network (CDN) service that offers application layer load balancing features. On the other hand, Azure cross-region Load Balancer serves as a global network layer load balancer. Lastly, Azure Traffic Manager operates as a domain name service (DNS)-based solution for distributing traffic.
Cross-region load balancer
Azure cross-region Load Balancer is designed to efficiently handle layer-4 traffic with minimal latency. It offers geo-proximity routing, ensuring that traffic from various locations is directed to the closest regional deployment. Moreover, the load balancer automatically handles failover, redirecting traffic to healthy regional deployments if any of them become unhealthy. Users benefit from a static globally anycast IP address, eliminating concerns about IP address changes.
Azure Front Door
Azure Front Door is a highly effective solution for achieving accelerated and resilient web application performance on a global scale, ensuring optimal delivery of both static and dynamic content. Here are the key features and benefits:
- Static Content: Leveraging Azure Front Door’s extensive network of 185 global edge points of presence (PoP) locations, static content can be efficiently served to clients. By utilizing the Anycast protocol, client requests are directed to the nearest edge location, ensuring high performance and resilience.
- Dynamic Content: Azure Front Door offers various traffic acceleration features. Traffic from clients to Azure Front Door PoPs is optimized through Anycast routing. For dynamic workloads, connections between edge PoPs and the customer’s origin are optimized using split TCP. This approach terminates the TCP connection at the nearest edge PoP and utilizes long-lived connections over Microsoft’s global private wide area network (WAN), reducing round-trip-time (RTT). In case of multiregional origin deployments, Azure Front Door employs health probes to fetch content from the least latent origin.
- SSL Offload and Layer 7 Routing: Azure Front Door supports SSL offload, enhancing performance. It is highly optimized for HTTP and web-based applications, providing layer 7 routing capabilities. Customers can utilize business routing and advanced routing within Azure Front Door, allowing for features such as routing requests based on client device type (e.g., mobile or desktop versions). Other features include path-based routing, fast failover, caching, and more.
- Integration and Security: Azure Front Door seamlessly integrates with other Azure services, such as DNS, Web App, and Storage, providing end-to-end solutions for application management. Additionally, it offers built-in support for various security products, enabling customers to protect their web applications with layer 3, 4, and 7 DDoS mitigation and Azure Web Application Firewall.
Use Azure Front Door to create powerful web applications by leveraging the integration of multiple Azure services while ensuring performance, scalability, and security.
Azure Traffic Manager
Azure Traffic Manager is a DNS-based traffic load balancer. It offers the flexibility to incorporate on-premises servers into the backend, enabling support for scenarios such as burst-to-cloud, failover-to-cloud, and migrate-to-cloud. It provides automatic failover and multi-region support, ensuring that traffic is served with minimal latency. DNS name resolution is fast, and results are cached to enhance performance. The speed of the initial DNS lookup depends on the client’s DNS servers for name resolution, typically completing within approximately 50 ms. The lookup results are cached according to the DNS time-to-live (TTL), with the default TTL for Traffic Manager set at 300 seconds (around five minutes). Additionally, Azure Traffic Manager offers geographic routing capabilities, allowing users to direct traffic to the appropriate backend instance based on the geographical location, thus assisting with geofencing requirements.
|Azure Front Door||Azure cross-region Load Balancer||Azure Traffic Manager|
|Routing policies||Latency, priority, round robin, weighted round robin, path-based, advanced http rules engine||Geo-proximity and Hash Based||Geographical, latency, weighted, priority, subnet, multi-value|
|Supported environments.||Azure, non-Azure cloud, on-premises||Azure||Azure, non-Azure cloud, on-premises|
|Backend Types||Azure Application Gateway, Azure Load balancer, Azure Traffic Manger||Azure Load Balancer||Azure Application Gateway, Azure Load balancer, Azure Traffic Manager, Azure Front Door, Azure Cross Region Load Balancer|
|Global Static IP||No||Yes||No|
|Security||DDOS, Web Application Firewall, Private Link||Network Security Group||Azure Resource Logs, Azure Policies|
- Cross-region load balancer (preview) – Azure Load Balancer | Microsoft Learn
- Azure Traffic Manager | Microsoft Learn
- Azure Front Door | Microsoft Learn
Pantelis Apostolidis is a Cloud Solutions Architect at Microsoft and an ex Microsoft Azure MVP. For the last 15 years, Pantelis has been involved to major cloud projects in Greece and abroad, helping companies to adopt and deploy cloud technologies, driving business value. He is entitled to a lot of Microsoft Expert Certifications, demonstrating his proven experience in delivering high quality solutions. He is an author, blogger and he is acting as a spokesperson for conferences, workshops and webinars. He is also an active member of several communities as a moderator in azureheads.gr and autoexec.gr. Follow him on Twitter @papostolidis.